Explore topic-wise InterviewSolutions in .

This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.

151.

Solve : Family computers invaded-plz help?

Answer»

I have found recently that all 6 of my home computers have had virtual drives installed that are hindering safe computer use. The virtual drives are loaded with maleware such as keyloggers and a virtual file system that I cannot seem to remove.
I have bought new drives and followed AV software ADVICE about clearing cmos and running rescue cd's. Nothing has worked yet ...I mostly have been told it is impossible to have had my bios's altered and virtual drives mounted on my families computers. Im not crazy but i will be soon if I DONT get help.
If you know anything about what I may have and how to get things back to normal that would be amazing... thanks for reading Please VISIT this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when DONE, post the log back here.Due to lack of feedback, this topic is now closed. If you need the topic re-opened, PM a moderator and they shall unlock it.

=>CLOSED
Discussion
152.

Solve : IE hangs? please check logs attached?

Answer»

Ok Here is the security check log...

Results of screen317's Security Check version 0.99.2
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG Free 9.0
ESET Online Scanner v3
ZoneAlarm
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 18
Adobe FLASH Player 10
Adobe Reader 7.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Zone Labs ZoneAlarm zlclient.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````




There has been no change on the IE... sometimes it will bring up a site but more often than not ... It just gets to 3 or 4 indicator bars and just sits there and other times it gets the hour GLASS and nothing happens..(again it just sits there!?) thinking it could be the cableone internet modem I brought my COMPUTER in and hooked it up and IE runs just fine on there so I do not believe it is a modem PROBLEM... I would like to thank you very much for your help and if there is any other suggestions or instructions for me I will be checking.. I just wanted to make sure computer was clean before trying anything else. I believe I am going to try and uninstall IE and reinstall and see if that will help... Thanks again for your help! Ok. If you need anymore help on the IE issue, make sure to POST in the software section on this board, so you get the appropriate help on that specific issue. It is probably something deeper.

Your computer looks secure enough, so I will just post a link to my prevention page.

See this page for more info about malware and prevention.Since this appears to be resolved, this topic is now closed. Glad we could help!

=>CLOSED
Discussion
153.

Solve : Autoworm??

Answer»

hello,

I seem to have picked up a worm called autorun? On my other computer. I have nothing imortant on that comp so SOMEONE TOLD me it might be a good idea to reformat.

It is an Acer Travelmate 2480 laptop. I have my windows disc and have been told to press alt and F10 to restore it.

My question is if I do put it back to factory setting and reinstal my windows will that get rid of everything including the worm? Im just worried if I do that the worm could still be there?

Thanks
NikkiV!Please visit this webpage for a tutorial on DOWNLOADING and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.Due to lack of feedback, this topic is now closed. If you need the topic re-opened, PM a moderator and they shall UNLOCK it.

=>CLOSED
Discussion
154.

Solve : Zwangie is affecting my PC!!! I need help please. I got a hijackthis log?

Answer»

I have Windows Vista. I have a problem with Zwangie. I deleted it from Uninstall Programs but the effects are still here. It doesn't let me Open ANYTHING IE based. This post by Yahoo says the effects: http://answers.yahoo.com/question/index?qid=20100216232817AARd40T

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:42 PM, on 3/25/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files\Defender Pro\Defender Pro\bdagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\MYWEBS~1\bar\7.bin\m3SrchMn.exe
C:\Program Files\Defender Pro\Defender Pro\seccenter.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\MICROSOFT\Internet Explorer\Main,Default_Page_URL =

http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=1007&m=el1200-07w
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?

LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?

LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!

\Companion\Installs\cpn2\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program

Files\MyWebSearch\bar\7.bin\MWSSRCAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program

Files\MyWebSearch\bar\7.bin\MWSSRCAS.DLL
O2 - BHO: CashBackAssistant - {00F5B5BA-E3C2-4b70-BF51-42A557914FAD} - C:\Program Files\Nice

Prosper\CashBackAssistant\CashBackAssistantIE.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!

\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program

Files\MyWebSearch\bar\7.bin\MWSBAR.DLL
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program

Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC

Confidential\PCCBHO.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving

Optimizer\2.2.0.2880\NPIEAddOn.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program

Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Smart-Shopper - {4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} - C:\Program Files\Smart-

Shopper\Bin\2.5.1\Smrt-Shpr.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI

RoboForm\roboform.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Seekmo - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll

(file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program

Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System

Search Dispatcher\1.2.0.750\ssd.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark

Printable Web\bho.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program

Files\MSN\Toolbar\3.0.1303.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!

\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!

\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program

Files\MyWebSearch\bar\7.bin\MWSBAR.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI

RoboForm\roboform.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program

Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google

Toolbar\GoogleToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program

Files\MSN\Toolbar\3.0.1303.0\msneshellx.dll
O3 - Toolbar: Seekmo - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O3 - Toolbar: Defender Pro Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\Defender

Pro\Defender Pro\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"

/startup
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe"

"C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe"

"C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1236710346\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\7.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\7.bin\mwsoemon.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection

Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1

\bar\7.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [Defender Pro Antiphishing Helper] "C:\Program Files\Defender Pro\Defender Pro\IEShow.exe"
O4 - HKLM\..\Run: [DPAgent] "C:\Program Files\Defender Pro\Defender Pro\bdagent.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto

Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [Lexmark 5600-6600 Series Fax Server] "C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe"

/s
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\7.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [SystemCop] C:\Program Files\SystemCop Software\SystemCop\SystemCop.exe -min
O4 - HKCU\..\Run: [My Faster PC] c:\program files\consumersoft\my faster pc\mfpchelper.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -SCHEDULER
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK

SERVICE')
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Startup: Kuma_Tray.lnk = C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12

\ONENOTEM.EXE
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare

software\bin\EasyShare.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu ITEM: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12

\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2

\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1

\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} -

C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} -

C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk

Messenger\Paltalk.exe
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC

Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program

Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC

Confidential\PCConfidential.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12

\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} -

C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} -

C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%

20Files/Escape%20Rosecliff%20Island/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%

20Files/Mystery%20P.I.%20-%20Lost%20in%20Los%20Angeles/Images/armhelper.ocx
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google

Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common

Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32

\agrsmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common

Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Defender Pro Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program

Files\Common Files\Defender Pro\Defender Pro Arrakis Server\bin\arrakis3.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program

Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program

Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game

Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google -

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9a1e0b0d3f1a0) (gupdate1c9a1e0b0d3f1a0) - Google Inc. -

C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner -

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Defender Pro Update Service (LIVESRV) - Defender Pro - C:\Program Files\Common Files\Defender

Pro\Defender Pro Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program

Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9

\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9

\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio

Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio

Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Seekapp Service - Unknown owner - C:\ProgramData\Seekapp\seekapp132.exe
O23 - Service: SeekappSrch Service - Unknown owner - C:\ProgramData\SeekappSrch\seekapp163.exe (file missing)
O23 - Service: Defender Pro Virus Shield (VSSERV) - Defender Pro - C:\Program Files\Defender Pro\Defender

Pro\vsserv.exe
O23 - Service: Wyyo Service - Unknown owner - C:\ProgramData\Wyyo\wyyo127.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!

\SoftwareUpdate\YahooAUService.exe

--
End of file - 18768 bytes
Please download COMBOFIX from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue SCANNING for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
Due to lack of feedback, this topic is now closed. If you need the topic re-opened, PM a moderator and they shall unlock it.

=>CLOSED
Discussion
155.

Solve : Programs will not start after malware removal?

Answer»

What's up everyone...

OK so I just got done finally removing the Malware virus here. I'm pretty sure I got it all (I hope). I manually got rid of most of it in the registry and some files to allow me to repair NOD32 that it jacked up so I could do a scan. NOD32 picked up a few THINGS so I decided to restart. After I rebooted my desktop background is gone and none of my startup applications are starting. I went to start>objectdock (because that's one of my startup PROGRAMS) and clicked on the shortcut and it told me that the .exe for the app was not found. I browsed to the folder and it is indeed in there. I clicked on the actual .exe this time and the box popped up asking me what program I want to use to open the .exe. I closed out of that and I right clicked the .exe and then clicked "start" in stead of "open" and it started. It's this way for any link that I click on (can't find the app) and wants to know what program to open any executable files if I just double click them. The only thing I found on the web so far related to XP and doesn't work for me. How do you fix this and does it mean I may still have some traces of the malware left behind?

Vista x64

Thanks in advance!
Please visit this WEBPAGE for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the LOG back here.Due to lack of feedback, this topic is now closed. If you need the topic re-opened, PM a moderator and they shall unlock it.

=>CLOSED
Discussion
156.

Solve : Can't run .exe files...HELP!?

Answer» OKAY, earlier this week, my laptop started acting wonky. I ran Norton and it came across 2 problems, and had to reboot. Once I rebooted, no .exe files would run when I clicked on them. Clicking on them brings up the "SELECT an application to run the program" box, so I can't even do a system restore.

I'm running Windows XP, using a wireless connection on my laptop. As for my browser, I use Internet Explorer. I hope that's enough! Please help!RKill by Grinler
LINK #1
Link #2
Link #3
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using VISTA please right click and run as Admin!
  • A black screen will BRIEFLY flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.

==========

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.Due to lack of feedback, this topic is now closed. If you need the topic re-opened, PM a moderator and they shall unlock it.

=>CLOSED
Discussion
157.

Solve : HELP! virus attack!?

Answer»

I found a virus on my vista and it was called: [emailprotected] Internet guy said our computer was sending off spam emails. And it makes 432 or more internet explorer FAILED launches, weird thing is I use Firefox. PLEASE HELP ME!Go to the Virus and Spyware forum and follow the guide in the top announcement.Please visit this webpage for a tutorial on downloading and RUNNING ComboFix:

HTTP://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, POST the log back here.Due to lack of feedback, this topic is now closed. If you need the topic re-opened, PM a MODERATOR and they shall unlock it.

=>CLOSED
Discussion
158.

Solve : combofix?

Answer»

ran COMBOFIX and everything SEEMS FINE but they said take down firewall and uninstall all virus protection so now should I turn the fire wall back on because IM waiting for the malware bytes guy to analize the logs and GET back with me and they didnt really say what to do or not to do while I wait. Its actually my wifes laptop and shes already back on facebook
but she did turn on the fire wall and I wonder if she should be doing that.

Thanks WillPost the link to the Malwarebytes thread.Due to lack of feedback, this topic is now closed. If you need the topic re-opened, PM a moderator and they shall unlock it.

=>CLOSED
Discussion
159.

Solve : Trojans?

Answer»

although my defences STOPPED the intruder in its tracks, I couldnt find any INFO on it: Trojan Horse Generic 16. BZKL...anyone...it was hidden in a keygen and came forward as soon as you tried to get a serial....meanies!!!!Please visit this webpage for a tutorial on downloading and running COMBOFIX:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.Due to lack of feedback, this topic is now closed. If you need the topic re-opened, PM a moderator and they shall unlock it.

=>CLOSED
Discussion
160.

Solve : Application cannot be executed. the file **** is infected?

Answer»

I got the error message "APPLICATION cannot be executed. The file wuauclt.exe is INFECTED. Do you want to activate your antivirus software now?" My IE doesn't work anymore, but mozilla does. I did a system restore, but the same error msg popped up again after a couple hours.

I looked through some of the other forums with the same problem, and i tried to install the HijackThis, but it says it's infected and won't install on my computer.Even though you've probably tried this, please go here and follow the instructions. If you get an "infected file" warning, try changing the file name to SOMETHING else. Once you post all the required logs, a malware expert will be able to help you the most.Download OTL to your Desktop. But, before saving it, rename it to OTL.com then click the Save BUTTON.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in
%systemroot%\*. /MP /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
Due to lack of feedback, this topic is now closed. If you need the topic re-opened, PM a moderator and they shall unlock it.

=>CLOSED
Discussion
161.

Solve : recover files corrupted by malware?

Answer»

Hi my partner recently clicked on one of the common virus links on facebook, infecting the PC with malware. I restored my system by downloading Malwarebytes which successfully removed the malware.

My problem is it seams my mobile phone video files are now unplayable. I now get the message that the files may be corrupted.

Is there anyway of recovering these? is there any software i can download free or buy.

Any help much appreciated. Let's make sure it is gone.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when DONE, post the log back here.thanks for the reply, the log:

ComboFix 10-03-18.02 - Barbsy 19/03/2010 13:20:03.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.495 [GMT 0:00]
Running from: c:\documents and settings\Barbsy\My Documents\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-02-19 to 2010-03-19 )))))))))))))))))))))))))))))))
.

2010-03-08 18:09 . 2009-10-23 15:283558912------w-c:\windows\system32\dllcache\moviemk.exe
2010-03-04 11:39 . 2010-03-04 11:39--------d-----w-c:\documents and settings\Barbsy\Application Data\Sonic
2010-03-04 11:38 . 2010-03-04 11:38--------d-----w-c:\documents and settings\Barbsy\Application Data\Leadertech
2010-02-24 15:38 . 2010-02-12 10:03293376------w-c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2024-03-21 12:44 . 2009-10-01 15:23246272----a-w-c:\windows\UNINST16.EXE
2010-02-17 16:41 . 2009-07-25 10:43--------d-----w-c:\program files\McAfee
2009-12-31 16:50 . 2005-11-30 20:45353792----a-w-c:\windows\system32\drivers\srv.sys
2009-12-23 19:53 . 2009-12-23 19:53129----a-w-c:\documents and settings\Barbsy\Local Settings\Application Data\fusioncache.dat
2009-12-21 19:14 . 2004-08-10 12:51916480------w-c:\windows\system32\wininet.dll
2005-07-16 05:41 . 2005-11-30 21:1941573----a-w-c:\program files\mozilla firefox\components\jar50.dll
2005-07-16 05:41 . 2005-11-30 21:1948223----a-w-c:\program files\mozilla firefox\components\jsd3250.dll
2005-07-16 05:41 . 2005-11-30 21:19160871----a-w-c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{729F7007-7199-40AB-0668-42DD0F8F0243}]
2004-08-04 05:00180224----a-w-c:\windows\system32\iasadss.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APOINT"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-11-30 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-30 98304]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-02-16 147456]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-07-08 5134864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2005-11-30 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-11-30 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08110592----a-w-c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [07/09/2009 14:55 7680]
.
Contents of the 'Scheduled Tasks' folder

2010-03-07 c:\windows\Tasks\At1.job
- c:\windows\system32\odbcaad32.exe [2004-08-10 00:12]

2010-03-08 c:\windows\Tasks\At2.job
- c:\windows\system32\odbcaad32.exe [2004-08-10 00:12]

2010-03-16 c:\windows\Tasks\At3.job
- c:\windows\system32\odbcaad32.exe [2004-08-10 00:12]

2010-03-19 c:\windows\Tasks\At4.job
- c:\windows\system32\odbcaad32.exe [2004-08-10 00:12]

2009-07-25 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-25 11:22]

2009-12-02 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-25 11:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.co.uk/myway
uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway
FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.docume nt", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.histor y", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout", 30);// in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120);// in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequen cy", 7); // number of days
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-19 13:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2010-03-19 13:26:00
ComboFix-quarantined-files.txt 2010-03-19 13:25
ComboFix2.txt 2010-03-19 12:52

Pre-Run: 65,899,556,864 bytes free
Post-Run: 65,879,396,352 bytes free

- - End Of File - - 7FC7BE3BC0FEF65FA4278E6AFB279EF9
We need to do some diagnostics.

1. Please download Profiles by noahdfear.

  • Save it to your desktop.
  • Double-click profiles.exe and post its log when you reply
2. Download Win32kDiag by ad13 and save it to your Desktop.
  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  • Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
3. In your next reply, please post the following logs for my review:
  • Profiles log (1)
  • Win32kDiag log (2)
Thanks! :)profiles log:


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1067566499-3483388466-2928903462-1006
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Barbsy

SystemRoot REG_SZ C:\WINDOWS

2: win32diag log:

Running from: C:\Documents and Settings\Barbsy\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Barbsy\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove SELECTED.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.copy of log:

Malwarebytes' Anti-Malware 1.44
Database version: 3890
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21/03/2010 12:56:09
mbam-log-2010-03-21 (12-56-09).txt

Scan type: Full Scan (C:\|)
Objects scanned: 153304
Time elapsed: 39 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{729f7007-7199-40ab-0668-42dd0f8f0243} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{729f7007-7199-40ab-0668-42dd0f8f0243} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{729f7007-7199-40ab-0668-42dd0f8f0243} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\iasadss.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\odbcaad32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Let's make sure it is gone.

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.Malwarebytes' Anti-Malware 1.44
Database version: 3901
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22/03/2010 21:34:50
mbam-log-2010-03-22 (21-34-50).txt

Scan type: Quick Scan
Objects scanned: 114129
Time elapsed: 9 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance INFORMATION and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete
You are now done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Results of screen317's Security Check version 0.99.2
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
McAfee SecurityCenter
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java 2 Runtime Environment, SE v1.4.2_03
Adobe Flash Player 10
Adobe Reader 6.0.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee VIRUSS~1 mcshield.exe
McAfee VIRUSS~1 mcsysmon.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

See this page for more info about malware and prevention.

Do you have any more questions?no thanks for all your help You're welcome! Since this appears to be resolved, this topic is now closed. Glad we could help!

=>CLOSED
Discussion
162.

Solve : Antispyware XP?

Answer»

Do that once more and post a log, please.Hello, your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help. ~ DragonMaster JayO.K., here it is once more:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x01749DA10
malicious code @ sector 0x01749DA13 !
PE file found in sector at 0x01749DA29 !
Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
There is nothing in the report. I ran it twice. I disabled Zone Alarm each time, as instructed.Ok. Good.

Now, what issues are plaguing your computer at this point?None that I can see.

Am I done?Sure.

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done
To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
O.K. Here it is:

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ZoneAlarm Security Suite
ZoneAlarm Toolbar
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date HijackThis installed!
Malwarebytes' Anti-Malware
Hijackthis 1.99.1
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 18
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Adobe Reader 9.3.1
````````````````````````````````
Process Check:
objlist.exe by Laurent
Zone Labs ZoneAlarm zlclient.exe
````````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````
Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

====================

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware
  • SpywareBlaster
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  • Spybot - Search & Destroy.
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of ONE of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and BECOME less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your MONEY and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help IMMEDIATELY. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:
See this page for more info about malware and prevention.
Discussion
163.

Solve : Possible Malware problem?

Answer»

Hi,

I've been having problems with google and firefox for the last couple of days. If I click on a google search result 9 times out of 10 it will load a completely different website usually trying to sell me something.

Other times Firefox will open a new tab which will again be for some random website.

I presume it's malware or some other virus. I've attached the three logs requested.

Cheers in advance,
Simon

[recovering disk space - old attachment deleted by admin]Welcome to CH.

Please go to Add or Remove Programs and uninstall:

.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

  • O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
  • O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
.
Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure to save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please ALLOW it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFixHi,

I followed the request and it seemed to work but then my computer crashed. I tried to restart but it kept on crashing. Windows would load with my desktop but it stopped before loading things like avg or ONLINE armor. Finally after about 10 tries it did fully start there was a MESSAGE saying my BIOS might be out of date and that I may want to upgrade. I've never had this before.

Cheers,
SiHere's the report from windows error reporting.

Consider BIOS upgrade

Microsoft is unable to determine the exact cause of this error. However, this problem was most likely caused by an error in your computer’s random access memory (RAM). RAM is the MAIN internal storage area the computer uses to run programs and store data.

During the crash analysis, we noticed the basic input/output system (BIOS) version on this computer does not match the specifications for the central processing unit (CPU), also known as a processor, that is installed on your computer. This can occur when a NEWER processor is installed on an older system board or older BIOS. Using a BIOS that does not support the installed processor can result in Windows system crashes. Contact your computer manufacturer or motherboard manufacturer for an updated version of BIOS for your computer's processor.

How do I find my computer manufacturer?

Click Start, click Run, type msinfo32, and then click OK. Your computer manufacturer is listed as the System Manufacturer in the right pane of the System Information window.

Go to www.microsoft.com and search for "computer manufacturers"Click to go online to see contact information for most computer manufacturers
Notes

*

Upgrading the BIOS version may require moderate to advanced troubleshooting skills. If you are uncomfortable with performing these steps, you might want to consider consulting with paid technical support.
*

If your computer contains an Intel desktop board, click the following link to go online for more information:
Go to www.support.intel.com and search for "Intel desktop board BIOS update instructions"Intel desktop board BIOS update instructions
Do you have an XP CD?

If so, place it in your CD ROM drive and follow the instructions below:

* Click on Start > Run and type sfc /scannow then press Enter on your keyboard. (note the space between scf and /scannow)
* Let this run undisturbed until the window with the blue progress bar goes away.

If you do not have an XP CD try running it anyway. Let me know if anything is found or what errors you get.
Discussion
164.

Solve : computer keep logging off?

Answer»

OTPLE ask me to browser a folder, therefore i can't run a scan.So, it did not run the scan?it won't let me, say there's no WINDOW.Try to REBOOT and GO back in and try again, please.try it, it's doesn't WORK. i try to re-install the computer, but it said the file c:\$WIN_NT$.LS\l386\ieencode.dll.Are you ABLE to boot in to Normal Windows or in Safe Mode now?no, not at all. the problem is even worst now. i can't even load to the welcome window.
Discussion
165.

Solve : Problem - Please Help?

Answer»

Code: [Select]OTS LOGFILE created on: 3/17/2010 12:25:18 AM - Run 1
OTS by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Me\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.18 Gb Total Space | 80.05 Gb Free Space | 73.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVE
Current User Name: Me
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 90 DAYS

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Me\Desktop\OTS.exe -> [2010/03/17 00:20:46 | 000,637,952 | ---- | M] (OldTimer Tools)
oacat.exe -> C:\Program Files\Tall Emu\Online Armor\oacat.exe -> [2009/12/05 08:53:38 | 001,282,248 | ---- | M] (Tall Emu)
avguard.exe -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH)
sched.exe -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH)
avgnt.exe -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe -> [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -> [2007/10/29 14:27:04 | 000,587,096 | ---- | M] (Lavasoft AB)
googletoolbarnotifier.exe -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2007/08/21 23:09:15 | 000,068,856 | ---- | M] (Google Inc.)
stsystra.exe -> C:\WINDOWS\stsystra.exe -> [2007/06/06 15:28:18 | 000,405,504 | ---- | M] (SigmaTel, Inc.)
oem02mon.exe -> C:\WINDOWS\OEM02Mon.exe -> [2007/05/09 10:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.)
pcmservice.exe -> C:\Program Files\DELL\MediaDirect\PCMService.exe -> [2007/04/16 16:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.)
evteng.exe -> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -> [2007/02/21 11:28:36 | 000,643,072 | ---- | M] (Intel Corporation)
zcfgsvc.exe -> C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe -> [2007/02/21 11:19:58 | 000,819,200 | ---- | M] (Intel Corporation)
wlkeeper.exe -> C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -> [2007/02/21 11:19:40 | 000,294,912 | ---- | M] (Intel(R) Corporation)
ifrmewrk.exe -> C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe -> [2007/02/21 11:17:42 | 000,970,752 | ---- | M] (Intel Corporation)
s24evmon.exe -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> [2007/02/21 11:16:48 | 000,983,040 | ---- | M] (Intel Corporation )
dot1xcfg.exe -> C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe -> [2007/02/21 11:13:26 | 000,487,424 | ---- | M] (Intel Corporation)
regsrvc.exe -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> [2007/02/21 11:10:00 | 000,327,680 | ---- | M] (Intel Corporation)
msascui.exe -> C:\Program Files\Windows Defender\MSASCui.exe -> [2006/11/03 20:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation)
msmpeng.exe -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)
dlg.exe -> C:\Program Files\Digital Line Detect\DLG.exe -> [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software )
kadxmain.exe -> C:\WINDOWS\system32\KADxMain.exe -> [2006/11/02 14:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Me\Desktop\OTS.exe -> [2010/03/17 00:20:46 | 000,637,952 | ---- | M] (OldTimer Tools)

[Win32 Services - Safe List]
(SvcOnlineArmor) Online Armor [Auto | Stopped] -> C:\Program Files\Tall Emu\Online Armor\oasrv.exe -> [2009/12/05 08:53:38 | 003,291,336 | ---- | M] (Tall Emu)
(OAcat) Online Armor Helper Service [Auto | Running] -> C:\Program Files\Tall Emu\Online Armor\OAcat.exe -> [2009/12/05 08:53:38 | 001,282,248 | ---- | M] (Tall Emu)
(AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH)
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH)
(aawservice) Ad-Aware 2007 Service [Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -> [2007/10/29 14:27:04 | 000,587,096 | ---- | M] (Lavasoft AB)
(EvtEng) Intel(R) PROSet/Wireless Event Log [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -> [2007/02/21 11:28:36 | 000,643,072 | ---- | M] (Intel Corporation)
(WLANKEEPER) Intel(R) PROSet/Wireless SSO Service [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -> [2007/02/21 11:19:40 | 000,294,912 | ---- | M] (Intel(R) Corporation)
(S24EventMonitor) Intel(R) PROSet/Wireless Service [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> [2007/02/21 11:16:48 | 000,983,040 | ---- | M] (Intel Corporation )
(RegSrvc) Intel(R) PROSet/Wireless Registry Service [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> [2007/02/21 11:10:00 | 000,327,680 | ---- | M] (Intel Corporation)
(WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -> [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(OAmon) OAmon [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\OAmon.sys -> [2009/12/05 08:28:06 | 000,024,656 | ---- | M] (Tall Emu)
(OAnet) OAnet [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\OAnet.sys -> [2009/12/05 08:27:56 | 000,029,776 | ---- | M] (Tall Emu Pty Ltd)
(OADevice) OADriver [File_System | System | Running] -> C:\WINDOWS\system32\drivers\OADriver.sys -> [2009/12/05 08:27:52 | 000,223,312 | ---- | M] (Tall Emu)
(avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\avgntflt.sys -> [2009/11/25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH)
(ssmdrv) ssmdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH)
(avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH)
(avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2007/06/06 15:34:38 | 006,345,472 | ---- | M] (NVIDIA Corporation)
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sthda.sys -> [2007/06/06 15:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SynTP.sys -> [2007/06/03 14:20:58 | 000,202,912 | ---- | M] (Synaptics, Inc.)
(OEM02Dev) Creative Camera OEM002 Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\OEM02Dev.sys -> [2007/05/09 10:01:00 | 000,235,584 | ---- | M] (Creative Technology Ltd.)
(NETw4x32) Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NETw4x32.sys -> [2007/05/08 23:05:36 | 002,203,520 | ---- | M] (Intel Corporation)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\bcm4sbxp.sys -> [2007/05/08 21:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation)
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\rixdptsk.sys -> [2007/05/08 21:46:12 | 000,037,376 | ---- | M] (REDC)
(rimsptsk) rimsptsk [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\rimsptsk.sys -> [2007/05/08 21:46:08 | 000,043,520 | ---- | M] (REDC)
(rimmptsk) rimmptsk [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\rimmptsk.sys -> [2007/05/08 21:46:06 | 000,032,256 | ---- | M] (REDC)
(iaStor) Intel RAID Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\iaStor.sys -> [2007/05/08 20:22:58 | 000,277,784 | ---- | M] (Intel Corporation)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_DPV.sys -> [2007/04/23 21:15:46 | 000,989,696 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_CNXT.sys -> [2007/04/23 21:15:46 | 000,730,112 | ---- | M] (Conexant Systems, Inc.)
(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSFHWAZL.sys -> [2007/04/23 21:15:44 | 000,209,152 | ---- | M] (Conexant Systems, Inc.)
(OEM02Vfx) Creative Camera OEM002 Video VFX Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\OEM02Vfx.sys -> [2007/03/05 03:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.)
(s24trans) WLAN Transport [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\s24trans.sys -> [2007/02/21 11:16:12 | 000,012,416 | ---- | M] (Intel Corporation)
(DXEC02) DXEC02 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\dxec02.sys -> [2006/11/02 12:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics)
(APPDRV) APPDRV [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -> [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic)
(symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.)
(ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.)
(asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> http://news.yahoo.com/ [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Secondary Start PAGES" -> http://news.yahoo.com/ [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\] > -> ->
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: Main\\"Default_Secondary_Page_URL" -> http://news.yahoo.com/ [binary data] ->
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: Main\\"SearchDefaultBranded" -> 1 ->
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: Main\\"SearchMigratedDefaultName" -> Google ->
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 ->
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: Main\\"Start Page" -> http://www.yahoo.com ->
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: Search\\"SearchAssistant" -> http://www.google.com/ie ->
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: SearchURL\\"" -> http://www.google.com/search?q=%s ->
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2007/09/05 16:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Me\Application Data\Mozilla\FireFox\Profiles\xs21qfhi.default\prefs.js ->
browser.startup.homepage -> "http://law.wustl.edu/" ->
extensions.enabledItems -> [emailprotected]:1.0.0.071101000055 ->
extensions.enabledItems -> [emailprotected]:1.0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/03/02 12:26:56 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/03/03 18:07:10 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\Me\Application Data\Mozilla\Extensions -> [2008/08/26 16:07:50 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\xs21qfhi.default\extensions -> [2010/03/15 00:15:07 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\xs21qfhi.default\extensions\[emailprotected] -> [2008/09/20 21:10:18 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\xs21qfhi.default\extensions\[emailprotected] -> [2009/09/14 07:21:38 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2010/03/15 00:15:07 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/03/09 15:09:37 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2007/09/05 16:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/01/12 20:38:22 | 000,063,128 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/01/28 11:43:28 | 001,554,256 | ---- | M] (Safer Networking Limited)
{5A263CF7-56A6-4D68-A8CF-345BE45BC911} [HKLM] -> C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll [Yahoo! IE Suggest] -> [2008/01/14 16:09:20 | 000,233,472 | ---- | M] (Yahoo! Inc.)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 16:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [Google Toolbar Notifier BHO] -> [2010/02/05 12:51:19 | 000,812,528 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2007/09/05 16:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"@OnlineArmor GUI" -> C:\Program Files\Tall Emu\Online Armor\oaui.exe ["C:\Program Files\Tall Emu\Online Armor\oaui.exe"] -> [2009/12/05 08:53:38 | 006,622,920 | ---- | M] (Tall Emu)
"avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
"awurstdrv" -> [rundll32.exe "rqrstu.dll",s] -> File not found
"hgfcdasys" -> [rundll32.exe "jkhfde.dll",DllRegisterServer] -> File not found
"IntelWireless" -> C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe ["C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless] -> [2007/02/21 11:17:42 | 000,970,752 | ---- | M] (Intel Corporation)
"IntelZeroConfig" -> C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe ["C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"] -> [2007/02/21 11:19:58 | 000,819,200 | ---- | M] (Intel Corporation)
"KADxMain" -> C:\WINDOWS\system32\KADxMain.exe [C:\WINDOWS\system32\KADxMain.exe] -> [2006/11/02 14:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2007/06/06 15:34:42 | 008,429,568 | ---- | M] (NVIDIA Corporation)
"NVHotkey" -> C:\WINDOWS\System32\nvhotkey.dll [rundll32.exe nvHotkey.dll,Start] -> [2007/06/06 15:34:54 | 000,067,584 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\WINDOWS\System32\nvmctray.dll [RunDLL32.exe NvMCTray.dll,NvTaskbarInit] -> [2007/06/06 15:34:56 | 000,081,920 | ---- | M] (NVIDIA Corporation)
"nwiz" -> C:\WINDOWS\System32\nwiz.exe [nwiz.exe /installquiet] -> [2007/06/06 15:35:12 | 001,626,112 | ---- | M] ()
"OEM02Mon.exe" -> C:\WINDOWS\OEM02Mon.exe [C:\WINDOWS\OEM02Mon.exe] -> [2007/05/09 10:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.)
"PCMService" -> C:\Program Files\Dell\MediaDirect\PCMService.exe ["C:\Program Files\Dell\MediaDirect\PCMService.exe"] -> [2007/04/16 16:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.)
"SigmatelSysTrayApp" -> C:\WINDOWS\stsystra.exe [stsystra.exe] -> [2007/06/06 15:28:18 | 000,405,504 | ---- | M] (SigmaTel, Inc.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 20:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"DWQueuedReporting" -> C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE ["C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t] -> [2008/11/04 02:44:24 | 000,435,096 | ---- | M] (Microsoft Corporation)
"khefdadrv" -> [rundll32.exe "rqrstu.dll",s] -> File not found
"vtttstsys" -> [rundll32.exe "jkhfde.dll",DllRegisterServer] -> File not found
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"DWQueuedReporting" -> C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE ["C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t] -> [2008/11/04 02:44:24 | 000,435,096 | ---- | M] (Microsoft Corporation)
"khefdadrv" -> [rundll32.exe "rqrstu.dll",s] -> File not found
"vtttstsys" -> [rundll32.exe "jkhfde.dll",DllRegisterServer] -> File not found
< Run [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2007/08/21 23:09:15 | 000,068,856 | ---- | M] (Google Inc.)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005/09/23 22:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe -> [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software )
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Me Startup Folder > -> C:\Documents and Settings\Me\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< Software Policy Settings [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2010/01/15 01:57:10 | 018,343,272 | ---- | M] (Microsoft Corporation)
Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html] -> [2010/02/05 12:11:47 | 000,848,896 | ---- | M] (Google Inc.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2008/10/25 08:52:00 | 000,604,056 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2008/10/25 08:52:00 | 000,604,056 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 05:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/01/28 11:43:28 | 001,554,256 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2008/10/25 08:52:00 | 000,604,056 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2009/03/06 05:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/01/28 11:43:28 | 001,554,256 | ---- | M] (Safer Networking Limited)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4393 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4392 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4392 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4032 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4032 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4392 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=39204 [Windows Genuine Advantage Validation Tool] ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab [Windows Live Safety Center Base Module] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 172.16.2.5 172.18.82.11 4.2.2.2 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{286109AB-BCDA-4BB4-BB4B-CFEB2A546527}\\DhcpNameServer -> 172.16.2.5 172.18.82.11 4.2.2.2 (Intel(R) PRO/Wireless 3945ABG Network Connection) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -> [2009/09/03 15:21:42 | 000,548,352 | ---- | M] (SUPERAntiSpyware.com)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> C:\Program Files\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 20:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation)
"{4F07DA45-8170-4859-9B5F-037EF2970034}" [HKLM] -> C:\Program Files\Tall Emu\Online Armor\oaevent.dll [OA Shell Helper] -> [2009/12/05 08:53:40 | 000,923,336 | ---- | M] (Tall Emu)
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 10:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com)
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2009/02/12 16:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\system32\drivers\svchost.exe" -> C:\WINDOWS\System32\drivers\svchost.exe [%windir%\system32\drivers\svchost.exe:*:Enabled:svchost] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\system32\drivers\svchost.exe" -> C:\WINDOWS\System32\drivers\svchost.exe [%windir%\system32\drivers\svchost.exe:*:Enabled:svchost] -> File not found
"C:\Program Files\AIM6\aim6.exe" -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> [2007/04/27 16:17:26 | 000,050,736 | ---- | M] (AOL LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> [2006/10/10 12:53:46 | 000,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\DELL\MediaDirect\PCMService.exe" -> C:\Program Files\DELL\MediaDirect\PCMService.exe [C:\Program Files\DELL\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program] -> [2007/04/16 16:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.)
"C:\Program Files\ExamSoft\SofTest\softest.exe" -> C:\Program Files\ExamSoft\SofTest.exe [C:\Program Files\ExamSoft\SofTest.exe:*:Enabled:SofTest
] -> File not found
"C:\Program Files\ExamSoft\SofTest\SoftLnch.exe" -> C:\Program Files\ExamSoft\SoftLnch.exe [C:\Program Files\ExamSoft\SoftLnch.exe:*:Enabled:SofLaunch
] -> File not found
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/10/28 21:21:22 | 010,358,048 | ---- | M] (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> [2009/02/14 07:03:18 | 000,337,264 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2008/11/24 23:16:44 | 001,020,776 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2009/08/17 22:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 13:04:08 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< AppCertDlls [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
[Registry - Additional Scans - Safe List]
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 ->
"msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\system32\iac25_32.ax] -> [2008/04/13 19:12:42 | 000,199,680 | ---- | M] (Intel Corporation)
"msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2008/04/13 19:09:57 | 000,290,816 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2008/04/13 19:10:50 | 000,086,016 | ---- | M] (Sipro Lab Telecom Inc.)
"msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2004/08/04 05:00:00 | 000,008,192 | ---- | M] (DSP GROUP, INC.)
"MSVideo8" -> C:\WINDOWS\System32\vfwwdm32.dll [VfWWDM32.dll] -> [2008/04/13 19:12:08 | 000,053,760 | ---- | M] (Microsoft Corporation)
"vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2008/04/13 19:11:54 | 000,080,384 | ---- | M] (Radius Inc.)
"vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/04 05:00:00 | 000,199,168 | ---- | M] ()
"vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/04 05:00:00 | 000,199,168 | ---- | M] ()
"vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008/04/13 19:12:42 | 000,848,384 | ---- | M] (Intel Corporation)
"vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2008/04/13 19:11:55 | 000,755,200 | ---- | M] (Intel Corporation)
< Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2007/09/05 16:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> C:\Program Files\Microsoft Office\Office12\IEAWSDC.DLL [Microsoft Office Template and Media Control] -> [2008/10/25 07:18:50 | 000,172,880 | ---- | M] ()
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2009/09/05 02:55:06 | 000,795,952 | ---- | M] (Apple Inc.)
{03F998B2-0E00-11D3-A498-00104B6EB52E} [HKLM] -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll [MetaStreamCtl Class] -> [2007/10/07 11:03:44 | 000,254,022 | ---- | M] (Viewpoint Corporation)
{07B06095-5687-4D13-9E32-12B4259C9813} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSUPLD.DLL [STSUpld UploadCtl Class] -> [2006/10/26 19:59:30 | 000,227,128 | ---- | M] (Microsoft Corporation)
{0D012ABD-CEED-11D2-9C76-00105AA73033} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveDocumentShareTool.dll [Groove DocumentShareView] -> [2009/02/14 07:03:38 | 003,070,832 | ---- | M] (Microsoft Corporation)
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> C:\WINDOWS\system32\Adobe\Director\swdir.dll [Shockwave ActiveX Control] -> [2008/03/19 19:36:22 | 000,202,168 | ---- | M] (Adobe Systems, Inc.)
{1B00725B-C455-4DE6-BFB6-AD540AD427CD} [HKLM] -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll [MetaStreamCtl Class] -> [2007/10/07 11:03:44 | 000,254,022 | ---- | M] (Viewpoint Corporation)
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> C:\WINDOWS\system32\Adobe\Director\swdir.dll [Shockwave ActiveX Control] -> [2008/03/19 19:36:22 | 000,202,168 | ---- | M] (Adobe Systems, Inc.)
{3FD37ABB-F90A-4DE5-AA38-179629E64C2F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Spreadsheet Launcher] -> [2009/03/06 05:23:08 | 000,140,168 | ---- | M] (Microsoft Corporation)
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2009/09/05 02:55:06 | 000,795,952 | ---- | M] (Apple Inc.)
{56A58823-AE99-11D5-B90B-0050DACD1F75} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveCommonComponents.dll [Groove Data List Display] -> [2009/02/14 07:03:28 | 002,687,336 | ---- | M] (Microsoft Corporation)
{5852F5ED-8BF4-11D4-A245-0080C6F74284} [HKLM] -> C:\Program Files\Java\jre6\bin\wsdetect.dll [isInstalled Class] -> [2010/03/03 18:06:51 | 000,108,320 | ---- | M] (Sun Microsystems, Inc.)
{5A263CF7-56A6-4D68-A8CF-345BE45BC911} [HKLM] -> C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll [Yahoo! IE Suggest] -> [2008/01/14 16:09:20 | 000,233,472 | ---- | M] (Yahoo! Inc.)
{62B4D041-4667-40B6-BB50-4BC0A5043A73} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Export Database Launcher] -> [2009/03/06 05:23:08 | 000,140,168 | ---- | M] (Microsoft Corporation)
{65BCBEE4-7728-41A0-97BE-14E1CAE36AAE} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSLIST.DLL [Microsoft Office List 12.0] -> [2009/03/06 04:01:06 | 002,335,648 | ---- | M] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8075631E-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\Program Files\Microsoft Office\Office12\INLAUNCH.DLL [SharepointOpenXMLDocuments] -> [2009/03/06 05:26:06 | 000,065,400 | ---- | M] (Microsoft Corporation)
{88d969c0-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{88d969c1-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{88d969c2-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{88d969c3-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{88d969c4-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{88d969c5-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2010/03/03 18:06:51 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{9203C2CB-1DC1-482D-967E-597AFF270F0D} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint OpenDocuments Class] -> [2009/03/06 05:23:08 | 000,140,168 | ---- | M] (Microsoft Corporation)
{9F9C4924-C3F3-4459-A396-9E9E0D8B83D1} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found
{BAEB32D0-732D-11d2-8BF4-0060B0A4A9EA} [HKLM] -> C:\Program Files\AIM6\services\imApp\ver6_1_41_2\isAim.dll [aimlocator Class] -> [2007/04/27 16:15:23 | 000,083,504 | ---- | M] (America Online Inc)
{BDEADE3E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientEventSubscription Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE3F-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientMiscApis Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE40-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCommentThread Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE42-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientComment Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE43-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSBrowserUI Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE98-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWS Post Data] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE9E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [SharePoint Spreadsheet Launcher] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEB3-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEB4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEB5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEB7-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionServers Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEB8-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCollaboration Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEDA-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussion] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEDB-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussions] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEDC-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServer] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEDD-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServers] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEDE-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE Global Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEE0-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionBar Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEF2-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found
{BDEADEF4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint Stssync Handler] -> File not found
{BDEADEF5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Stssync Handler] -> [2009/03/06 05:23:08 | 000,140,168 | ---- | M] (Microsoft Corporation)
{C9712B19-838B-45A5-ABF2-9A315DDDED50} [HKLM] -> C:\Program Files\Microsoft Office\Office12\AUTHZAX.DLL [Microsoft Office 12 Authorization Control] -> [2008/10/25 07:18:46 | 000,054,152 | ---- | M] (Microsoft Corporation)
{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2006/05/16 21:31:20 | 000,296,584 | ---- | M] (Adobe Systems, Inc.)
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2010/03/03 18:06:51 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2010/03/03 18:06:51 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2010/03/03 18:06:51 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} [HKLM] -> C:\WINDOWS\system32\deploytk.dll [Deployment Toolkit] -> [2010/03/03 18:06:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CB927D12-4FF7-4A9E-A169-56E4B8A75598} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [Behavior Object] -> [2009/09/05 02:55:06 | 000,795,952 | ---- | M] (Apple Inc.)
{CDEC13B2-0B3C-400E-B909-E27EE89C6799} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSUPLD.DLL [STSUpld CopyCtl Class] -> [2006/10/26 19:59:30 | 000,227,128 | ---- | M] (Microsoft Corporation)
{CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx [Shockwave Flash Object] -> [2008/10/04 22:16:26 | 003,789,728 | R--- | M] (Adobe Systems, Inc.)
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [HKLM] -> C:\Program Files\iTunes\ITDetector.ocx [iTunesDetector Class] -> [2009/10/28 21:21:16 | 000,111,912 | ---- | M] (Apple Inc.)
{DFEAF541-F3E1-4c24-ACAC-99C30715084A} [HKLM] -> c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll [Microsoft Silverlight] -> [2010/01/06 01:33:56 | 000,876,872 | ---- | M] ( Microsoft Corporation)
{E01D1C6A-4F40-11D3-8958-00105A272DCF} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveTextTools.dll [Groove Text View] -> [2009/02/14 07:03:54 | 001,161,568 | ---- | M] (Microsoft Corporation)
{E543A17A-F212-49C0-B63D-BF09B460250E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\oisctrl.dll [OISClientLauncher Class] -> [2009/03/06 05:23:50 | 000,022,432 | ---- | M] (Microsoft Corporation)
{E7339A62-0E31-4A5E-BA3D-F2FEDFBF8BE5} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Portal\PortalConnectCore.dll [PersonalSite Class] -> [2008/10/26 06:42:16 | 000,482,656 | ---- | M] ()
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2007/09/05 16:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
{F3FFF5F4-A643-447E-A5A5-0B5F760C7F4A} [HKLM] -> C:\Program Files\Google\Update\1.2.183.17\npGoogleOneClick8.dll [Google Update Plugin] -> [2010/02/25 01:42:15 | 000,220,656 | ---- | M] (Google Inc.)
< Ext (Settings) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\ ->
{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 16:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
{754FF233-5D4E-11D2-875B-00A0C93C09B3} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AA58ED58-01DD-4D91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [Google Toolbar Notifier BHO] -> [2010/02/05 12:51:19 | 000,812,528 | ---- | M] (Google Inc.)
{B1549E58-3894-11D2-BB7F-00A0C999C4C1} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{BD96C556-65A3-11D0-983A-00C04FC29E36} [HKLM] -> C:\Program Files\Common Files\System\msadc\msadco.dll [RDS.DataSpace] -> [2008/04/13 19:11:58 | 000,143,360 | ---- | M] (Microsoft Corporation)
{BDD307C3-7BC0-4542-9F8F-A9611FE6C1BF} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{C533ADF1-0C80-11D1-8C54-00A02468F316} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CCCCCCD3-666F-4F81-8B69-745DE9F6D897} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05} [HKLM] -> C:\Program Files\Microsoft Office\Office12\NAME.DLL [NameCtrl Class] -> [2009/03/06 05:04:56 | 000,064,872 | ---- | M] (Microsoft Corporation)
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2007/09/05 16:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ ->
{0006F033-0000-0000-C000-000000000046} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [Microsoft Outlook 8.0 Object Library] -> [2009/08/17 22:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation)
{0006F03A-0000-0000-C000-000000000046} [HKLM] -> Reg Error: Value error. [Microsoft Office Outlook] -> File not found
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Script Object] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2007/09/05 16:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2009/09/05 02:55:06 | 000,795,952 | ---- | M] (Apple Inc.)
{03F998B2-0E00-11D3-A498-00104B6EB52E} [HKLM] -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll [MetaStreamCtl Class] -> [2007/10/07 11:03:44 | 000,254,022 | ---- | M] (Viewpoint Corporation)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/01/12 20:38:22 | 000,063,128 | ---- | M] (Adobe Systems Incorporated)
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
{10072CEC-8CC1-11D1-986E-00A0C955B42E} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll [PeerDraw Class] -> [2007/07/12 18:31:54 | 000,765,952 | ---- | M] (Microsoft Corporation)
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> C:\WINDOWS\system32\Adobe\Director\swdir.dll [Shockwave ActiveX Control] -> [2008/03/19 19:36:22 | 000,202,168 | ---- | M] (Adobe Systems, Inc.)
{1B00725B-C455-4DE6-BFB6-AD540AD427CD} [HKLM] -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll [MetaStreamCtl Class] -> [2007/10/07 11:03:44 | 000,254,022 | ---- | M] (Viewpoint Corporation)
{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> C:\WINDOWS\system32\Adobe\Director\swdir.dll [Shockwave ActiveX Control] -> [2008/03/19 19:36:22 | 000,202,168 | ---- | M] (Adobe Systems, Inc.)
{2670000A-7350-4F3C-8081-5663EE0C6C49} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx [DHTML Edit Control Safe for Scripting for IE5] -> [2009/07/27 17:27:12 | 000,128,512 | ---- | M] (Microsoft Corporation)
{31435657-9980-0010-8000-00AA00389B71} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{38481807-CA0E-42D2-BF39-B33AF135CC4D} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Smart Tag\IETAG.DLL [IETag Factory] -> [2009/04/02 13:01:44 | 000,177,520 | ---- | M] (Microsoft Corporation)
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2009/09/05 02:55:06 | 000,795,952 | ---- | M] (Apple Inc.)
{48DD0448-9209-4F81-9F6D-D83562940134} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/01/28 11:43:28 | 001,554,256 | ---- | M] (Safer Networking Limited)
{5852F5ED-8BF4-11D4-A245-0080C6F74284} [HKLM] -> C:\Program Files\Java\jre6\bin\wsdetect.dll [isInstalled Class] -> [2010/03/03 18:06:51 | 000,108,320 | ---- | M] (Sun Microsystems, Inc.)
{5A263CF7-56A6-4D68-A8CF-345BE45BC911} [HKLM] -> C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll [Yahoo! IE Suggest] -> [2008/01/14 16:09:20 | 000,233,472 | ---- | M] (Yahoo! Inc.)
{5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> C:\WINDOWS\Downloaded Program Files\wlscBase.dll [Windows Live Safety Center Base Module] -> [2009/03/16 14:01:08 | 000,452,488 | ---- | M] ()
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 16:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2010/03/03 18:06:51 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{8E5C8BEE-1887-414C-8AC9-7C3951F28476} [HKLM] -> C:\Program Files\Windows Live Safety Center\wlscCtrl.dll [Windows Live Safety Center Control Module] -> [2009/03/16 14:01:10 | 000,753,544 | ---- | M] (Microsoft Corporation)
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9203C2CB-1DC1-482D-967E-597AFF270F0D} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint OpenDocuments Class] -> [2009/03/06 05:23:08 | 000,140,168 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AA58ED58-01DD-4D91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [Google Toolbar Notifier BHO] -> [2010/02/05 12:51:19 | 000,812,528 | ---- | M] (Google Inc.)
{BD96C556-65A3-11D0-983A-00C04FC29E36} [HKLM] -> C:\Program Files\Common Files\System\msadc\msadco.dll [RDS.DataSpace] -> [2008/04/13 19:11:58 | 000,143,360 | ---- | M] (Microsoft Corporation)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{C9712B19-838B-45A5-ABF2-9A315DDDED50} [HKLM] -> C:\Program Files\Microsoft Office\Office12\AUTHZAX.DLL [Microsoft Office 12 Authorization Control] -> [2008/10/25 07:18:46 | 000,054,152 | ---- | M] (Microsoft Corporation)
{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2006/05/16 21:31:20 | 000,296,584 | ---- | M] (Adobe Systems, Inc.)
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx [Shockwave Flash Object] -> [2008/10/04 22:16:26 | 003,789,728 | R--- | M] (Adobe Systems, Inc.)
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [HKLM] -> C:\Program Files\iTunes\ITDetector.ocx [iTunesDetector Class] -> [2009/10/28 21:21:16 | 000,111,912 | ---- | M] (Apple Inc.)
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} [HKLM] -> C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx [QuickTimeCheck Class] -> [2009/09/05 02:55:06 | 000,136,496 | ---- | M] (Apple Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{DFEAF541-F3E1-4C24-ACAC-99C30715084A} [HKLM] -> c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll [Microsoft Silverlight] -> [2010/01/06 01:33:56 | 000,876,872 | ---- | M] ( Microsoft Corporation)
{E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05} [HKLM] -> C:\Program Files\Microsoft Office\Office12\NAME.DLL [NameCtrl Class] -> [2009/03/06 05:04:56 | 000,064,872 | ---- | M] (Microsoft Corporation)
{E2E2DD38-D088-4134-82B7-F2BA38496583} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{e3e02f12-2adb-478c-8742-5f0819f9f0f4} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{e473a65c-8087-49a3-affd-c5bc4a10669b} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2007/09/05 16:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
{F4430FE8-2638-42E5-B849-800749B94EED} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{FB5F1910-F110-11D2-BB9E-00C04F795683} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{fc345d4c-b8f4-4674-bff7-3c37d2e535ee} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{fd6484ed-ebe3-4c3d-938a-8238003b41b7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> -> File not found
Ias -> C:\WINDOWS\system32\ias -> [2004/08/10 12:52:56 | 000,000,000 | ---D | M]
Iprip -> -> File not found
Irmon -> -> File not found
NWCWorkstation -> -> File not found
Nwsapagent -> -> File not found
Wmi -> C:\WINDOWS\system32\wmi.dll -> [2008/04/13 19:11:15 | 000,005,632 | ---- | M] (Microsoft Corporation)
WmdmPmSp -> -> File not found
*MultiFile Done* -> ->
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
aawservice -> C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -> [2007/10/29 14:27:04 | 000,587,096 | ---- | M] (Lavasoft AB)
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
PCI Configuration -> Driver Group
PEVSystemStart -> Service
PNP Filter -> Driver Group
Primary disk -> Driver Group
procexp90.Sys -> Driver
SCSI Class -> Driver Group
sermouse.sys -> Driver
System Bus Extender -> Driver Group
vds -> Service
vga.sys -> Driver
WinDefend -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net
{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
aawservice -> C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -> [2007/10/29 14:27:04 | 000,587,096 | ---- | M] (Lavasoft AB)
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
NDIS Wrapper -> Driver Group
NetBIOSGroup -> Driver Group
NetDDEGroup -> Driver Group
Network -> Driver Group
NetworkProvider -> Driver Group
PCI Configuration -> Driver Group
PEVSystemStart -> Service
PNP Filter -> Driver Group
PNP_TDI -> Driver Group
Primary disk -> Driver Group
procexp90.Sys -> Driver
SCSI Class -> Driver Group
sermouse.sys -> Driver
Streams Drivers -> Driver Group
System Bus Extender -> Driver Group
TDI -> Driver Group
vga.sys -> Driver
WinDefend -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)

[Files/Folders - Created Within 90 Days]
OTS.exe -> C:\Documents and Settings\Me\Desktop\OTS.exe -> [2010/03/17 00:20:43 | 000,637,952 | ---- | C] (OldTimer Tools)
radix_installer -> C:\Documents and Settings\Me\Desktop\radix_installer -> [2010/03/14 17:12:54 | 000,000,000 | ---D | C]
moviemk.exe -> C:\WINDOWS\System32\dllcache\moviemk.exe -> [2010/03/10 17:13:44 | 003,558,912 | ---- | C] (Microsoft Corporation)
ComboFix -> C:\ComboFix -> [2010/03/09 15:54:33 | 000,000,000 | --SD | C]
temp -> C:\WINDOWS\temp -> [2010/03/09 15:06:52 | 000,000,000 | ---D | C]
RECYCLER -> C:\RECYCLER -> [2010/03/09 14:59:06 | 000,000,000 | -HSD | C]
cmdcons -> C:\cmdcons -> [2010/03/09 01:04:57 | 000,000,000 | RHSD | C]
SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2010/03/09 01:02:35 | 000,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2010/03/09 01:02:35 | 000,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2010/03/09 01:02:35 | 000,136,704 | ---- | C] (SteelWerX)
NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2010/03/09 01:02:35 | 000,031,232 | ---- | C] (NirSoft)
ERDNT -> C:\WINDOWS\ERDNT -> [2010/03/09 01:02:26 | 000,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2010/03/09 01:01:50 | 000,000,000 | ---D | C]
Rooter$ -> C:\Rooter$ -> [2010/03/05 01:36:01 | 000,000,000 | ---D | C]
Rooter.exe -> C:\Documents and Settings\Me\Desktop\Rooter.exe -> [2010/03/05 01:33:31 | 000,173,119 | ---- | C] (Eric_71)
MalwareBytes -> C:\Program Files\MalwareBytes -> [2010/03/03 22:21:55 | 000,000,000 | ---D | C]
Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2010/03/03 22:04:51 | 000,000,000 | ---D | M]
Sun -> C:\Documents and Settings\All Users\Application Data\Sun -> [2010/03/03 18:07:39 | 000,000,000 | ---D | C]
SUPERAntiSpyware.com -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com -> [2010/03/03 16:00:28 | 000,000,000 | ---D | C]
SUPERAntiSpyware.com -> C:\Documents and Settings\Me\Application Data\SUPERAntiSpyware.com -> [2010/03/03 15:59:26 | 000,000,000 | ---D | C]
SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2010/03/03 15:59:26 | 000,000,000 | ---D | C]
Recent -> C:\Documents and Settings\Me\Recent -> [2010/03/03 15:36:16 | 000,000,000 | RH-D | C]
OnlineArmor -> C:\Documents and Settings\Me\Application Data\OnlineArmor -> [2010/03/03 15:19:38 | 000,000,000 | ---D | C]
OnlineArmor -> C:\Documents and Settings\All Users\Application Data\OnlineArmor -> [2010/03/03 15:19:38 | 000,000,000 | ---D | C]
OAnet.sys -> C:\WINDOWS\System32\drivers\OAnet.sys -> [2010/03/03 15:18:55 | 000,029,776 | ---- | C] (Tall Emu Pty Ltd)
OAmon.sys -> C:\WINDOWS\System32\drivers\OAmon.sys -> [2010/03/03 15:18:55 | 000,024,656 | ---- | C] (Tall Emu)
OADriver.sys -> C:\WINDOWS\System32\drivers\OADriver.sys -> [2010/03/03 15:18:54 | 000,223,312 | ---- | C] (Tall Emu)
Tall Emu -> C:\Program Files\Tall Emu -> [2010/03/03 15:18:53 | 000,000,000 | ---D | C]
CCleaner -> C:\Program Files\CCleaner -> [2010/03/03 12:49:08 | 000,000,000 | ---D | C]
avipbb.sys -> C:\WINDOWS\System32\drivers\avipbb.sys -> [2010/03/02 21:30:21 | 000,096,104 | ---- | C] (Avira GmbH)
avgntflt.sys -> C:\WINDOWS\System32\drivers\avgntflt.sys -> [2010/03/02 21:30:21 | 000,056,816 | ---- | C] (Avira GmbH)
avgntdd.sys -> C:\WINDOWS\System32\drivers\avgntdd.sys -> [2010/03/02 21:30:21 | 000,045,416 | ---- | C] (Avira GmbH)
avgntmgr.sys -> C:\WINDOWS\System32\drivers\avgntmgr.sys -> [2010/03/02 21:30:21 | 000,022,360 | ---- | C] (Avira GmbH)
ssmdrv.sys -> C:\WINDOWS\System32\drivers\ssmdrv.sys -> [2010/03/02 21:30:18 | 000,028,520 | ---- | C] (Avira GmbH)
Avira -> C:\Program Files\Avira -> [2010/03/02 21:30:17 | 000,000,000 | ---D | C]
Avira -> C:\Documents and Settings\All Users\Application Data\Avira -> [2010/03/02 21:30:17 | 000,000,000 | ---D | C]
mapp -> C:\Program Files\mapp -> [2010/03/02 21:01:51 | 000,000,000 | ---D | C]
Downloads -> C:\Documents and Settings\Me\My Documents\Downloads -> [2010/01/25 21:51:56 | 000,000,000 | ---D | C]
ymrpyb -> C:\Documents and Settings\Me\Local Settings\Application Data\ymrpyb -> [2010/01/22 03:12:43 | 000,000,000 | ---D | C]
aclayers.dll -> C:\WINDOWS\System32\dllcache\aclayers.dll -> [2010/01/13 10:22:10 | 000,471,552 | ---- | C] (Microsoft Corporation)
Randoms -> C:\Documents and Settings\Me\My Documents\Randoms -> [2010/01/11 18:46:49 | 000,000,000 | ---D | C]
Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2009/11/01 07:37:13 | 000,000,000 | ---D | M]
Google -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google -> [2009/04/19 11:57:28 | 000,000,000 | ---D | M]
Google -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Google -> [2009/03/12 23:25:30 | 000,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2008/11/25 11:04:48 | 000,000,000 | ---D | M]
PCHealth -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth -> [2008/03/19 11:23:34 | 000,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2007/12/02 21:30:20 | 000,000,000 | --SD | M]
Apple -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple -> [2007/08/31 10:22:00 | 000,000,000 | ---D | M]
Intel -> C:\Documents and Settings\NetworkService\Application Data\Intel -> [2007/08/06 07:08:00 | 000,000,000 | ---D | M]
Intel -> C:\Documents and Settings\LocalService\Application Data\Intel -> [2007/08/06 07:08:00 | 000,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2004/08/10 12:57:26 | 000,000,000 | --SD | M]
Implode.dll -> C:\WINDOWS\System32\Implode.dll -> [1996/11/18 01:00:00 | 000,018,944 | ---- | C] ( )
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
Code: [Select]
[Files/Folders - Modified Within 90 Days]
OTS.exe -> C:\Documents and Settings\Me\Desktop\OTS.exe -> [2010/03/17 00:20:46 | 000,637,952 | ---- | M] (OldTimer Tools)
nvModes.001 -> C:\WINDOWS\System32\nvModes.001 -> [2010/03/17 00:10:55 | 000,091,562 | ---- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/03/16 17:47:01 | 000,000,886 | ---- | M] ()
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010/03/16 17:17:00 | 000,436,778 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/03/16 17:17:00 | 000,378,878 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/03/16 17:17:00 | 000,052,450 | ---- | M] ()
MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2010/03/16 17:15:32 | 000,000,330 | -H-- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/03/16 17:12:40 | 000,000,882 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/03/16 17:12:36 | 000,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/03/16 17:12:24 | 000,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/03/16 17:12:15 | 2145,579,008 | -HS- | M] ()
NTUSER.DAT -> C:\Documents and Settings\Me\NTUSER.DAT -> [2010/03/16 17:11:39 | 005,767,168 | -H-- | M] ()
IconCache.db -> C:\Documents and Settings\Me\Local Settings\Application Data\IconCache.db -> [2010/03/16 17:11:23 | 006,291,456 | -H-- | M] ()
SystemLook.exe -> C:\Documents and Settings\Me\Desktop\SystemLook.exe -> [2010/03/16 14:24:49 | 000,100,908 | ---- | M] ()
radix_installer.zip -> C:\Documents and Settings\Me\Desktop\radix_installer.zip -> [2010/03/14 17:12:30 | 000,216,498 | ---- | M] ()
Beers.xlsx -> C:\Documents and Settings\Me\My Documents\Beers.xlsx -> [2010/03/10 00:23:47 | 000,013,345 | ---- | M] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/03/09 15:09:37 | 000,000,027 | ---- | M] ()
ComboFix.exe -> C:\Documents and Settings\Me\Desktop\ComboFix.exe -> [2010/03/09 14:58:05 | 003,884,919 | R--- | M] ()
d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/03/09 11:47:07 | 000,000,664 | ---- | M] ()
system.ini -> C:\WINDOWS\system.ini -> [2010/03/09 01:11:15 | 000,000,227 | ---- | M] ()
boot.ini -> C:\boot.ini -> [2010/03/09 01:05:02 | 000,000,281 | RHS- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/03/06 18:21:53 | 000,000,626 | ---- | M] ()
mbr.exe -> C:\Documents and Settings\Me\Desktop\mbr.exe -> [2010/03/06 18:16:29 | 000,077,312 | ---- | M] ()
Win32kDiag.exe -> C:\Documents and Settings\Me\Desktop\Win32kDiag.exe -> [2010/03/05 10:31:18 | 000,047,616 | ---- | M] ()
Cheetah-Anti-Rogue.zip -> C:\Documents and Settings\Me\Desktop\Cheetah-Anti-Rogue.zip -> [2010/03/05 01:41:14 | 000,013,251 | ---- | M] ()
CKScanner.exe -> C:\Documents and Settings\Me\Desktop\CKScanner.exe -> [2010/03/05 01:39:03 | 000,451,584 | ---- | M] ()
LockSearch.exe -> C:\Documents and Settings\Me\Desktop\LockSearch.exe -> [2010/03/05 01:36:58 | 000,032,653 | ---- | M] ()
Rooter.exe -> C:\Documents and Settings\Me\Desktop\Rooter.exe -> [2010/03/05 01:33:37 | 000,173,119 | ---- | M] (Eric_71)
AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/03/03 21:20:16 | 000,000,284 | ---- | M] ()
hosts.idx -> C:\WINDOWS\System32\drivers\etc\hosts.idx -> [2010/03/03 15:19:40 | 000,001,644 | ---- | M] ()
ntuser.ini -> C:\Documents and Settings\Me\ntuser.ini -> [2010/03/03 04:31:00 | 000,000,178 | -HS- | M] ()
March 1 Notes.docx -> C:\Documents and Settings\Me\My Documents\March 1 Notes.docx -> [2010/03/01 12:06:54 | 000,015,817 | ---- | M] ()
MpSigStub.exe -> C:\WINDOWS\System32\MpSigStub.exe -> [2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation)
Google SketchUp 7.lnk -> C:\Documents and Settings\All Users\Desktop\Google SketchUp 7.lnk -> [2010/02/14 15:18:19 | 000,001,762 | ---- | M] ()
Food.xlsx -> C:\Documents and Settings\Me\My Documents\Food.xlsx -> [2010/02/11 15:36:28 | 000,008,362 | ---- | M] ()
To Do.docx -> C:\Documents and Settings\Me\My Documents\To Do.docx -> [2010/02/10 11:47:55 | 000,011,054 | ---- | M] ()
Google Earth.lnk -> C:\Documents and Settings\All Users\Desktop\Google Earth.lnk -> [2010/02/06 21:44:58 | 000,001,915 | ---- | M] ()
90s.xlsx -> C:\Documents and Settings\Me\My Documents\90s.xlsx -> [2010/01/31 23:37:58 | 000,009,164 | ---- | M] ()
MPRE Admission Ticket.pdf -> C:\Documents and Settings\Me\My Documents\MPRE Admission Ticket.pdf -> [2010/01/31 20:41:15 | 000,019,559 | ---- | M] ()
nvModes.dat -> C:\WINDOWS\System32\nvModes.dat -> [2010/01/21 16:41:51 | 000,091,562 | ---- | M] ()
Spring 2010 Schedule.xlsx -> C:\Documents and Settings\Me\My Documents\Spring 2010 Schedule.xlsx -> [2010/01/19 02:40:58 | 000,009,823 | ---- | M] ()
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/01/07 17:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/01/07 17:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation)
wininet.dll -> C:\WINDOWS\System32\dllcache\wininet.dll -> [2010/01/05 05:00:29 | 000,832,512 | ---- | M] (Microsoft Corporation)
urlmon.dll -> C:\WINDOWS\System32\dllcache\urlmon.dll -> [2010/01/05 05:00:28 | 001,168,384 | ---- | M] (Microsoft Corporation)
mstime.dll -> C:\WINDOWS\System32\mstime.dll -> [2010/01/05 05:00:28 | 000,671,232 | ---- | M] (Microsoft Corporation)
mstime.dll -> C:\WINDOWS\System32\dllcache\mstime.dll -> [2010/01/05 05:00:28 | 000,671,232 | ---- | M] (Microsoft Corporation)
webcheck.dll -> C:\WINDOWS\System32\dllcache\webcheck.dll -> [2010/01/05 05:00:28 | 000,233,472 | ---- | M] (Microsoft Corporation)
url.dll -> C:\WINDOWS\System32\url.dll -> [2010/01/05 05:00:28 | 000,105,984 | ---- | M] (Microsoft Corporation)
url.dll -> C:\WINDOWS\System32\dllcache\url.dll -> [2010/01/05 05:00:28 | 000,105,984 | ---- | M] (Microsoft Corporation)
occache.dll -> C:\WINDOWS\System32\dllcache\occache.dll -> [2010/01/05 05:00:28 | 000,102,912 | ---- | M] (Microsoft Corporation)
pngfilt.dll -> C:\WINDOWS\System32\pngfilt.dll -> [2010/01/05 05:00:28 | 000,044,544 | ---- | M] (Microsoft Corporation)
pngfilt.dll -> C:\WINDOWS\System32\dllcache\pngfilt.dll -> [2010/01/05 05:00:28 | 000,044,544 | ---- | M] (Microsoft Corporation)
mshtmled.dll -> C:\WINDOWS\System32\dllcache\mshtmled.dll -> [2010/01/05 05:00:27 | 000,477,696 | ---- | M] (Microsoft Corporation)
msrating.dll -> C:\WINDOWS\System32\msrating.dll -> [2010/01/05 05:00:27 | 000,193,024 | ---- | M] (Microsoft Corporation)
msrating.dll -> C:\WINDOWS\System32\dllcache\msrating.dll -> [2010/01/05 05:00:27 | 000,193,024 | ---- | M] (Microsoft Corporation)
mshtml.dll -> C:\WINDOWS\System32\dllcache\mshtml.dll -> [2010/01/05 05:00:26 | 003,599,360 | ---- | M] (Microsoft Corporation)
msfeedsbs.dll -> C:\WINDOWS\System32\msfeedsbs.dll -> [2010/01/05 05:00:25 | 000,052,224 | ---- | M] (Microsoft Corporation)
msfeedsbs.dll -> C:\WINDOWS\System32\dllcache\msfeedsbs.dll -> [2010/01/05 05:00:25 | 000,052,224 | ---- | M] (Microsoft Corporation)
inetcpl.cpl -> C:\WINDOWS\System32\inetcpl.cpl -> [2010/01/05 05:00:24 | 001,830,912 | ---- | M] (Microsoft Corporation)
inetcpl.cpl -> C:\WINDOWS\System32\dllcache\inetcpl.cpl -> [2010/01/05 05:00:24 | 001,830,912 | ---- | M] (Microsoft Corporation)
msfeeds.dll -> C:\WINDOWS\System32\msfeeds.dll -> [2010/01/05 05:00:24 | 000,459,264 | ---- | M] (Microsoft Corporation)
msfeeds.dll -> C:\WINDOWS\System32\dllcache\msfeeds.dll -> [2010/01/05 05:00:24 | 000,459,264 | ---- | M] (Microsoft Corporation)
iertutil.dll -> C:\WINDOWS\System32\dllcache\iertutil.dll -> [2010/01/05 05:00:24 | 000,268,288 | ---- | M] (Microsoft Corporation)
iepeers.dll -> C:\WINDOWS\System32\iepeers.dll -> [2010/01/05 05:00:24 | 000,192,512 | ---- | M] (Microsoft Corporation)
iepeers.dll -> C:\WINDOWS\System32\dllcache\iepeers.dll -> [2010/01/05 05:00:24 | 000,192,512 | ---- | M] (Microsoft Corporation)
iernonce.dll -> C:\WINDOWS\System32\iernonce.dll -> [2010/01/05 05:00:24 | 000,044,544 | ---- | M] (Microsoft Corporation)
iernonce.dll -> C:\WINDOWS\System32\dllcache\iernonce.dll -> [2010/01/05 05:00:24 | 000,044,544 | ---- | M] (Microsoft Corporation)
jsproxy.dll -> C:\WINDOWS\System32\jsproxy.dll -> [2010/01/05 05:00:24 | 000,027,648 | ---- | M] (Microsoft Corporation)
jsproxy.dll -> C:\WINDOWS\System32\dllcache\jsproxy.dll -> [2010/01/05 05:00:24 | 000,027,648 | ---- | M] (Microsoft Corporation)
ieframe.dll -> C:\WINDOWS\System32\dllcache\ieframe.dll -> [2010/01/05 05:00:23 | 006,067,200 | ---- | M] (Microsoft Corporation)
iedkcs32.dll -> C:\WINDOWS\System32\iedkcs32.dll -> [2010/01/05 05:00:21 | 000,385,024 | ---- | M] (Microsoft Corporation)
iedkcs32.dll -> C:\WINDOWS\System32\dllcache\iedkcs32.dll -> [2010/01/05 05:00:21 | 000,385,024 | ---- | M] (Microsoft Corporation)
ieapfltr.dll -> C:\WINDOWS\System32\ieapfltr.dll -> [2010/01/05 05:00:21 | 000,380,928 | ---- | M] (Microsoft Corporation)
ieapfltr.dll -> C:\WINDOWS\System32\dllcache\ieapfltr.dll -> [2010/01/05 05:00:21 | 000,380,928 | ---- | M] (Microsoft Corporation)
ieaksie.dll -> C:\WINDOWS\System32\ieaksie.dll -> [2010/01/05 05:00:21 | 000,230,400 | ---- | M] (Microsoft Corporation)
ieaksie.dll -> C:\WINDOWS\System32\dllcache\ieaksie.dll -> [2010/01/05 05:00:21 | 000,230,400 | ---- | M] (Microsoft Corporation)
dxtrans.dll -> C:\WINDOWS\System32\dxtrans.dll -> [2010/01/05 05:00:21 | 000,214,528 | ---- | M] (Microsoft Corporation)
dxtrans.dll -> C:\WINDOWS\System32\dllcache\dxtrans.dll -> [2010/01/05 05:00:21 | 000,214,528 | ---- | M] (Microsoft Corporation)
ieakeng.dll -> C:\WINDOWS\System32\ieakeng.dll -> [2010/01/05 05:00:21 | 000,153,088 | ---- | M] (Microsoft Corporation)
ieakeng.dll -> C:\WINDOWS\System32\dllcache\ieakeng.dll -> [2010/01/05 05:00:21 | 000,153,088 | ---- | M] (Microsoft Corporation)
extmgr.dll -> C:\WINDOWS\System32\dllcache\extmgr.dll -> [2010/01/05 05:00:21 | 000,133,120 | ---- | M] (Microsoft Corporation)
ieencode.dll -> C:\WINDOWS\System32\ieencode.dll -> [2010/01/05 05:00:21 | 000,078,336 | ---- | M] (Microsoft Corporation)
ieencode.dll -> C:\WINDOWS\System32\dllcache\ieencode.dll -> [2010/01/05 05:00:21 | 000,078,336 | ---- | M] (Microsoft Corporation)
icardie.dll -> C:\WINDOWS\System32\dllcache\icardie.dll -> [2010/01/05 05:00:21 | 000,063,488 | ---- | M] (Microsoft Corporation)
dxtmsft.dll -> C:\WINDOWS\System32\dxtmsft.dll -> [2010/01/05 05:00:20 | 000,347,136 | ---- | M] (Microsoft Corporation)
dxtmsft.dll -> C:\WINDOWS\System32\dllcache\dxtmsft.dll -> [2010/01/05 05:00:20 | 000,347,136 | ---- | M] (Microsoft Corporation)
advpack.dll -> C:\WINDOWS\System32\dllcache\advpack.dll -> [2010/01/05 05:00:20 | 000,124,928 | ---- | M] (Microsoft Corporation)
corpol.dll -> C:\WINDOWS\System32\dllcache\corpol.dll -> [2010/01/05 05:00:20 | 000,017,408 | ---- | M] (Microsoft Corporation)
corpol.dll -> C:\WINDOWS\System32\corpol.dll -> [2010/01/05 05:00:20 | 000,017,408 | ---- | M] (Microsoft Corporation)
srv.sys -> C:\WINDOWS\System32\dllcache\srv.sys -> [2009/12/31 11:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation)
html.iec -> C:\WINDOWS\System32\html.iec -> [2009/12/31 10:33:27 | 000,389,120 | ---- | M] (Microsoft Corporation)
ie4uinit.exe -> C:\WINDOWS\System32\ie4uinit.exe -> [2009/12/31 10:33:06 | 000,070,656 | ---- | M] (Microsoft Corporation)
ie4uinit.exe -> C:\WINDOWS\System32\dllcache\ie4uinit.exe -> [2009/12/31 10:33:06 | 000,070,656 | ---- | M] (Microsoft Corporation)
ieudinit.exe -> C:\WINDOWS\System32\ieudinit.exe -> [2009/12/31 10:33:06 | 000,013,824 | ---- | M] (Microsoft Corporation)
ieudinit.exe -> C:\WINDOWS\System32\dllcache\ieudinit.exe -> [2009/12/31 10:33:06 | 000,013,824 | ---- | M] (Microsoft Corporation)
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/12/19 23:56:30 | 000,002,206 | ---- | M] ()
msrecovery.cfc -> C:\Documents and Settings\All Users\msrecovery.cfc -> [2009/12/18 12:19:14 | 000,000,034 | ---- | M] ()
iexplore.exe -> C:\WINDOWS\System32\dllcache\iexplore.exe -> [2009/12/18 08:05:43 | 000,634,648 | ---- | M] (Microsoft Corporation)
ieakui.dll -> C:\WINDOWS\System32\ieakui.dll -> [2009/12/18 08:04:09 | 000,161,792 | ---- | M] (Microsoft Corporation)
ieakui.dll -> C:\WINDOWS\System32\dllcache\ieakui.dll -> [2009/12/18 08:04:09 | 000,161,792 | ---- | M] (Microsoft Corporation)
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

[Files - No Company Name]
SystemLook.exe -> C:\Documents and Settings\Me\Desktop\SystemLook.exe -> [2010/03/16 14:24:48 | 000,100,908 | ---- | C] ()
radix_installer.zip -> C:\Documents and Settings\Me\Desktop\radix_installer.zip -> [2010/03/14 17:12:28 | 000,216,498 | ---- | C] ()
Boot.bak -> C:\Boot.bak -> [2010/03/09 01:05:02 | 000,000,211 | ---- | C] ()
cmldr -> C:\cmldr -> [2010/03/09 01:04:58 | 000,260,272 | ---- | C] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/03/09 01:02:35 | 000,261,632 | ---- | C] ()
sed.exe -> C:\WINDOWS\sed.exe -> [2010/03/09 01:02:35 | 000,098,816 | ---- | C] ()
grep.exe -> C:\WINDOWS\grep.exe -> [2010/03/09 01:02:35 | 000,080,412 | ---- | C] ()
MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/03/09 01:02:35 | 000,077,312 | ---- | C] ()
zip.exe -> C:\WINDOWS\zip.exe -> [2010/03/09 01:02:35 | 000,068,096 | ---- | C] ()
ComboFix.exe -> C:\Documents and Settings\Me\Desktop\ComboFix.exe -> [2010/03/09 00:56:36 | 003,884,919 | R--- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/03/06 18:21:53 | 000,000,626 | ---- | C] ()
mbr.exe -> C:\Documents and Settings\Me\Desktop\mbr.exe -> [2010/03/06 18:16:28 | 000,077,312 | ---- | C] ()
Win32kDiag.exe -> C:\Documents and Settings\Me\Desktop\Win32kDiag.exe -> [2010/03/05 10:31:17 | 000,047,616 | ---- | C] ()
Cheetah-Anti-Rogue.zip -> C:\Documents and Settings\Me\Desktop\Cheetah-Anti-Rogue.zip -> [2010/03/05 01:41:13 | 000,013,251 | ---- | C] ()
CKScanner.exe -> C:\Documents and Settings\Me\Desktop\CKScanner.exe -> [2010/03/05 01:39:02 | 000,451,584 | ---- | C] ()
LockSearch.exe -> C:\Documents and Settings\Me\Desktop\LockSearch.exe -> [2010/03/05 01:36:57 | 000,032,653 | ---- | C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/03/03 11:37:29 | 2145,579,008 | -HS- | C] ()
March 1 Notes.docx -> C:\Documents and Settings\Me\My Documents\March 1 Notes.docx -> [2010/03/01 12:06:54 | 000,015,817 | ---- | C] ()
Beers.xlsx -> C:\Documents and Settings\Me\My Documents\Beers.xlsx -> [2010/02/20 17:24:21 | 000,013,345 | ---- | C] ()
Google SketchUp 7.lnk -> C:\Documents and Settings\All Users\Desktop\Google SketchUp 7.lnk -> [2010/02/14 15:18:19 | 000,001,762 | ---- | C] ()
Food.xlsx -> C:\Documents and Settings\Me\My Documents\Food.xlsx -> [2010/02/11 15:36:28 | 000,008,362 | ---- | C] ()
Google Earth.lnk -> C:\Documents and Settings\All Users\Desktop\Google Earth.lnk -> [2010/02/06 21:44:58 | 000,001,915 | ---- | C] ()
90s.xlsx -> C:\Documents and Settings\Me\My Documents\90s.xlsx -> [2010/01/31 23:37:58 | 000,009,164 | ---- | C] ()
MPRE Admission Ticket.pdf -> C:\Documents and Settings\Me\My Documents\MPRE Admission Ticket.pdf -> [2010/01/31 20:41:15 | 000,019,559 | ---- | C] ()
Spring 2010 Schedule.xlsx -> C:\Documents and Settings\Me\My Documents\Spring 2010 Schedule.xlsx -> [2010/01/18 21:06:06 | 000,009,823 | ---- | C] ()
MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2007/12/12 19:39:28 | 000,000,127 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2007/08/06 07:15:47 | 000,000,061 | ---- | C] ()
_psisdecd.dll -> C:\WINDOWS\System32\_psisdecd.dll -> [2007/08/06 07:13:45 | 000,198,144 | ---- | C] ()
rixdicon.dll -> C:\WINDOWS\System32\rixdicon.dll -> [2007/08/06 06:45:55 | 000,016,480 | ---- | C] ()
nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2007/08/06 06:45:17 | 001,703,936 | ---- | C] ()
nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2007/08/06 06:45:17 | 001,019,904 | ---- | C] ()
nview.dll -> C:\WINDOWS\System32\nview.dll -> [2007/08/06 06:45:16 | 001,474,560 | ---- | C] ()
nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2007/08/06 06:45:16 | 000,466,944 | ---- | C] ()
OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2007/08/06 06:44:15 | 000,001,118 | ---- | C] ()
ESxUtil.dll -> C:\WINDOWS\System32\ESxUtil.dll -> [2005/08/10 11:56:00 | 000,028,672 | ---- | C] ()
orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/08/10 13:12:05 | 000,000,780 | ---- | C] ()
fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2004/08/10 13:01:18 | 000,001,793 | ---- | C] ()
Co2c40en.dll -> C:\WINDOWS\System32\Co2c40en.dll -> [1996/11/18 01:00:00 | 000,748,160 | ---- | C] ()
P2sodbc.dll -> C:\WINDOWS\System32\P2sodbc.dll -> [1996/11/18 01:00:00 | 000,131,072 | ---- | C] ()
P2irdao.dll -> C:\WINDOWS\System32\P2irdao.dll -> [1996/11/18 01:00:00 | 000,054,272 | ---- | C] ()
P2ctdao.dll -> C:\WINDOWS\System32\P2ctdao.dll -> [1996/11/18 01:00:00 | 000,050,176 | ---- | C] ()
P2bbnd.dll -> C:\WINDOWS\System32\P2bbnd.dll -> [1996/11/18 01:00:00 | 000,036,352 | ---- | C] ()
fxtls432.dll -> C:\WINDOWS\System32\fxtls432.dll -> [1996/05/25 17:00:00 | 000,107,008 | ---- | C] ()

[File - Lop Check]
Examsoft -> C:\Documents and Settings\All Users\Application Data\Examsoft -> [2009/12/18 12:19:14 | 000,000,000 | ---D | M]
OnlineArmor -> C:\Documents and Settings\All Users\Application Data\OnlineArmor -> [2010/03/03 15:39:38 | 000,000,000 | ---D | M]
Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2007/10/07 11:03:45 | 000,000,000 | ---D | M]
{755AC846-7372-4AC8-8550-C52491DAA8BD} -> C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} -> [2009/11/03 16:36:26 | 000,000,000 | ---D | M]
{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> [2009/07/09 00:17:03 | 000,000,000 | ---D | M]
acccore -> C:\Documents and Settings\Me\Application Data\acccore -> [2007/08/31 16:22:54 | 000,000,000 | ---D | M]
OnlineArmor -> C:\Documents and Settings\Me\Application Data\OnlineArmor -> [2010/03/09 16:21:57 | 000,000,000 | ---D | M]
tmp -> C:\Documents and Settings\Me\Application Data\tmp -> [2009/09/15 13:37:51 | 000,000,000 | ---D | M]
Viewpoint -> C:\Documents and Settings\Me\Application Data\Viewpoint -> [2007/10/07 11:03:47 | 000,000,000 | ---D | M]
MP Scheduled Scan.job -> C:\WINDOWS\Tasks\MP Scheduled Scan.job -> [2010/03/16 17:15:32 | 000,000,330 | -H-- | M] ()

[File - Purity Scan]

< End of report >
This should get rid of those entries at startup.

Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    Quote
    Registry::
    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "khefdadrv"=-
    "vtttstsys"=-
  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.
ComboFix 10-03-20.01 - Me 03/20/2010 22:23:18.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1405 [GMT -5:00]
Running from: c:\documents and settings\Me\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Me\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((( Files Created from 2010-02-21 to 2010-03-21 )))))))))))))))))))))))))))))))
.

2010-03-10 22:13 . 2009-10-23 15:283558912------w-c:\windows\system32\dllcache\moviemk.exe
2010-03-05 06:36 . 2010-03-05 06:36--------d-----w-C:\Rooter$
2010-03-04 03:21 . 2010-03-06 23:21--------d-----w-c:\program files\MalwareBytes
2010-03-03 23:07 . 2010-03-03 23:0761440----a-w-c:\documents and settings\Me\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-19b5e70a-n\decora-sse.dll
2010-03-03 23:07 . 2010-03-03 23:07503808----a-w-c:\documents and settings\Me\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54eb42d2-n\msvcp71.dll
2010-03-03 23:07 . 2010-03-03 23:07499712----a-w-c:\documents and settings\Me\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54eb42d2-n\jmc.dll
2010-03-03 23:07 . 2010-03-03 23:07348160----a-w-c:\documents and settings\Me\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54eb42d2-n\msvcr71.dll
2010-03-03 23:07 . 2010-03-03 23:0712800----a-w-c:\documents and settings\Me\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-19b5e70a-n\decora-d3d.dll
2010-03-03 23:07 . 2010-03-03 23:06411368----a-w-c:\windows\system32\deploytk.dll
2010-03-03 21:01 . 2010-03-03 21:0152224----a-w-c:\documents and settings\Me\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-03 21:01 . 2010-03-03 21:01117760----a-w-c:\documents and settings\Me\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-03 21:00 . 2010-03-03 21:00--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-03 20:59 . 2010-03-03 20:59--------d-----w-c:\program files\SUPERAntiSpyware
2010-03-03 20:59 . 2010-03-03 20:59--------d-----w-c:\documents and settings\Me\Application Data\SUPERAntiSpyware.com
2010-03-03 20:19 . 2010-03-09 21:21--------d-----w-c:\documents and settings\Me\Application Data\OnlineArmor
2010-03-03 20:19 . 2010-03-03 20:39--------d-----w-c:\documents and settings\All Users\Application Data\OnlineArmor
2010-03-03 20:18 . 2009-12-05 13:2824656----a-w-c:\windows\system32\drivers\OAmon.sys
2010-03-03 20:18 . 2009-12-05 13:2729776----a-w-c:\windows\system32\drivers\OAnet.sys
2010-03-03 20:18 . 2009-12-05 13:27223312----a-w-c:\windows\system32\drivers\OADriver.sys
2010-03-03 20:18 . 2010-03-03 20:18--------d-----w-c:\program files\Tall Emu
2010-03-03 17:49 . 2010-03-03 17:49--------d-----w-c:\program files\CCleaner
2010-03-03 02:30 . 2009-11-25 17:1956816----a-w-c:\windows\system32\drivers\avgntflt.sys
2010-03-03 02:30 . 2009-03-30 15:3396104----a-w-c:\windows\system32\drivers\avipbb.sys
2010-03-03 02:30 . 2009-02-13 17:2922360----a-w-c:\windows\system32\drivers\avgntmgr.sys
2010-03-03 02:30 . 2009-02-13 17:1745416----a-w-c:\windows\system32\drivers\avgntdd.sys
2010-03-03 02:30 . 2010-03-03 02:30--------d-----w-c:\program files\Avira
2010-03-03 02:30 . 2010-03-03 02:30--------d-----w-c:\documents and settings\All Users\Application Data\Avira
2010-03-03 02:01 . 2010-03-03 22:58--------d-----w-c:\program files\mapp
2010-03-03 01:28 . 2010-03-03 01:28--------d-----w-c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-11 18:19 . 2007-08-14 01:57--------d-----w-c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-09 16:47 . 2008-03-09 01:17664----a-w-c:\windows\system32\d3d9caps.dat
2010-03-07 16:41 . 2008-08-26 20:16--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2010-03-03 23:12 . 2007-08-06 12:04--------d-----w-c:\program files\Java
2010-03-03 23:07 . 2007-08-06 12:04--------d-----w-c:\program files\Common Files\Java
2010-03-03 20:58 . 2007-12-03 02:29--------d-----w-c:\program files\Common Files\Wise Installation Wizard
2010-03-03 17:55 . 2007-12-03 05:11--------d-----w-c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-24 15:16 . 2009-10-03 18:26181632------w-c:\windows\system32\MpSigStub.exe
2010-02-14 20:18 . 2007-08-14 02:23--------d-----w-c:\program files\Google
2010-01-21 21:41 . 2007-08-06 11:5191562----a-w-c:\windows\system32\nvModes.dat
2010-01-21 13:54 . 2009-06-02 04:54--------d-----w-c:\program files\Microsoft Silverlight
2010-01-15 00:11 . 2008-09-19 02:315115824----a-w-c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 22:07 . 2008-08-26 20:1638224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2008-08-26 20:1619160----a-w-c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00 . 2004-08-10 17:51832512------w-c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-10 17:5178336----a-w-c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-10 17:5017408------w-c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-10 17:51353792----a-w-c:\windows\system32\drivers\srv.sys
2009-06-09 16:29 . 2009-06-09 16:20724952----a-w-c:\program files\avenger.zip
2008-08-27 16:50 . 2008-08-27 16:501495112----a-w-c:\program files\install_flash_player.exe
2008-08-26 21:07 . 2008-08-26 20:447499056----a-w-c:\program files\Firefox Setup 3.0.1.exe
2008-08-12 23:14 . 2008-08-12 23:142367160----a-w-c:\program files\LinksysWebConnectPC.exe
2008-07-06 20:16 . 2008-07-06 20:169390251----a-w-c:\program files\vlc-0.8.6h-win32.exe
2008-01-04 03:10 . 2008-01-04 03:1013413048----a-w-c:\program files\Google_Earth_BZXD.exe
2007-08-30 12:08 . 2007-08-30 12:08238450----a-w-c:\program files\SecureW2_2kXP.exe
2007-08-27 12:43 . 2007-08-27 12:4350009400----a-w-c:\program files\iTunesSetup.exe
2007-08-06 12:09 . 2007-08-06 12:0976--sh--r-c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((( [emailprotected]_06.11.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-16 22:12 . 2010-03-16 22:1216384 c:\windows\temp\Perflib_Perfdata_704.dat
- 2007-08-06 12:13 . 2009-05-26 11:4017272 c:\windows\system32\spmsg.dll
+ 2007-08-06 12:13 . 2008-07-08 13:0217272 c:\windows\system32\spmsg.dll
+ 2004-08-10 17:51 . 2010-03-16 22:1752450 c:\windows\system32\perfc009.dat
- 2004-08-10 17:51 . 2010-03-03 22:5552450 c:\windows\system32\perfc009.dat
+ 2010-03-19 13:47 . 2010-03-19 13:4722528 c:\windows\Installer\da57593.msi
- 2007-08-14 02:02 . 2010-02-10 16:3435088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-08-14 02:02 . 2010-03-11 18:1835088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-08-14 02:02 . 2010-03-11 18:1818704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-08-14 02:02 . 2010-02-10 16:3418704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-08-14 02:02 . 2010-02-10 16:3420240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-08-14 02:02 . 2010-03-11 18:1820240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2004-08-10 17:51 . 2010-03-03 22:55378878 c:\windows\system32\perfh009.dat
+ 2004-08-10 17:51 . 2010-03-16 22:17378878 c:\windows\system32\perfh009.dat
+ 2007-08-14 02:02 . 2010-03-11 18:18888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-08-14 02:02 . 2010-02-10 16:34888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-08-14 02:02 . 2010-02-10 16:34272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2007-08-14 02:02 . 2010-02-10 16:34922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2007-08-14 02:02 . 2010-02-10 16:34845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2007-08-14 02:02 . 2010-02-10 16:34217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2007-08-14 02:02 . 2010-02-10 16:34184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2007-08-14 02:02 . 2010-02-10 16:34159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-02-04 23:24 . 2010-02-04 23:249122304 c:\windows\Installer\7f458d0.msp
+ 2010-02-21 07:00 . 2010-02-21 07:008480768 c:\windows\Installer\7f458ba.msp
+ 2010-02-04 06:59 . 2010-02-04 06:595031936 c:\windows\Installer\7f458a4.msp
- 2007-08-14 02:02 . 2010-02-10 16:341172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-08-14 02:02 . 2010-03-11 18:181172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-08-14 02:02 . 2010-02-10 16:341165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2007-08-14 02:02 . 2010-03-11 18:181165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2007-12-05 05:54 . 2010-03-02 05:3031648712 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-22 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"nwiz"="nwiz.exe" [2007-06-06 1626112]
"NVHotkey"="nvHotkey.dll" [2007-06-06 67584]
"NvMediaCenter"="NvMCTray.dll" [2007-06-06 81920]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-6 50688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21548352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DELL\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\ExamSoft\\SofTest\\SoftLnch.exe"= c:\\Program Files\\ExamSoft\\SoftLnch.exe
"c:\\Program Files\\ExamSoft\\SofTest\\softest.exe"= c:\\Program Files\\ExamSoft\\SofTest.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [3/3/2010 3:18 PM 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [3/3/2010 3:18 PM 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [3/3/2010 3:18 PM 29776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/2/2010 9:30 PM 108289]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [3/3/2010 3:18 PM 1282248]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S2 gupdate1c9a393ba0b99a0;Google Update Service (gupdate1c9a393ba0b99a0);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2009 11:25 PM 133104]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [3/3/2010 3:18 PM 3291336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
.
Contents of the 'Scheduled Tasks' folder

2010-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 04:25]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 04:25]

2010-03-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Me\Application Data\Mozilla\Firefox\Profiles\xs21qfhi.default\
FF - prefs.js: browser.startup.homepage - hxxp://law.wustl.edu/
FF - plugin: c:\documents and settings\Me\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-awurstdrv - rqrstu.dll
HKLM-Run-hgfcdasys - jkhfde.dll



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\¬ *·*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2492)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-03-20 22:30:17
ComboFix-quarantined-files.txt 2010-03-21 03:30
ComboFix2.txt 2010-03-09 06:13

Pre-Run: 85,792,276,480 bytes free
Post-Run: 85,824,356,352 bytes free

- - End Of File - - D12FB91C67DA83F2C61211706535D38B
Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
[emailprotected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=018ad093406da747a08d41abf6095aaa
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-23 06:07:31
# local_time=2010-03-23 01:07:31 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775141 100 94 0 41032469 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=6401 16777214 66 100 0 8381936 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=60838
# found=4
# cleaned=4
# scan_time=3300
C:\Qoobox\Quarantine\C\WINDOWS\system32\jkhfde.dll.vira variant of Win32/Kryptik.CUN trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\Qoobox\Quarantine\C\WINDOWS\system32\rqrstu.dll.vira variant of Win32/Kryptik.CUN trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP684\A0072083.dlla variant of Win32/Kryptik.CUN trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP684\A0072084.dlla variant of Win32/Kryptik.CUN trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.Malwarebytes' Anti-Malware 1.44
Database version: 3913
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

3/25/2010 12:10:04 PM
mbam-log-2010-03-25 (12-10-04).txt

Scan type: Quick Scan
Objects scanned: 129368
Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done
To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Results of screen317's Security Check version 0.99.2
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
Online Armor 4.0
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date Spybot installed!
Ad-Aware
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 18
Adobe Flash Player 10
Adobe Reader 7.0.8
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Tall Emu Online Armor OAcat.exe
Windows Defender MsMpEng.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

====================================================

See this page for more info about malware and prevention.

Any more questions?All done. If there's nothing else, I don't think I have any more questions. Sorry this took so long; didn't have time to check up on the progress of this very often. You've been patient and helpful throughout.

Thanks.You're welcome.Since this appears to be resolved, this topic is now closed. Glad we could help!

=>CLOSED
Discussion
166.

Solve : Kaspersky Malicious URL Blocked -- Windows Explorer Shuts Down?

Answer»

Just recently I have started receiving messages from Kaspersky indicating they have blocked a malicious URL from loading.

The message reads:

C:\\Windows\Explorer.Exe (PID:5084): Loading Object http:/...?worker.php?action=get%5Fscript%5Fhash...containing malicious URL
hXXp://76.191.112.2/scripts/worker.php?action=get %5F scrips %5hash&AMP;ver=1.1


Shortly afterwards, Windows Explorer shuts down and they restarts. This cycle repeats itself continuously.

I have conducted full scans using Kaspersky, Malewyrebytes, and Super-Antispyware, none of which detected anything.

A scan using Combofix did find and delete a dll called devil and the problem was remedied until the computer was REBOOTED at which point the issues recommenced.

Your help would be greatly appreciated.

<Mod Edit> - Malicious IP munged. Please do not intentionally post live links that are infected.76.191.112.2 is a dangerous IP addresses such as:

- Attackers who try to spy or remotely control others' computers by means such Microsoft remote terminal, SSH, Telnet or shared desktops.
- Threats for email servers or users: spiders/bots, account hijacking, etc.
- Sites spreading virus, trojans, spyware, etc. or just being used by them to let their authors know that a new computer has been infected.
- Threats for servers: exploits, fake identities/agents, DDoS attackers, etc.
- Port scans, which are the first step towards more dangerous actions.
- Malicious P2P sharers or bad peers who spread malware, inject bad traffic or share fake archives.

http://www.mywot.com/en/scorecard/76.191.112.2

Can you post the ComboFix log please. It can be found in C:\combofix.txtComboFix 12-05-26.02 - Peter 05/26/2012 7:42.9.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2814.1857 [GMT -4:00]
Running from: c:\users\Peter\Downloads\ComboFix2.exe
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\11335636341.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-26 to 2012-05-26 )))))))))))))))))))))))))))))))
.
.
2012-05-26 11:54 . 2012-05-26 11:54--------d-----w-c:\users\Peter\AppData\Local\temp
2012-05-26 11:54 . 2012-05-26 11:54--------d-----w-c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-05-26 11:54 . 2012-05-26 11:54--------d-----w-c:\users\Public\AppData\Local\temp
2012-05-26 11:54 . 2012-05-26 11:54--------d-----w-c:\users\Default\AppData\Local\temp
2012-05-25 12:00 . 2012-05-25 12:20--------d-----w-C:\ComboFix2
2012-05-25 11:16 . 2012-05-08 16:406737808----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{A98B41E2-3CD0-436E-857D-6C3F85B85985}\mpengine.dll
2012-05-17 11:42 . 2012-05-17 11:42--------d-----w-c:\programdata\RemoteAutomator
2012-05-17 11:42 . 2012-05-17 11:42--------d-----w-c:\program files\RemoteAutomator
2012-05-09 21:01 . 2012-03-30 10:231291632----a-w-c:\windows\system32\drivers\tcpip.sys
2012-05-09 21:01 . 2012-03-31 04:29936960----a-w-c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 21:01 . 2012-03-31 04:301221632----a-w-c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 21:01 . 2012-03-31 04:29989184----a-w-c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 21:01 . 2012-03-31 04:29969216----a-w-c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 21:01 . 2012-03-31 04:393968368----a-w-c:\windows\system32\ntkrnlpa.exe
2012-05-09 21:01 . 2012-03-31 04:393913072----a-w-c:\windows\system32\ntoskrnl.exe
2012-05-09 21:01 . 2012-03-31 02:362343424----a-w-c:\windows\system32\win32k.sys
2012-05-09 21:01 . 2012-03-17 07:2756176----a-w-c:\windows\system32\drivers\partmgr.sys
2012-05-09 21:00 . 2012-03-03 05:311077248----a-w-c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 10:39 . 2012-03-29 22:59419488----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-05-05 10:39 . 2011-05-13 13:0870304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-09 00:21 . 2010-08-16 11:32472808----a-w-c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2010-12-03 22:1922344----a-w-c:\windows\system32\drivers\mbam.sys
2012-03-26 14:00 . 2012-04-13 11:20112056----a-w-c:\windows\system32\acaptuser32.dll
2012-03-01 05:46 . 2012-04-13 01:1719824----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-13 01:17172544----a-w-c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-13 01:17159232----a-w-c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-13 01:175120----a-w-c:\windows\system32\wmi.dll
2012-02-28 01:18 . 2012-04-13 01:291799168----a-w-c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-13 01:291427456----a-w-c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-13 01:291127424----a-w-c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-13 01:292382848----a-w-c:\windows\system32\mshtml.tlb
2011-02-27 00:14 . 2011-02-27 00:147808600----a-w-c:\program files\PowerPack3.exe
2011-02-27 00:13 . 2011-02-27 00:135404768----a-w-c:\program files\RegCleaner603.exe
2010-08-19 16:59 . 2010-08-19 16:59197632----a-w-c:\program files\Common Files\OnlineFilesManager.dll
2012-04-25 16:31 . 2011-03-24 10:5997208----a-w-c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{64d23501-5195-4224-9446-e2b0fb64e859}"= "c:\program files\HiGames\tbHiGa.dll" [2009-10-27 2325528]
.
[HKEY_CLASSES_ROOT\clsid\{64d23501-5195-4224-9446-e2b0fb64e859}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64d23501-5195-4224-9446-e2b0fb64e859}]
2009-10-27 15:452325528----a-w-c:\program files\HiGames\tbHiGa.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{64d23501-5195-4224-9446-e2b0fb64e859}"= "c:\program files\HiGames\tbHiGa.dll" [2009-10-27 2325528]
"{583F8E79-0A89-4EBA-9DE2-479E57F64506}"= "c:\users\Peter\Documents\AP_Rewards_AutoEARN\aanpb.dll" [2010-04-26 333192]
.
[HKEY_CLASSES_ROOT\clsid\{64d23501-5195-4224-9446-e2b0fb64e859}]
.
[HKEY_CLASSES_ROOT\clsid\{583f8e79-0a89-4eba-9de2-479e57f64506}]
[HKEY_CLASSES_ROOT\Loader.MToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{E6BDE3C5-7B88-43b4-AB35-8EEEAB2CED76}]
[HKEY_CLASSES_ROOT\Loader.MToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Online Files]
@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"
[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]
2010-08-19 16:59197632----a-w-c:\program files\Common Files\OnlineFilesManager.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2012-02-01 2918224]
"aanpm"="c:\users\Peter\Documents\AP_Rewards_AutoEARN\aanpt.exe" [2010-04-26 574856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-02-23 740216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-06 7703072]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-08-06 3575808]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-28 1130504]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2009-07-21 421888]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2011-03-21 340520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files\NoMoreTime\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SYNND RemoteAutomator.lnk - c:\program files\RemoteAutomator\AppStart.exe [2012-5-17 28480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2009-06-26 17:05568072----a-w-c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CaptureWiz.lnk]
path=
backup=c:\windows\pss\CaptureWiz.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aanpm]
2010-04-26 23:10574856----a-w-c:\users\Peter\Documents\AP_Rewards_AutoEARN\aanpt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:2859240----a-w-c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:081259376----a-w-c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2011-07-28 13:101406824----a-w-c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05421736----a-w-c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56462408----a-w-c:\program files\NoMoreTime\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-04-04 19:56981680----a-w-c:\program files\NoMoreTime\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 16:3059240----a-w-c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36421888----a-w-c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-01-13 15:412424560----a-w-c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2010-11-24 20:261233856----a-w-c:\program files\Trojan Remover\Trjscan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-02-23 11:11740216----a-w-c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Free]
2010-08-08 01:405324800----a-w-c:\program files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SABKUTIL;SABKUTIL;c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys


R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-19 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-11 24576]
R4 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
R4 gupdate;GOOGLE Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-08-06 3453440]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-15 36880]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 MBAMService;MBAMService;c:\program files\NoMoreTime\mbamservice.exe [2012-04-04 654408]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2009-05-07 52128]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2009-05-07 42144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 27320]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonationREG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
HsfXAudioServiceREG_MULTI_SZ HsfXAudioService
HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:39]
.
2012-05-26 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-06-29 17:37]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mls.gsmls.com/member/index.jsp
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E8231A03-DFF0-4AB2-A7B4-7FC36769BFC9}: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} - hxxp://www2.stlu.com/plugins/Plugin0501.0125/streetnoagent7.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://msx.mlxchange.com/5.5.07.24643/Control/IRCSharc.cab
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\m4fqy7os.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-26 07:58:06
ComboFix-quarantined-files.txt 2012-05-26 11:58
ComboFix2.txt 2012-05-26 11:04
ComboFix3.txt 2012-05-25 12:20
ComboFix4.txt 2011-08-05 13:31
ComboFix5.txt 2012-05-26 11:40
.
Pre-Run: 58,943,561,728 bytes free
Post-Run: 58,867,740,672 bytes free
.
- - End Of File - - 535A778FB9CA6625142A2E97D153F3BC
Are you able to get online with the computer?

If so:

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan LogSorry for the delay but I was only recently able to run a full scan online.

Thanks for your patience.


C:\Users\Peter\AppData\Local\temp\hdF7B7.tmpprobably unknown NewHeur_PE virus

ComboFix- be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure to save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.

When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

----------

Download DDS from |HERE| or |HERE| and save it to your desktop.

Vista and Windows 7 users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

----------

Please add all 3 logs in the next reply..
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Peter at 19:27:42 on 2012-05-31
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2814.1737 [GMT -4:00]
.
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\Acer Bio Protection\CompPtcVUI.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\Dwm.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Windows\system32\taskhost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer Bio Protection\PdtWzd.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TechSmith\Jing\Jing.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mls.gsmls.com/member/index.jsp/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 : {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
uRun: [Jing] c:\program files\techsmith\jing\Jing.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [VitaKeyPdtWzd] "c:\program files\acer bio protection\PdtWzd.exe"
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\peter\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer bio protection\PwdBank.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{CA7B98B4-C4D7-4F55-B82D-B7BDC61C4E3F} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{CA7B98B4-C4D7-4F55-B82D-B7BDC61C4E3F}\05E4A405 : DhcpNameServer = 192.168.126.1
TCP: Interfaces\{CA7B98B4-C4D7-4F55-B82D-B7BDC61C4E3F}\07E6A607 : DhcpNameServer = 192.168.126.1
TCP: Interfaces\{CA7B98B4-C4D7-4F55-B82D-B7BDC61C4E3F}\876696E696479777966696 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E8231A03-DFF0-4AB2-A7B4-7FC36769BFC9} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: spba - c:\program files\common files\spba\homefus2.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\peter\appdata\roaming\mozilla\firefox\profiles\m4fqy7os.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstm32.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-10-23 176128]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-5-31 260648]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2009-5-7 52128]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2009-5-7 42144]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-10-23 27320]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-10-20 340520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 257696]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-10-23 29472]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 129976]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-20 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-19 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S4 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-10-6 24576]
S4 Greg_Service;GRegService;c:\program files\acer\registration\GregHSRW.exe [2009-8-28 1150496]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-17 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-17 135664]
S4 IGBASVC;EgisTec Service;c:\program files\acer bio protection\BASVC.exe [2009-8-5 3453440]
S4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2009-6-17 50432]
S4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2009-6-17 144640]
S4 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-10-23 253952]
S4 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2009-9-24 240160]
.
=============== Created Last 30 ================
.
2012-05-31 23:15:27--------d-----w-c:\users\peter\appdata\local\temp
2012-05-31 23:15:26--------d-sh--w-C:\$RECYCLE.BIN
2012-05-31 22:57:08--------d-----w-C:\ComboFix
2012-05-31 16:43:16208896----a-w-c:\windows\MBR.exe
2012-05-31 16:43:1598816----a-w-c:\windows\sed.exe
2012-05-31 16:43:15518144----a-w-c:\windows\SWREG.exe
2012-05-31 16:43:15256000----a-w-c:\windows\PEV.exe
2012-05-29 14:24:12--------d-----w-c:\users\peter\appdata\roaming\SUPERAntiSpyware.com
2012-05-29 14:23:51--------d-----w-c:\program files\SUPERAntiSpyware
2012-05-29 11:22:536737808----a-w-c:\programdata\microsoft\windows defender\definition updates\{2bae9a0a-5c89-43b5-be19-958e7a4bc1dc}\mpengine.dll
2012-05-28 17:11:10--------d-----w-C:\sh4ldr
2012-05-28 17:09:44--------d-----w-c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
2012-05-26 23:36:01--------d-----w-c:\program files\Trend Micro
2012-05-26 22:29:48--------d-----w-c:\program files\Oracle
2012-05-26 22:28:28772504----a-w-c:\windows\system32\npDeployJava1.dll
2012-05-26 14:21:59--------d-----w-C:\ComboFix29460C
2012-05-26 11:40:37--------d-----w-C:\ComboFix29482C
2012-05-26 11:34:12--------d-----w-C:\ComboFix231802C
2012-05-26 10:47:26--------d-----w-C:\ComboFix21380C
2012-05-25 12:00:58--------d-----w-C:\ComboFix2
2012-05-17 11:42:16--------d-----w-c:\programdata\RemoteAutomator
2012-05-17 11:42:16--------d-----w-c:\program files\RemoteAutomator
2012-05-09 21:01:251291632----a-w-c:\windows\system32\drivers\tcpip.sys
2012-05-09 21:01:19936960----a-w-c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-09 21:01:181221632----a-w-c:\program files\windows journal\NBDoc.DLL
2012-05-09 21:01:17989184----a-w-c:\program files\windows journal\JNTFiltr.dll
2012-05-09 21:01:17969216----a-w-c:\program files\windows journal\JNWDRV.dll
2012-05-09 21:01:093968368----a-w-c:\windows\system32\ntkrnlpa.exe
2012-05-09 21:01:083913072----a-w-c:\windows\system32\ntoskrnl.exe
2012-05-09 21:01:082343424----a-w-c:\windows\system32\win32k.sys
2012-05-09 21:01:0056176----a-w-c:\windows\system32\drivers\partmgr.sys
2012-05-09 21:00:591077248----a-w-c:\windows\system32\DWrite.dll
.
==================== Find3M ====================
.
2012-05-05 10:39:0970304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 10:39:09419488----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-04-04 22:47:02687504----a-w-c:\windows\system32\deployJava1.dll
2012-03-26 14:00:41112056----a-w-c:\windows\system32\acaptuser32.dll
2011-02-27 00:14:397808600----a-w-c:\program files\PowerPack3.exe
2011-02-27 00:13:205404768----a-w-c:\program files\RegCleaner603.exe
2010-08-19 16:59:19197632----a-w-c:\program files\common files\OnlineFilesManager.dll
.
============= FINISH: 19:29:06.27 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/17/2010 9:06:52 PM
System Uptime: 5/31/2012 7:19:52 PM (0 hours ago)
.
Motherboard: Acer | | Olan
Processor: AMD Athlon(tm) X2 Dual-Core QL-65 | Socket S1G2 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 70.599 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SABKUTIL
Device ID: ROOT\LEGACY_SABKUTIL\0000
Manufacturer:
Name: SABKUTIL
PNP Device ID: ROOT\LEGACY_SABKUTIL\0000
Service: SABKUTIL
.
==== System Restore Points ===================
.
RP535: 5/31/2012 8:17:35 AM - New
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
32 Bit HP CIO Components Installer
7-Zip 9.20
Able2Extract Professional v5.0
AC3Filter ACM AC3/DTS codec (remove only)
Acer Assist
Acer Bio Protection
Acer Crystal Eye Webcam
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer GridVista
Acer Registration
Acer ScreenSaver
Acer Updater
Acer VCM
Acrobat.com
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Allok Video Joiner 4.0.1019
AMD USB Filter Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Bonjour
Broadcom Gigabit Integrated Controller
Business Contact Manager for Outlook 2007 SP2
CamStudio
Camtasia Studio 7
CaptureWizPro 4.30
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDex - Open Source Digital Audio CD Extractor
CuratorUtilities
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirectVobSub (remove only)
DivX Setup
Dropbox
DVD Flick 1.3.0.7
Easy Video Joiner 5.21
Elite Proxy Switcher 1.10
Email Verifier
Encoder
eSobi v2
EZ MPEG TO AVI Converter 3.00
FastStone Image Viewer 4.2
Final Media Player 2010
Fingerprint Solution
Free Mp3 Wma Converter V 1.9
Free Video to MP3 Converter VERSION 4.0
Free YouTube to MP3 Converter version 3.10.15.1228
Garmin Lifetime Updater
GIMP 2.6.11
Google Update Helper
GoToMeeting 5.1.0.880
HandBrake 0.9.5
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
HP Color LaserJet 3600 (02/27/2007 61.063.461.41)
iCloud
Identity Card
ImgBurn
InterVideo WinDVD 8
iTunes
IZArc 4.1.2
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 7 Update 4
JavaFX 2.1.0
Jing
Junk Mail filter update
K-Lite Codec Pack 6.3.0 (Basic)
Kaspersky Anti-Virus 2010
Kyocera Product Library
LameXP
Learn.com Player (Uninstall Only)
LockHunter version 1.0 beta 3, 32 bit edition
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Edition 2003
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft PowerPoint 2010
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ Run Time Lib Setup
mkv2vob
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NTI Shadow
O2Micro Flash Memory Card Reader Driver
OGA Notifier 2.0.0048.0
OJOsoft DVD AVI Converter Suite
OJOsoft MKV Converter
OJOsoft Total Video Converter
PageOne Curator
Photozig Albums 1.0
QuickTime
Real Alternative 2.0.2
Realtek High Definition Audio Driver
RER Video Converter
Safari
save2pc Light 4.14
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
SEO SpyGlass
SliQ Submitter Plus
SPBA 5.8
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
TextPad 5
The Ultimate Troubleshooter
ToolkitCMA
TOP YouTube Downloader V1.0.0
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Video mp3 Extractor
VLC media player 1.1.4
Voxware Audio decoder 1.6
Welcome Center
WIDCOMM Bluetooth Software
Win7codecs
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
WinZip 14.5
Wisdom-soft Set up ScreenHunter 5.1 Free
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
5/31/2012 7:22:56 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
5/31/2012 7:21:21 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/31/2012 7:20:31 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL
5/31/2012 7:11:47 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/30/2012 2:14:54 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
5/29/2012 9:05:49 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
5/29/2012 4:28:03 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.104, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
5/28/2012 9:21:15 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer USER-01D72DB4B8 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CA7B98B4-C4D7-4F55-B82D-B7. The master browser is stopping or an election is being forced.
5/26/2012 7:44:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x000000ff, 0x00000008, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052612-26676-01.
5/26/2012 7:29:17 AM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
ComboFix 12-05-31.02 - Peter 05/31/2012 18:58:35.13.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2814.1741 [GMT -4:00]
Running from: c:\users\Peter\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-31 )))))))))))))))))))))))))))))))
.
.
2012-05-31 23:11 . 2012-05-31 23:11--------d-----w-c:\users\Peter\AppData\Local\temp
2012-05-31 23:11 . 2012-05-31 23:11--------d-----w-c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-05-31 23:11 . 2012-05-31 23:11--------d-----w-c:\users\Public\AppData\Local\temp
2012-05-31 23:11 . 2012-05-31 23:11--------d-----w-c:\users\Default\AppData\Local\temp
2012-05-29 14:24 . 2012-05-29 14:24--------d-----w-c:\users\Peter\AppData\Roaming\SUPERAntiSpyware.com
2012-05-29 14:23 . 2012-05-29 14:24--------d-----w-c:\program files\SUPERAntiSpyware
2012-05-29 11:22 . 2012-05-08 16:406737808----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BAE9A0A-5C89-43B5-BE19-958E7A4BC1DC}\mpengine.dll
2012-05-28 17:11 . 2012-05-31 11:28--------d-----w-C:\sh4ldr
2012-05-28 17:09 . 2012-05-31 12:10--------d-----w-c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
2012-05-26 23:36 . 2012-05-26 23:36--------d-----w-c:\program files\Trend Micro
2012-05-26 22:31 . 2012-05-26 22:31--------d-----w-c:\program files\Common Files\Java
2012-05-26 22:29 . 2012-05-26 22:29--------d-----w-c:\program files\Oracle
2012-05-26 22:28 . 2012-04-04 22:47772504----a-w-c:\windows\system32\npDeployJava1.dll
2012-05-17 11:42 . 2012-05-26 18:58--------d-----w-c:\program files\RemoteAutomator
2012-05-17 11:42 . 2012-05-26 18:58--------d-----w-c:\programdata\RemoteAutomator
2012-05-09 21:01 . 2012-03-30 10:231291632----a-w-c:\windows\system32\drivers\tcpip.sys
2012-05-09 21:01 . 2012-03-31 04:29936960----a-w-c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 21:01 . 2012-03-31 04:301221632----a-w-c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 21:01 . 2012-03-31 04:29989184----a-w-c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 21:01 . 2012-03-31 04:29969216----a-w-c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 21:01 . 2012-03-31 04:393968368----a-w-c:\windows\system32\ntkrnlpa.exe
2012-05-09 21:01 . 2012-03-31 04:393913072----a-w-c:\windows\system32\ntoskrnl.exe
2012-05-09 21:01 . 2012-03-31 02:362343424----a-w-c:\windows\system32\win32k.sys
2012-05-09 21:01 . 2012-03-17 07:2756176----a-w-c:\windows\system32\drivers\partmgr.sys
2012-05-09 21:00 . 2012-03-03 05:311077248----a-w-c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 10:39 . 2012-03-29 22:59419488----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-05-05 10:39 . 2011-05-13 13:0870304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:47 . 2010-08-16 11:32687504----a-w-c:\windows\system32\deployJava1.dll
2012-03-26 14:00 . 2012-04-13 11:20112056----a-w-c:\windows\system32\acaptuser32.dll
2011-02-27 00:14 . 2011-02-27 00:147808600----a-w-c:\program files\PowerPack3.exe
2011-02-27 00:13 . 2011-02-27 00:135404768----a-w-c:\program files\RegCleaner603.exe
2010-08-19 16:59 . 2010-08-19 16:59197632----a-w-c:\program files\Common Files\OnlineFilesManager.dll
2012-04-25 16:31 . 2011-03-24 10:5997208----a-w-c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Online Files]
@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"
[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]
2010-08-19 16:59197632----a-w-c:\program files\Common Files\OnlineFilesManager.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2012-02-01 2918224]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-06 7703072]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-08-06 3575808]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-28 1130504]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2009-07-21 421888]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2011-03-21 340520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2009-06-26 17:05568072----a-w-c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CaptureWiz.lnk]
path=
backup=c:\windows\pss\CaptureWiz.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:2859240----a-w-c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:081259376----a-w-c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2011-07-28 13:101406824----a-w-c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05421736----a-w-c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 16:3059240----a-w-c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36421888----a-w-c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-05-21 20:383905920----a-w-c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Free]
2010-08-08 01:405324800----a-w-c:\program files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SABKUTIL;SABKUTIL;c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-19 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-11 24576]
R4 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-08-06 3453440]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-15 36880]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2009-05-07 52128]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2009-05-07 42144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 27320]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonationREG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
HsfXAudioServiceREG_MULTI_SZ HsfXAudioService
HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:39]
.
2012-05-31 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-06-29 17:37]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
2012-05-30 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 60fc887a-e1bc-430b-8168-7cc7eb16481f.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-05-31 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c06bd2ec-6f4c-4c57-9272-dde63d1a23fb.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mls.gsmls.com/member/index.jsp/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E8231A03-DFF0-4AB2-A7B4-7FC36769BFC9}: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\m4fqy7os.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-TweakNow PowerPack 2011_is1 - c:\program files\TweakNow PowerPack 2011\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-31 19:15:23
ComboFix-quarantined-files.txt 2012-05-31 23:15
ComboFix2.txt 2012-05-31 17:02
.
Pre-Run: 75,732,156,416 bytes free
Post-Run: 75,668,303,872 bytes free
.
- - End Of File - - 05E4C3665415651A4C88642E1A9BDCAF
If you already have Malwarebytes be sure to update it before running the scan!

Download Malwarebytes' Anti-Malware (MBAM)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to the following:

* Update Malwarebytes' Anti-Malware
* Launch Malwarebytes' Anti-Malware

* Then click Finish
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

----------

Download TDSSKiller.exe (v2.4.0.0) from Kaspersky Labs and save it to your desktop. <-Important!!!

* Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator
* If TDSSKiller does not run, try renaming it.
* To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension
* Click the Start Scan button.
* Do not use the computer during the scan.
* If the scan completes with nothing found, click Close to exit.
* If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
* Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
* A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_14.17.05_ log.txt) will be created and saved to the root directory ( usually Local Disk C ).
* Post this log to your next message.

If needed see the TDSS Rootkit Removing Tool website for detailed instructions on running TDSSkiller.Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.31.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Peter :: PETER-PC [administrator]

5/31/2012 9:25:20 PM
mbam-log-2012-05-31 (21-25-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208274
Time elapsed: 7 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
21:55:33.0773 5604System windows directory: C:\Windows
21:55:33.0773 5604Processor ARCHITECTURE: Intel x86
21:55:33.0773 5604Number of processors: 2
21:55:33.0773 5604Page size: 0x1000
21:55:33.0773 5604Boot type: Normal boot
21:55:33.0773 5604============================================================
21:55:35.0234 5604Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:55:35.0238 5604============================================================
21:55:35.0238 5604\Device\Harddisk0\DR0:
21:55:35.0239 5604MBR partitions:
21:55:35.0239 5604\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
21:55:35.0239 5604\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x1BA22970
21:55:35.0239 5604============================================================
21:55:35.0282 5604C: <-> \Device\Harddisk0\DR0\Partition1
21:55:35.0283 5604============================================================
21:55:35.0283 5604Initialize success
21:55:35.0283 5604============================================================
21:56:22.0285 1072============================================================
21:56:22.0285 1072Scan started
21:56:22.0285 1072Mode: Manual; SigCheck; TDLFS;
21:56:22.0285 1072============================================================
21:56:23.0539 1072!SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:56:23.0743 1072!SASCORE - ok
21:56:23.0914 10721394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:56:24.0264 10721394ohci - ok
21:56:24.0325 1072ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:56:24.0411 1072ACPI - ok
21:56:24.0427 1072AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:56:24.0551 1072AcpiPmi - ok
21:56:24.0691 1072AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:56:24.0839 1072AdobeARMservice - ok
21:56:24.0964 1072AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:56:25.0016 1072AdobeFlashPlayerUpdateSvc - ok
21:56:25.0073 1072adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:56:25.0108 1072adp94xx - ok
21:56:25.0136 1072adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:56:25.0169 1072adpahci - ok
21:56:25.0186 1072adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:56:25.0221 1072adpu320 - ok
21:56:25.0256 1072AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:56:25.0330 1072AeLookupSvc - ok
21:56:25.0393 1072AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:56:25.0641 1072AFD - ok
21:56:25.0676 1072agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:56:25.0761 1072agp440 - ok
21:56:25.0782 1072aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:56:25.0810 1072aic78xx - ok
21:56:25.0843 1072ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:56:25.0974 1072ALG - ok
21:56:26.0052 1072aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:56:26.0151 1072aliide - ok
21:56:26.0189 1072AMD External Events Utility (92543da5bb9775978fdbc1650c24a058) C:\Windows\system32\atiesrxx.exe
21:56:26.0361 1072AMD External Events Utility - ok
21:56:26.0459 1072amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:56:26.0676 1072amdagp - ok
21:56:26.0769 1072amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:56:26.0968 1072amdide - ok
21:56:27.0066 1072AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:56:27.0174 1072AmdK8 - ok
21:56:27.0193 1072AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:56:27.0223 1072AmdPPM - ok
21:56:27.0238 1072amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:56:27.0437 1072amdsata - ok
21:56:27.0475 1072amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:56:27.0507 1072amdsbs - ok
21:56:27.0530 1072amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:56:27.0745 1072amdxata - ok
21:56:27.0785 1072AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:56:27.0984 1072AppID - ok
21:56:28.0059 1072AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:56:28.0112 1072AppIDSvc - ok
21:56:28.0156 1072Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
21:56:28.0245 1072Appinfo - ok
21:56:28.0390 1072Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:56:28.0518 1072Apple Mobile Device - ok
21:56:28.0635 1072AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
21:56:28.0893 1072AppMgmt - ok
21:56:28.0972 1072arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:56:29.0002 1072arc - ok
21:56:29.0021 1072arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:56:29.0067 1072arcsas - ok
21:56:29.0201 1072aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:56:29.0620 1072aspnet_state - ok
21:56:29.0646 1072AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:56:29.0964 1072AsyncMac - ok
21:56:30.0003 1072atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:56:30.0289 1072atapi - ok
21:56:30.0415 1072athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
21:56:30.0618 1072athr - ok
21:56:30.0773 1072AtiHdmiService (bb9e7c7f937714f05a4e05c287d6ddff) C:\Windows\system32\drivers\AtiHdmi.sys
21:56:31.0436 1072AtiHdmiService - ok
21:56:31.0857 1072atikmdag (632a5be70d168b84f658a82ac8dbbead) C:\Windows\system32\DRIVERS\atikmdag.sys
21:56:32.0054 1072atikmdag - ok
21:56:32.0286 1072AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:56:32.0351 1072AtiPcie - ok
21:56:32.0516 1072AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:56:32.0678 1072AudioEndpointBuilder - ok
21:56:32.0687 1072Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:56:32.0735 1072Audiosrv - ok
21:56:32.0888 1072AVP (df9586377384df3808d42090242cc23b) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
21:56:32.0960 1072AVP - ok
21:56:33.0014 1072AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
21:56:33.0151 1072AxInstSV - ok
21:56:33.0283 1072b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:56:33.0366 1072b06bdrv - ok
21:56:33.0401 1072b57nd60x (6f41a4c5745bb99f89406f57164f099e) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:56:33.0428 1072b57nd60x - ok
21:56:33.0532 1072BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
21:56:33.0580 1072BcmSqlStartupSvc - ok
21:56:33.0611 1072BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:56:33.0730 1072BDESVC - ok
21:56:33.0823 1072Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:56:33.0868 1072Beep - ok
21:56:34.0168 1072BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
21:56:34.0260 1072BFE - ok
21:56:34.0316 1072BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
21:56:34.0398 1072BITS - ok
21:56:34.0414 1072blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:56:34.0465 1072blbdrive - ok
21:56:34.0607 1072Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:56:34.0653 1072Bonjour Service - ok
21:56:34.0710 1072bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:56:34.0995 1072bowser - ok
21:56:35.0026 1072BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:56:35.0100 1072BrFiltLo - ok
21:56:35.0128 1072BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:56:35.0155 1072BrFiltUp - ok
21:56:35.0219 1072BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
21:56:35.0298 1072BridgeMP - ok
21:56:35.0355 1072Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
21:56:35.0437 1072Browser - ok
21:56:35.0482 1072Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:56:35.0537 1072Brserid - ok
21:56:35.0566 1072BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:56:35.0595 1072BrSerWdm - ok
21:56:35.0613 1072BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:56:35.0642 1072BrUsbMdm - ok
21:56:35.0652 1072BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:56:35.0680 1072BrUsbSer - ok
21:56:35.0727 1072BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
21:56:35.0790 1072BthEnum - ok
21:56:35.0818 1072BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:56:35.0847 1072BTHMODEM - ok
21:56:35.0874 1072BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
21:56:35.0996 1072BthPan - ok
21:56:36.0069 1072BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
21:56:36.0152 1072BTHPORT - ok
21:56:36.0184 1072bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:56:36.0232 1072bthserv - ok
21:56:36.0281 1072BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
21:56:36.0424 1072BTHUSB - ok
21:56:36.0455 1072btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys
21:56:36.0525 1072btwaudio - ok
21:56:36.0550 1072btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\drivers\btwavdt.sys
21:56:36.0631 1072btwavdt - ok
21:56:36.0736 1072btwdins (528aaea4bea415f7dbc30653ef2cdca5) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:56:36.0803 1072btwdins - ok
21:56:36.0828 1072btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:56:36.0903 1072btwl2cap - ok
21:56:36.0915 1072btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys
21:56:36.0984 1072btwrchid - ok
21:56:37.0092 1072catchme - ok
21:56:37.0138 1072cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:56:37.0207 1072cdfs - ok
21:56:37.0256 1072cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:56:37.0389 1072cdrom - ok
21:56:37.0435 1072CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:56:37.0524 1072CertPropSvc - ok
21:56:37.0540 1072circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:56:37.0571 1072circlass - ok
21:56:37.0614 1072CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:56:37.0644 1072CLFS - ok
21:56:37.0724 1072clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:56:37.0763 1072clr_optimization_v2.0.50727_32 - ok
21:56:37.0839 1072clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:56:37.0895 1072clr_optimization_v4.0.30319_32 - ok
21:56:37.0928 1072CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:56:37.0956 1072CmBatt - ok
21:56:38.0002 1072cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:56:38.0072 1072cmdide - ok
21:56:38.0141 1072CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
21:56:38.0222 1072CNG - ok
21:56:38.0235 1072Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:56:38.0260 1072Compbatt - ok
21:56:38.0301 1072CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:56:38.0488 1072CompositeBus - ok
21:56:38.0493 1072COMSysApp - ok
21:56:38.0542 1072crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:56:38.0564 1072crcdisk - ok
21:56:38.0622 1072CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
21:56:38.0702 1072CryptSvc - ok
21:56:38.0771 1072CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
21:56:38.0859 1072CSC - ok
21:56:38.0912 1072CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
21:56:38.0989 1072CscService - ok
21:56:39.0029 1072DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:56:39.0078 1072DcomLaunch - ok
21:56:39.0120 1072defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:56:39.0171 1072defragsvc - ok
21:56:39.0248 1072DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:56:39.0322 1072DfsC - ok
21:56:39.0371 1072Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
21:56:39.0449 1072Dhcp - ok
21:56:39.0474 1072discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:56:39.0528 1072discache - ok
21:56:39.0562 1072Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:56:39.0612 1072Disk - ok
21:56:39.0645 1072DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
21:56:39.0727 1072DKbFltr - ok
21:56:39.0791 1072Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
21:56:39.0983 1072Dnscache - ok
21:56:40.0055 1072dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
21:56:40.0150 1072dot3svc - ok
21:56:40.0208 1072DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
21:56:40.0306 1072DPS - ok
21:56:40.0331 1072drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:56:40.0361 1072drmkaud - ok
21:56:40.0403 1072dwshd - ok
21:56:40.0527 1072DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:56:40.0622 1072DXGKrnl - ok
21:56:40.0677 1072EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:56:40.0743 1072EapHost - ok
21:56:41.0013 1072ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:56:41.0086 1072ebdrv - ok
21:56:41.0233 1072EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
21:56:41.0362 1072EFS - ok
21:56:41.0498 1072ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
21:56:41.0621 1072ehRecvr - ok
21:56:41.0654 1072ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:56:41.0749 1072ehSched - ok
21:56:41.0849 1072elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:56:41.0912 1072elxstor - ok
21:56:41.0953 1072ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:56:42.0047 1072ErrDev - ok
21:56:42.0124 1072esgiguard - ok
21:56:42.0197 1072ETService (2f6d55dc521c557880116b51925a792a) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
21:56:42.0253 1072ETService ( UnsignedFile.Multi.Generic ) - warning
21:56:42.0253 1072ETService - detected UnsignedFile.Multi.Generic (1)
21:56:42.0317 1072EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:56:42.0385 1072EventSystem - ok
21:56:42.0427 1072exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:56:42.0475 1072exfat - ok
21:56:42.0506 1072fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:56:42.0551 1072fastfat - ok
21:56:42.0645 1072Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
21:56:42.0753 1072Fax - ok
21:56:42.0773 1072fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:56:42.0801 1072fdc - ok
21:56:42.0826 1072fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:56:42.0875 1072fdPHost - ok
21:56:42.0892 1072FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:56:43.0006 1072FDResPub - ok
21:56:43.0022 1072FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:56:43.0049 1072FileInfo - ok
21:56:43.0068 1072Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:56:43.0112 1072Filetrace - ok
21:56:43.0132 1072flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:56:43.0159 1072flpydisk - ok
21:56:43.0188 1072FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:56:43.0215 1072FltMgr - ok
21:56:43.0322 1072FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
21:56:43.0539 1072FontCache - ok
21:56:43.0618 1072FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:56:43.0661 1072FontCache3.0.0.0 - ok
21:56:43.0694 1072FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:56:43.0720 1072FsDepends - ok
21:56:43.0770 1072Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
21:56:43.0847 1072Fs_Rec - ok
21:56:43.0910 1072fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:56:43.0993 1072fvevol - ok
21:56:44.0010 1072gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:56:44.0034 1072gagp30kx - ok
21:56:44.0078 1072GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:56:44.0099 1072GEARAspiWDM - ok
21:56:44.0362 1072gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
21:56:44.0464 1072gpsvc - ok
21:56:44.0619 1072Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files\Acer\Registration\GregHSRW.exe
21:56:44.0690 1072Greg_Service - ok
21:56:44.0774 1072gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:56:44.0850 1072gupdate - ok
21:56:44.0898 1072gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:56:44.0936 1072gupdatem - ok
21:56:45.0074 1072hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:56:45.0153 1072hcw85cir - ok
21:56:45.0222 1072HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:56:45.0331 1072HdAudAddService - ok
21:56:45.0432 1072HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:56:45.0553 1072HDAudBus - ok
21:56:45.0573 1072HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:56:45.0600 1072HidBatt - ok
21:56:45.0627 1072HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:56:45.0658 1072HidBth - ok
21:56:45.0668 1072HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:56:45.0699 1072HidIr - ok
21:56:45.0728 1072hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
21:56:45.0776 1072hidserv - ok
21:56:45.0789 1072HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
21:56:45.0863 1072HidUsb - ok
21:56:45.0915 1072hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
21:56:45.0994 1072hkmsvc - ok
21:56:46.0020 1072HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
21:56:46.0142 1072HomeGroupListener - ok
21:56:46.0237 1072HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
21:56:46.0266 1072HomeGroupProvider - ok
21:56:46.0314 1072HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:56:46.0421 1072HpSAMD - ok
21:56:46.0468 1072HsfXAudioService (210388fd8225b02bd83d77628aae64a9) C:\Windows\system32\XAudio32.dll
21:56:46.0630 1072HsfXAudioService - ok
21:56:46.0787 1072HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:56:46.0921 1072HSF_DPV - ok
21:56:47.0036 1072HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:56:47.0127 1072HSXHWAZL - ok
21:56:47.0208 1072HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:56:47.0285 1072HTTP - ok
21:56:47.0333 1072hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:56:47.0408 1072hwpolicy - ok
21:56:47.0467 1072i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:56:47.0562 1072i8042prt - ok
21:56:47.0605 1072iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:56:47.0681 1072iaStorV - ok
21:56:47.0842 1072idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:56:47.0918 1072idsvc - ok
21:56:48.0287 1072IGBASVC (884243a20eccf90f747854e2f0954719) c:\Program Files\Acer Bio Protection\BASVC.exe
21:56:48.0381 1072IGBASVC ( UnsignedFile.Multi.Generic ) - warning
21:56:48.0382 1072IGBASVC - detected UnsignedFile.Multi.Generic (1)
21:56:48.0939 1072igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:56:49.0047 1072igfx - ok
21:56:49.0247 1072iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:56:49.0289 1072iirsp - ok
21:56:49.0546 1072IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
21:56:49.0656 1072IKEEXT - ok
21:56:49.0687 1072int15 (58ff11c95c3681c9250914521cb9f036) C:\Windows\system32\drivers\int15.sys
21:56:49.0738 1072int15 - ok
21:56:49.0943 1072IntcAzAudAddService (b29e79c67f3779e70ba187e31b639ebc) C:\Windows\system32\drivers\RTKVHDA.sys
21:56:50.0070 1072IntcAzAudAddService - ok
21:56:50.0220 1072intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:56:50.0344 1072intelide - ok
21:56:50.0364 1072intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:56:50.0395 1072intelppm - ok
21:56:50.0446 1072IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:56:50.0531 1072IPBusEnum - ok
21:56:50.0554 1072IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:56:50.0602 1072IpFilterDriver - ok
21:56:50.0775 1072iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
21:56:50.0854 1072iphlpsvc - ok
21:56:50.0903 1072IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:56:50.0985 1072IPMIDRV - ok
21:56:51.0025 1072IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:56:51.0070 1072IPNAT - ok
21:56:51.0244 1072iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
21:56:51.0283 1072iPod Service - ok
21:56:51.0291 1072IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:56:51.0360 1072IRENUM - ok
21:56:51.0397 1072isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:56:51.0469 1072isapnp - ok
21:56:51.0500 1072iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:56:51.0573 1072iScsiPrt - ok
21:56:51.0645 1072IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:56:51.0680 1072IviRegMgr - ok
21:56:51.0700 1072kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:56:51.0774 1072kbdclass - ok
21:56:51.0825 1072kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
21:56:51.0900 1072kbdhid - ok
21:56:51.0944 1072KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:56:51.0971 1072KeyIso - ok
21:56:52.0038 1072kl1 (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys
21:56:52.0093 1072kl1 - ok
21:56:52.0129 1072klbg (53eedab3f0511321ac3ae8bc968b158c) C:\Windows\system32\drivers\klbg.sys
21:56:52.0181 1072klbg - ok
21:56:52.0234 1072KLIF (de6c14fb8438ef932d9f58f269a19b85) C:\Windows\system32\DRIVERS\klif.sys
21:56:52.0286 1072KLIF - ok
21:56:52.0332 1072KLIM6 (892cc162dc88ab084c86485879526c59) C:\Windows\system32\DRIVERS\klim6.sys
21:56:52.0386 1072KLIM6 - ok
21:56:52.0429 1072klmouflt (aa63a815876a76987b5dbce6af7478e9) C:\Windows\system32\DRIVERS\klmouflt.sys
21:56:52.0480 1072klmouflt - ok
21:56:52.0526 1072KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
21:56:52.0581 1072KSecDD - ok
21:56:52.0606 1072KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
21:56:52.0667 1072KSecPkg - ok
21:56:52.0712 1072KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:56:52.0765 1072KtmRm - ok
21:56:52.0791 1072L1E (8c804b1ffad1efa952b747e8285c3b76) C:\Windows\system32\DRIVERS\L1E62x86.sys
21:56:52.0818 1072L1E - ok
21:56:52.0894 1072LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
21:56:52.0963 1072LanmanServer - ok
21:56:53.0015 1072LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
21:56:53.0083 1072LanmanWorkstation - ok
21:56:53.0106 1072lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:56:53.0151 1072lltdio - ok
21:56:53.0186 1072lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:56:53.0234 1072lltdsvc - ok
21:56:53.0251 1072lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:56:53.0296 1072lmhosts - ok
21:56:53.0332 1072LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:56:53.0357 1072LSI_FC - ok
21:56:53.0372 1072LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:56:53.0401 1072LSI_SAS - ok
21:56:53.0420 1072LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:56:53.0446 1072LSI_SAS2 - ok
21:56:53.0463 1072LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:56:53.0488 1072LSI_SCSI - ok
21:56:53.0509 1072luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:56:53.0554 1072luafv - ok
21:56:53.0633 1072Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
21:56:53.0785 1072Mcx2Svc - ok
21:56:53.0805 1072mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:56:53.0986 1072mdmxsdk - ok
21:56:54.0024 1072megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:56:54.0068 1072megasas - ok
21:56:54.0104 1072MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:56:54.0131 1072MegaSR - ok
21:56:54.0238 1072Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:56:54.0261 1072Microsoft Office Groove Audit Service - ok
21:56:54.0294 1072MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:56:54.0340 1072MMCSS - ok
21:56:54.0358 1072Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:56:54.0401 1072Modem - ok
21:56:54.0420 1072monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:56:54.0450 1072monitor - ok
21:56:54.0486 1072mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
21:56:54.0558 1072mouclass - ok
21:56:54.0679 1072mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:56:54.0729 1072mouhid - ok
21:56:54.0914 1072mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:56:54.0991 1072mountmgr - ok
21:56:55.0073 1072MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:56:55.0219 1072MozillaMaintenance - ok
21:56:55.0328 1072mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:56:55.0441 1072mpio - ok
21:56:55.0475 1072mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:56:55.0519 1072mpsdrv - ok
21:56:55.0606 1072MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
21:56:55.0708 1072MpsSvc - ok
21:56:55.0758 1072MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:56:55.0830 1072MRxDAV - ok
21:56:55.0886 1072mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:56:56.0103 1072mrxsmb - ok
21:56:56.0164 1072mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:56:56.0262 1072mrxsmb10 - ok
21:56:56.0287 1072mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:56:56.0426 1072mrxsmb20 - ok
21:56:56.0516 1072msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:56:56.0588 1072msahci - ok
21:56:56.0645 1072msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:56:56.0742 1072msdsm - ok
21:56:56.0776 1072MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:56:56.0850 1072MSDTC - ok
21:56:56.0876 1072Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:56:56.0922 1072Msfs - ok
21:56:56.0937 1072mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:56:56.0981 1072mshidkmdf - ok
21:56:56.0995 1072msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:56:57.0065 1072msisadrv - ok
21:56:57.0104 1072MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:56:57.0167 1072MSiSCSI - ok
21:56:57.0175 1072msiserver - ok
21:56:57.0191 1072MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:56:57.0241 1072MSKSSRV - ok
21:56:57.0249 1072MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:56:57.0297 1072MSPCLOCK - ok
21:56:57.0305 1072MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:56:57.0366 1072MSPQM - ok
21:56:57.0391 1072MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:56:57.0420 1072MsRPC - ok
21:56:57.0471 1072mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:56:57.0591 1072mssmbios - ok
21:56:57.0668 1072MSSQL$MSSMLBIZ - ok
21:56:57.0744 1072MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:56:57.0953 1072MSSQLServerADHelper - ok
21:56:58.0008 1072MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:56:58.0052 1072MSTEE - ok
21:56:58.0061 1072MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:56:58.0092 1072MTConfig - ok
21:56:58.0116 1072Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:56:58.0142 1072Mup - ok
21:56:58.0206 1072napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
21:56:58.0288 1072napagent - ok
21:56:58.0325 1072NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:56:58.0360 1072NativeWifiP - ok
21:56:58.0420 1072NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:56:58.0496 1072NDIS - ok
21:56:58.0515 1072NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:56:58.0561 1072NdisCap - ok
21:56:58.0581 1072NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:56:58.0624 1072NdisTapi - ok
21:56:58.0664 1072Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:56:58.0709 1072Ndisuio - ok
21:56:58.0758 1072NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:56:58.0803 1072NdisWan - ok
21:56:58.0853 1072NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:56:58.0923 1072NDProxy - ok
21:56:58.0976 1072Net Driver HPZ12 (90eb97c8dbf11bb0016c51946ac5ecd6) C:\Windows\system32\HPZinw12.dll
21:56:59.0005 1072Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:56:59.0005 1072Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:56:59.0043 1072NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:56:59.0088 1072NetBIOS - ok
21:56:59.0141 1072NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:56:59.0218 1072NetBT - ok
21:56:59.0256 1072Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:56:59.0285 1072Netlogon - ok
21:56:59.0339 1072Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:56:59.0391 1072Netman - ok
21:56:59.0521 1072NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:59.0568 1072NetMsmqActivator - ok
21:56:59.0575 1072NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:59.0599 1072NetPipeActivator - ok
21:56:59.0629 1072netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:56:59.0680 1072netprofm - ok
21:56:59.0687 1072NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:59.0714 1072NetTcpActivator - ok
21:56:59.0721 1072NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:59.0748 1072NetTcpPortSharing - ok
21:56:59.0780 1072nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:56:59.0806 1072nfrd960 - ok
21:56:59.0874 1072NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
21:56:59.0968 1072NlaSvc - ok
21:56:59.0988 1072Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:57:00.0033 1072Npfs - ok
21:57:00.0069 1072nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:57:00.0125 1072nsi - ok
21:57:00.0154 1072nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:57:00.0199 1072nsiproxy - ok
21:57:00.0360 1072Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:57:00.0528 1072Ntfs - ok
21:57:00.0687 1072NTIBackupSvc (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
21:57:00.0758 1072NTIBackupSvc - ok
21:57:00.0888 1072NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys
21:57:00.0956 1072NTIDrvr - ok
21:57:00.0995 1072NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
21:57:01.0057 1072NTISchedulerSvc - ok
21:57:01.0097 1072Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:57:01.0152 1072Null - ok
21:57:01.0211 1072nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:57:01.0354 1072nvraid - ok
21:57:01.0390 1072nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:57:01.0526 1072nvstor - ok
21:57:01.0609 1072nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:57:01.0728 1072nv_agp - ok
21:57:01.0788 1072O2FLASH (d955d5de998db2476bf0892be3a96c26) C:\Windows\system32\DRIVERS\o2flash.exe
21:57:01.0957 1072O2FLASH - ok
21:57:02.0000 1072O2MDRDR (922046f114ac0c1b2484bcdd5ca43c07) C:\Windows\system32\DRIVERS\o2media.sys
21:57:02.0070 1072O2MDRDR - ok
21:57:02.0087 1072O2SDRDR (51c368f577513feb59ed70b45e930076) C:\Windows\system32\DRIVERS\o2sd.sys
21:57:02.0163 1072O2SDRDR - ok
21:57:02.0301 1072odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:57:02.0332 1072odserv - ok
21:57:02.0378 1072ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:57:02.0454 1072ohci1394 - ok
21:57:02.0504 1072ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:57:02.0530 1072ose - ok
21:57:03.0004 1072osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:57:03.0143 1072osppsvc - ok
21:57:03.0331 1072p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:57:03.0477 1072p2pimsvc - ok
21:57:03.0511 1072p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:57:03.0553 1072p2psvc - ok
21:57:03.0606 1072Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:57:03.0653 1072Parport - ok
21:57:03.0697 1072partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
21:57:03.0735 1072partmgr - ok
21:57:03.0756 1072Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:57:03.0785 1072Parvdm - ok
21:57:03.0816 1072PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:57:03.0854 1072PcaSvc - ok
21:57:03.0911 1072pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:57:03.0997 1072pci - ok
21:57:04.0025 1072pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:57:04.0096 1072pciide - ok
21:57:04.0138 1072pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:57:04.0191 1072pcmcia - ok
21:57:04.0218 1072pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:57:04.0255 1072pcw - ok
21:57:04.0311 1072PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:57:04.0373 1072PEAUTH - ok
21:57:04.0465 1072PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
21:57:04.0591 1072PeerDistSvc - ok
21:57:04.0794 1072pgfilter - ok
21:57:05.0150 1072pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
21:57:05.0247 1072pla - ok
21:57:05.0420 1072PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
21:57:05.0684 1072PlugPlay - ok
21:57:05.0745 1072Pml Driver HPZ12 (75cf9de0a67af916ed591743dfb69694) C:\Windows\system32\HPZipm12.dll
21:57:05.0852 1072Pml Driver HPZ12 - ok
21:57:05.0880 1072PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:57:05.0915 1072PNRPAutoReg - ok
21:57:05.0952 1072PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:57:05.0985 1072PNRPsvc - ok
21:57:06.0062 1072PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
21:57:06.0151 1072PolicyAgent - ok
21:57:06.0211 1072Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
21:57:06.0297 1072Power - ok
21:57:06.0363 1072PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:57:06.0429 1072PptpMiniport - ok
21:57:06.0448 1072Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:57:06.0476 1072Processor - ok
21:57:06.0504 1072ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
21:57:06.0576 1072ProfSvc - ok
21:57:06.0623 1072ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:57:06.0669 1072ProtectedStorage - ok
21:57:06.0695 1072Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:57:06.0742 1072Psched - ok
21:57:06.0818 1072PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
21:57:06.0869 1072PSI_SVC_2 - ok
21:57:06.0984 1072ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:57:07.0059 1072ql2300 - ok
21:57:07.0219 1072ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:57:07.0266 1072ql40xx - ok
21:57:07.0320 1072QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:57:07.0367 1072QWAVE - ok
21:57:07.0392 1072QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:57:07.0427 1072QWAVEdrv - ok
21:57:07.0442 1072RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:57:07.0487 1072RasAcd - ok
21:57:07.0519 1072RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:57:07.0579 1072RasAgileVpn - ok
21:57:07.0601 1072RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:57:07.0698 1072RasAuto - ok
21:57:07.0733 1072Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:57:07.0793 1072Rasl2tp - ok
21:57:07.0868 1072RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
21:57:07.0940 1072RasMan - ok
21:57:07.0971 1072RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:57:08.0033 1072RasPppoe - ok
21:57:08.0054 1072RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:57:08.0112 1072RasSstp - ok
21:57:08.0144 1072rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:57:08.0213 1072rdbss - ok
21:57:08.0233 1072rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:57:08.0277 1072rdpbus - ok
21:57:08.0322 1072RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:57:08.0396 1072RDPCDD - ok
21:57:08.0456 1072RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
21:57:08.0610 1072RDPDR - ok
21:57:08.0677 1072RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:57:08.0747 1072RDPENCDD - ok
21:57:08.0784 1072RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:57:08.0826 1072RDPREFMP - ok
21:57:08.0891 1072RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
21:57:08.0946 1072RDPWD - ok
21:57:09.0008 1072rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:57:09.0061 1072rdyboost - ok
21:57:09.0092 1072regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
21:57:09.0161 1072regi - ok
21:57:09.0210 1072RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:57:09.0301 1072RemoteAccess - ok
21:57:09.0342 1072RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:57:09.0400 1072RemoteRegistry - ok
21:57:09.0440 1072RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
21:57:09.0558 1072RFCOMM - ok
21:57:09.0587 1072RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:57:09.0641 1072RpcEptMapper - ok
21:57:09.0658 1072RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:57:09.0750 1072RpcLocator - ok
21:57:09.0967 1072RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:57:10.0017 1072RpcSs - ok
21:57:10.0064 1072rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:57:10.0126 1072rspndr - ok
21:57:10.0224 1072RS_Service (b5a4b7d779cf4070df408de18bd33b02) C:\Program Files\Acer\Acer VCM\RS_Service.exe
21:57:10.0264 1072RS_Service ( UnsignedFile.Multi.Generic ) - warning
21:57:10.0264 1072RS_Service - detected UnsignedFile.Multi.Generic (1)
21:57:10.0306 1072s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
21:57:10.0459 1072s3cap - ok
21:57:10.0519 1072SABKUTIL - ok
21:57:10.0556 1072SABProcEnum - ok
21:57:10.0600 1072SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:57:10.0629 1072SamSs - ok
21:57:10.0745 1072SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:57:10.0793 1072SASDIFSV - ok
21:57:10.0817 1072SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:57:10.0847 1072SASKUTIL - ok
21:57:10.0903 1072sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:57:11.0010 1072sbp2port - ok
21:57:11.0048 1072SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:57:11.0101 1072SCardSvr - ok
21:57:11.0143 1072scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:57:11.0188 1072scfilter - ok
21:57:11.0294 1072Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
21:57:11.0386 1072Schedule - ok
21:57:11.0436 1072SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:57:11.0507 1072SCPolicySvc - ok
21:57:11.0554 1072sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
21:57:11.0644 1072sdbus - ok
21:57:11.0669 1072SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
21:57:11.0762 1072SDRSVC - ok
21:57:11.0924 1072secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:57:11.0997 1072secdrv - ok
21:57:12.0034 1072seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:57:12.0095 1072seclogon - ok
21:57:12.0126 1072SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
21:57:12.0176 1072SENS - ok
21:57:12.0200 1072SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:57:12.0274 1072SensrSvc - ok
21:57:12.0294 1072Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:57:12.0321 1072Serenum - ok
21:57:12.0345 1072Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:57:12.0375 1072Serial - ok
21:57:12.0430 1072sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:57:12.0527 1072sermouse - ok
21:57:12.0594 1072SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
21:57:12.0682 1072SessionEnv - ok
21:57:12.0726 1072sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:57:12.0828 1072sffdisk - ok
21:57:12.0846 1072sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:57:12.0920 1072sffp_mmc - ok
21:57:12.0930 1072sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:57:13.0019 1072sffp_sd - ok
21:57:13.0047 1072sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:57:13.0074 1072sfloppy - ok
21:57:13.0167 1072SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:57:13.0224 1072SharedAccess - ok
21:57:13.0285 1072ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
21:57:13.0403 1072ShellHWDetection - ok
21:57:13.0447 1072sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:57:13.0573 1072sisagp - ok
21:57:13.0603 1072SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:57:13.0632 1072SiSRaid2 - ok
21:57:13.0662 1072SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:57:13.0689 1072SiSRaid4 - ok
21:57:13.0710 1072Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:57:13.0760 1072Smb - ok
21:57:13.0828 1072SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:57:13.0860 1072SNMPTRAP - ok
21:57:13.0887 1072spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:57:13.0914 1072spldr - ok
21:57:13.0984 1072Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
21:57:14.0078 1072Spooler - ok
21:57:14.0361 1072sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
21:57:14.0493 1072sppsvc - ok
21:57:14.0710 1072sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
21:57:14.0786 1072sppuinotify - ok
21:57:14.0903 1072SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:57:15.0037 1072SQLBrowser - ok
21:57:15.0055 1072SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:57:15.0092 1072SQLWriter - ok
21:57:15.0347 1072srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:57:15.0532 1072srv - ok
21:57:15.0599 1072srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:57:15.0759 1072srv2 - ok
21:57:15.0815 1072SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:57:15.0881 1072SrvHsfHDA - ok
21:57:15.0970 1072SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:57:16.0052 1072SrvHsfV92 - ok
21:57:16.0128 1072SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:57:16.0204 1072SrvHsfWinac - ok
21:57:16.0254 1072srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:57:16.0394 1072srvnet - ok
21:57:16.0512 1072SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:57:16.0588 1072SSDPSRV - ok
21:57:16.0622 1072SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:57:16.0672 1072SstpSvc - ok
21:57:16.0708 1072stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:57:16.0733 1072stexstor - ok
21:57:16.0804 1072StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
21:57:16.0916 1072StiSvc - ok
21:57:16.0967 1072storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
21:57:17.0076 1072storflt - ok
21:57:17.0203 1072StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
21:57:17.0340 1072StorSvc - ok
21:57:17.0360 1072storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
21:57:17.0464 1072storvsc - ok
21:57:17.0485 1072swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:57:17.0599 1072swenum - ok
21:57:17.0648 1072swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:57:17.0717 1072swprv - ok
21:57:17.0762 1072SynTP (47183e3520c88fadd5b0c87d57040da5) C:\Windows\system3It looks like the bottom part of the TDSS log is cut off?21:55:33.0254 5604TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:55:33.0771 5604============================================================
21:55:33.0771 5604Current date / time: 2012/05/31 21:55:33.0771
21:55:33.0771 5604SystemInfo:
21:55:33.0771 5604
21:55:33.0771 5604OS Version: 6.1.7601 ServicePack: 1.0
21:55:33.0771 5604Product type: Workstation
21:55:33.0772 5604ComputerName: PETER-PC
21:55:33.0772 5604UserName: Peter
21:55:33.0772 5604Windows directory: C:\Windows
21:55:33.0773 5604System windows directory: C:\Windows
21:55:33.0773 5604Processor architecture: Intel x86
21:55:33.0773 5604Number of processors: 2
21:55:33.0773 5604Page size: 0x1000
21:55:33.0773 5604Boot type: Normal boot
21:55:33.0773 5604============================================================
21:55:35.0234 5604Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:55:35.0238 5604============================================================
21:55:35.0238 5604\Device\Harddisk0\DR0:
21:55:35.0239 5604MBR partitions:
21:55:35.0239 5604\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
21:55:35.0239 5604\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x1BA22970
21:55:35.0239 5604============================================================
21:55:35.0282 5604C: <-> \Device\Harddisk0\DR0\Partition1
21:55:35.0283 5604============================================================
21:55:35.0283 5604Initialize success
21:55:35.0283 5604============================================================
21:56:22.0285 1072============================================================
21:56:22.0285 1072Scan started
21:56:22.0285 1072Mode: Manual; SigCheck; TDLFS;
21:56:22.0285 1072============================================================
21:56:23.0539 1072!SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:56:23.0743 1072!SASCORE - ok
21:56:23.0914 10721394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:56:24.0264 10721394ohci - ok
21:56:24.0325 1072ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:56:24.0411 1072ACPI - ok
21:56:24.0427 1072AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:56:24.0551 1072AcpiPmi - ok
21:56:24.0691 1072AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:56:24.0839 1072AdobeARMservice - ok
21:56:24.0964 1072AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:56:25.0016 1072AdobeFlashPlayerUpdateSvc - ok
21:56:25.0073 1072adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:56:25.0108 1072adp94xx - ok
21:56:25.0136 1072adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:56:25.0169 1072adpahci - ok
21:56:25.0186 1072adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:56:25.0221 1072adpu320 - ok
21:56:25.0256 1072AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:56:25.0330 1072AeLookupSvc - ok
21:56:25.0393 1072AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:56:25.0641 1072AFD - ok
21:56:25.0676 1072agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:56:25.0761 1072agp440 - ok
21:56:25.0782 1072aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:56:25.0810 1072aic78xx - ok
21:56:25.0843 1072ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:56:25.0974 1072ALG - ok
21:56:26.0052 1072aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:56:26.0151 1072aliide - ok
21:56:26.0189 1072AMD External Events Utility (92543da5bb9775978fdbc1650c24a058) C:\Windows\system32\atiesrxx.exe
21:56:26.0361 1072AMD External Events Utility - ok
21:56:26.0459 1072amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:56:26.0676 1072amdagp - ok
21:56:26.0769 1072amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:56:26.0968 1072amdide - ok
21:56:27.0066 1072AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:56:27.0174 1072AmdK8 - ok
21:56:27.0193 1072AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:56:27.0223 1072AmdPPM - ok
21:56:27.0238 1072amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:56:27.0437 1072amdsata - ok
21:56:27.0475 1072amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:56:27.0507 1072amdsbs - ok
21:56:27.0530 1072amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:56:27.0745 1072amdxata - ok
21:56:27.0785 1072AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:56:27.0984 1072AppID - ok
21:56:28.0059 1072AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:56:28.0112 1072AppIDSvc - ok
21:56:28.0156 1072Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
21:56:28.0245 1072Appinfo - ok
21:56:28.0390 1072Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:56:28.0518 1072Apple Mobile Device - ok
21:56:28.0635 1072AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
21:56:28.0893 1072AppMgmt - ok
21:56:28.0972 1072arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:56:29.0002 1072arc - ok
21:56:29.0021 1072arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:56:29.0067 1072arcsas - ok
21:56:29.0201 1072aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:56:29.0620 1072aspnet_state - ok
21:56:29.0646 1072AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:56:29.0964 1072AsyncMac - ok
21:56:30.0003 1072atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:56:30.0289 1072atapi - ok
21:56:30.0415 1072athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
21:56:30.0618 1072athr - ok
21:56:30.0773 1072AtiHdmiService (bb9e7c7f937714f05a4e05c287d6ddff) C:\Windows\system32\drivers\AtiHdmi.sys
21:56:31.0436 1072AtiHdmiService - ok
21:56:31.0857 1072atikmdag (632a5be70d168b84f658a82ac8dbbead) C:\Windows\system32\DRIVERS\atikmdag.sys
21:56:32.0054 1072atikmdag - ok
21:56:32.0286 1072AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:56:32.0351 1072AtiPcie - ok
21:56:32.0516 1072AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:56:32.0678 1072AudioEndpointBuilder - ok
21:56:32.0687 1072Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:56:32.0735 1072Audiosrv - ok
21:56:32.0888 1072AVP (df9586377384df3808d42090242cc23b) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
21:56:32.0960 1072AVP - ok
21:56:33.0014 1072AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
21:56:33.0151 1072AxInstSV - ok
21:56:33.0283 1072b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:56:33.0366 1072b06bdrv - ok
21:56:33.0401 1072b57nd60x (6f41a4c5745bb99f89406f57164f099e) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:56:33.0428 1072b57nd60x - ok
21:56:33.0532 1072BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
21:56:33.0580 1072BcmSqlStartupSvc - ok
21:56:33.0611 1072BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:56:33.0730 1072BDESVC - ok
21:56:33.0823 1072Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:56:33.0868 1072Beep - ok
21:56:34.0168 1072BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
21:56:34.0260 1072BFE - ok
21:56:34.0316 1072BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
21:56:34.0398 1072BITS - ok
21:56:34.0414 1072blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:56:34.0465 1072blbdrive - ok
21:56:34.0607 1072Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:56:34.0653 1072Bonjour Service - ok
21:56:34.0710 1072bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:56:34.0995 1072bowser - ok
21:56:35.0026 1072BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:56:35.0100 1072BrFiltLo - ok
21:56:35.0128 1072BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:56:35.0155 1072BrFiltUp - ok
21:56:35.0219 1072BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
21:56:35.0298 1072BridgeMP - ok
21:56:35.0355 1072Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
21:56:35.0437 1072Browser - ok
21:56:35.0482 1072Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:56:35.0537 1072Brserid - ok
21:56:35.0566 1072BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:56:35.0595 1072BrSerWdm - ok
21:56:35.0613 1072BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:56:35.0642 1072BrUsbMdm - ok
21:56:35.0652 1072BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:56:35.0680 1072BrUsbSer - ok
21:56:35.0727 1072BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
21:56:35.0790 1072BthEnum - ok
21:56:35.0818 1072BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:56:35.0847 1072BTHMODEM - ok
21:56:35.0874 1072BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
21:56:35.0996 1072BthPan - ok
21:56:36.0069 1072BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
21:56:36.0152 1072BTHPORT - ok
21:56:36.0184 1072bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:56:36.0232 1072bthserv - ok
21:56:36.0281 1072BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
21:56:36.0424 1072BTHUSB - ok
21:56:36.0455 1072btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys
21:56:36.0525 1072btwaudio - ok
21:56:36.0550 1072btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\drivers\btwavdt.sys
21:56:36.0631 1072btwavdt - ok
21:56:36.0736 1072btwdins (528aaea4bea415f7dbc30653ef2cdca5) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:56:36.0803 1072btwdins - ok
21:56:36.0828 1072btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:56:36.0903 1072btwl2cap - ok
21:56:36.0915 1072btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys
21:56:36.0984 1072btwrchid - ok
21:56:37.0092 1072catchme - ok
21:56:37.0138 1072cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:56:37.0207 1072cdfs - ok
21:56:37.0256 1072cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:56:37.0389 1072cdrom - ok
21:56:37.0435 1072CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:56:37.0524 1072CertPropSvc - ok
21:56:37.0540 1072circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:56:37.0571 1072circlass - ok
21:56:37.0614 1072CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:56:37.0644 1072CLFS - ok
21:56:37.0724 1072clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:56:37.0763 1072clr_optimization_v2.0.50727_32 - ok
21:56:37.0839 1072clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:56:37.0895 1072clr_optimization_v4.0.30319_32 - ok
21:56:37.0928 1072CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:56:37.0956 1072CmBatt - ok
21:56:38.0002 1072cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:56:38.0072 1072cmdide - ok
21:56:38.0141 1072CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
21:56:38.0222 1072CNG - ok
21:56:38.0235 1072Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:56:38.0260 1072Compbatt - ok
21:56:38.0301 1072CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:56:38.0488 1072CompositeBus - ok
21:56:38.0493 1072COMSysApp - ok
21:56:38.0542 1072crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:56:38.0564 1072crcdisk - ok
21:56:38.0622 1072CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
21:56:38.0702 1072CryptSvc - ok
21:56:38.0771 1072CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
21:56:38.0859 1072CSC - ok
21:56:38.0912 1072CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
21:56:38.0989 1072CscService - ok
21:56:39.0029 1072DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:56:39.0078 1072DcomLaunch - ok
21:56:39.0120 1072defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:56:39.0171 1072defragsvc - ok
21:56:39.0248 1072DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:56:39.0322 1072DfsC - ok
21:56:39.0371 1072Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
21:56:39.0449 1072Dhcp - ok
21:56:39.0474 1072discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:56:39.0528 1072discache - ok
21:56:39.0562 1072Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:56:39.0612 1072Disk - ok
21:56:39.0645 1072DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
21:56:39.0727 1072DKbFltr - ok
21:56:39.0791 1072Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
21:56:39.0983 1072Dnscache - ok
21:56:40.0055 1072dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
21:56:40.0150 1072dot3svc - ok
21:56:40.0208 1072DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
21:56:40.0306 1072DPS - ok
21:56:40.0331 1072drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:56:40.0361 1072drmkaud - ok
21:56:40.0403 1072dwshd - ok
21:56:40.0527 1072DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:56:40.0622 1072DXGKrnl - ok
21:56:40.0677 1072EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:56:40.0743 1072EapHost - ok
21:56:41.0013 1072ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:56:41.0086 1072ebdrv - ok
21:56:41.0233 1072EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
21:56:41.0362 1072EFS - ok
21:56:41.0498 1072ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
21:56:41.0621 1072ehRecvr - ok
21:56:41.0654 1072ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:56:41.0749 1072ehSched - ok
21:56:41.0849 1072elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:56:41.0912 1072elxstor - ok
21:56:41.0953 1072ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:56:42.0047 1072ErrDev - ok
21:56:42.0124 1072esgiguard - ok
21:56:42.0197 1072ETService (2f6d55dc521c557880116b51925a792a) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
21:56:42.0253 1072ETService ( UnsignedFile.Multi.Generic ) - warning
21:56:42.0253 1072ETService - detected UnsignedFile.Multi.Generic (1)
21:56:42.0317 1072EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:56:42.0385 1072EventSystem - ok
21:56:42.0427 1072exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:56:42.0475 1072exfat - ok
21:56:42.0506 1072fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:56:42.0551 1072fastfat - ok
21:56:42.0645 1072Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
21:56:42.0753 1072Fax - ok
21:56:42.0773 1072fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:56:42.0801 1072fdc - ok
21:56:42.0826 1072fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:56:42.0875 1072fdPHost - ok
21:56:42.0892 1072FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:56:43.0006 1072FDResPub - ok
21:56:43.0022 1072FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:56:43.0049 1072FileInfo - ok
21:56:43.0068 1072Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:56:43.0112 1072Filetrace - ok
21:56:43.0132 1072flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:56:43.0159 1072flpydisk - ok
21:56:43.0188 1072FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:56:43.0215 1072FltMgr - ok
21:56:43.0322 1072FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
21:56:43.0539 1072FontCache - ok
21:56:43.0618 1072FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:56:43.0661 1072FontCache3.0.0.0 - ok
21:56:43.0694 1072FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:56:43.0720 1072FsDepends - ok
21:56:43.0770 1072Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
21:56:43.0847 1072Fs_Rec - ok
21:56:43.0910 1072fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:56:43.0993 1072fvevol - ok
21:56:44.0010 1072gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:56:44.0034 1072gagp30kx - ok
21:56:44.0078 1072GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:56:44.0099 1072GEARAspiWDM - ok
21:56:44.0362 1072gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
21:56:44.0464 1072gpsvc - ok
21:56:44.0619 1072Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files\Acer\Registration\GregHSRW.exe
21:56:44.0690 1072Greg_Service - ok
21:56:44.0774 1072gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:56:44.0850 1072gupdate - ok
21:56:44.0898 1072gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:56:44.0936 1072gupdatem - ok
21:56:45.0074 1072hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:56:45.0153 1072hcw85cir - ok
21:56:45.0222 1072HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:56:45.0331 1072HdAudAddService - ok
21:56:45.0432 1072HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:56:45.0553 1072HDAudBus - ok
21:56:45.0573 1072HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:56:45.0600 1072HidBatt - ok
21:56:45.0627 1072HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:56:45.0658 1072HidBth - ok
21:56:45.0668 1072HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:56:45.0699 1072HidIr - ok
21:56:45.0728 1072hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
21:56:45.0776 1072hidserv - ok
21:56:45.0789 1072HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
21:56:45.0863 1072HidUsb - ok
21:56:45.0915 1072hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
21:56:45.0994 1072hkmsvc - ok
21:56:46.0020 1072HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
21:56:46.0142 1072HomeGroupListener - ok
21:56:46.0237 1072HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
21:56:46.0266 1072HomeGroupProvider - ok
21:56:46.0314 1072HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:56:46.0421 1072HpSAMD - ok
21:56:46.0468 1072HsfXAudioService (210388fd8225b02bd83d77628aae64a9) C:\Windows\system32\XAudio32.dll
21:56:46.0630 1072HsfXAudioService - ok
21:56:46.0787 1072HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:56:46.0921 1072HSF_DPV - ok
21:56:47.0036 1072HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:56:47.0127 1072HSXHWAZL - ok
21:56:47.0208 1072HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:56:47.0285 1072HTTP - ok
21:56:47.0333 1072hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:56:47.0408 1072hwpolicy - ok
21:56:47.0467 1072i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:56:47.0562 1072i8042prt - ok
21:56:47.0605 1072iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:56:47.0681 1072iaStorV - ok
21:56:47.0842 1072idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:56:47.0918 1072idsvc - ok
21:56:48.0287 1072IGBASVC (884243a20eccf90f747854e2f0954719) c:\Program Files\Acer Bio Protection\BASVC.exe
21:56:48.0381 1072IGBASVC ( UnsignedFile.Multi.Generic ) - warning
21:56:48.0382 1072IGBASVC - detected UnsignedFile.Multi.Generic (1)
21:56:48.0939 1072igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:56:49.0047 1072igfx - ok
21:56:49.0247 1072iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:56:49.0289 1072iirsp - ok
21:56:49.0546 1072IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
21:56:49.0656 1072IKEEXT - ok
21:56:49.0687 1072int15 (58ff11c95c3681c9250914521cb9f036) C:\Windows\system32\drivers\int15.sys
21:56:49.0738 1072int15 - ok
21:56:49.0943 1072IntcAzAudAddService (b29e79c67f3779e70ba187e31b639ebc) C:\Windows\system32\drivers\RTKVHDA.sys
21:56:50.0070 1072IntcAzAudAddService - ok
21:56:50.0220 1072intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:56:50.0344 1072intelide - ok
21:56:50.0364 1072intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:56:50.0395 1072intelppm - ok
21:56:50.0446 1072IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:56:50.0531 1072IPBusEnum - ok
21:56:50.0554 1072IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:56:50.0602 1072IpFilterDriver - ok
21:56:50.0775 1072iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
21:56:50.0854 1072iphlpsvc - ok
21:56:50.0903 1072IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:56:50.0985 1072IPMIDRV - ok
21:56:51.0025 1072IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:56:51.0070 1072IPNAT - ok
21:56:51.0244 1072iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
21:56:51.0283 1072iPod Service - ok
21:56:51.0291 1072IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:56:51.0360 1072IRENUM - ok
21:56:51.0397 1072isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:56:51.0469 1072isapnp - ok
21:56:51.0500 1072iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:56:51.0573 1072iScsiPrt - ok
21:56:51.0645 1072IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:56:51.0680 1072IviRegMgr - ok
21:56:51.0700 1072kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:56:51.0774 1072kbdclass - ok
21:56:51.0825 1072kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
21:56:51.0900 1072kbdhid - ok
21:56:51.0944 1072KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:56:51.0971 1072KeyIso - ok
21:56:52.0038 1072kl1 (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys
21:56:52.0093 1072kl1 - ok
21:56:52.0129 1072klbg (53eedab3f0511321ac3ae8bc968b158c) C:\Windows\system32\drivers\klbg.sys
21:56:52.0181 1072klbg - ok
21:56:52.0234 1072KLIF (de6c14fb8438ef932d9f58f269a19b85) C:\Windows\system32\DRIVERS\klif.sys
21:56:52.0286 1072KLIF - ok
21:56:52.0332 1072KLIM6 (892cc162dc88ab084c86485879526c59) C:\Windows\system32\DRIVERS\klim6.sys
21:56:52.0386 1072KLIM6 - ok
21:56:52.0429 1072klmouflt (aa63a815876a76987b5dbce6af7478e9) C:\Windows\system32\DRIVERS\klmouflt.sys
21:56:52.0480 1072klmouflt - ok
21:56:52.0526 1072KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
21:56:52.0581 1072KSecDD - ok
21:56:52.0606 1072KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
21:56:52.0667 1072KSecPkg - ok
21:56:52.0712 1072KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:56:52.0765 1072KtmRm - ok
21:56:52.0791 1072L1E (8c804b1ffad1efa952b747e8285c3b76) C:\Windows\system32\DRIVERS\L1E62x86.sys
21:56:52.0818 1072L1E - ok
21:56:52.0894 1072LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
21:56:52.0963 1072LanmanServer - ok
21:56:53.0015 1072LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
21:56:53.0083 1072LanmanWorkstation - ok
21:56:53.0106 1072lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:56:53.0151 1072lltdio - ok
21:56:53.0186 1072lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:56:53.0234 1072lltdsvc - ok
21:56:53.0251 1072lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:56:53.0296 1072lmhosts - ok
21:56:53.0332 1072LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:56:53.0357 1072LSI_FC - ok
21:56:53.0372 1072LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:56:53.0401 1072LSI_SAS - ok
21:56:53.0420 1072LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:56:53.0446 1072LSI_SAS2 - ok
21:56:53.0463 1072LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:56:53.0488 1072LSI_SCSI - ok
21:56:53.0509 1072luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:56:53.0554 1072luafv - ok
21:56:53.0633 1072Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
21:56:53.0785 1072Mcx2Svc - ok
21:56:53.0805 1072mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:56:53.0986 1072mdmxsdk - ok
21:56:54.0024 1072megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:56:54.0068 1072megasas - ok
21:56:54.0104 1072MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:56:54.0131 1072MegaSR - ok
21:56:54.0238 1072Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:56:54.0261 1072Microsoft Office Groove Audit Service - ok
21:56:54.0294 1072MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:56:54.0340 1072MMCSS - ok
21:56:54.0358 1072Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:56:54.0401 1072Modem - ok
21:56:54.0420 1072monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:56:54.0450 1072monitor - ok
21:56:54.0486 1072mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
21:56:54.0558 1072mouclass - ok
21:56:54.0679 1072mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:56:54.0729 1072mouhid - ok
21:56:54.0914 1072mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:56:54.0991 1072mountmgr - ok
21:56:55.0073 1072MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:56:55.0219 1072MozillaMaintenance - ok
21:56:55.0328 1072mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:56:55.0441 1072mpio - ok
21:56:55.0475 1072mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:56:55.0519 1072mpsdrv - ok
21:56:55.0606 1072MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
21:56:55.0708 1072MpsSvc - ok
21:56:55.0758 1072MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:56:55.0830 1072MRxDAV - ok
21:56:55.0886 1072mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:56:56.0103 1072mrxsmb - ok
21:56:56.0164 1072mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:56:56.0262 1072mrxsmb10 - ok
21:56:56.0287 1072mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:56:56.0426 1072mrxsmb20 - ok
21:56:56.0516 1072msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:56:56.0588 1072msahci - ok
21:56:56.0645 1072msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:56:56.0742 1072msdsm - ok
21:56:56.0776 1072MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:56:56.0850 1072MSDTC - ok
21:56:56.0876 1072Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:56:56.0922 1072Msfs - ok
21:56:56.0937 1072mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:56:56.0981 1072mshidkmdf - ok
21:56:56.0995 1072msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:56:57.0065 1072msisadrv - ok
21:56:57.0104 1072MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:56:57.0167 1072MSiSCSI - ok
21:56:57.0175 1072msiserver - ok
21:56:57.0191 1072MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:56:57.0241 1072MSKSSRV - ok
21:56:57.0249 1072MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:56:57.0297 1072MSPCLOCK - ok
21:56:57.0305 1072MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:56:57.0366 1072MSPQM - ok
21:56:57.0391 1072MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:56:57.0420 1072MsRPC - ok
21:56:57.0471 1072mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:56:57.0591 1072mssmbios - ok
21:56:57.0668 1072MSSQL$MSSMLBIZ - ok
21:56:57.0744 1072MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:56:57.0953 1072MSSQLServerADHelper - ok
21:56:58.0008 1072MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:56:58.0052 1072MSTEE - ok
21:56:58.0061 1072MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:56:58.0092 1072MTConfig - ok
21:56:58.0116 1072Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:56:58.0142 1072Mup - ok
21:56:58.0206 1072napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
21:56:58.0288 1072napagent - ok
21:56:58.0325 1072NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:56:58.0360 1072NativeWifiP - ok
21:56:58.0420 1072NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:56:58.0496 1072NDIS - ok
21:56:58.0515 1072NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:56:58.0561 1072NdisCap - ok
21:56:58.0581 1072NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:56:58.0624 1072NdisTapi - ok
21:56:58.0664 1072Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:56:58.0709 1072Ndisuio - ok
21:56:58.0758 1072NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:56:58.0803 1072NdisWan - ok
21:56:58.0853 1072NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:56:58.0923 1072NDProxy - ok
21:56:58.0976 1072Net Driver HPZ12 (90eb97c8dbf11bb0016c51946ac5ecd6) C:\Windows\system32\HPZinw12.dll
21:56:59.0005 1072Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:56:59.0005 1072Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:56:59.0043 1072NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:56:59.0088 1072NetBIOS - ok
21:56:59.0141 1072NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:56:59.0218 1072NetBT - ok
21:56:59.0256 1072Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:56:59.0285 1072Netlogon - ok
21:56:59.0339 1072Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:56:59.0391 1072Netman - ok
21:56:59.0521 1072NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:59.0568 1072NetMsmqActivator - ok
21:56:59.0575 1072NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:59.0599 1072NetPipeActivator - ok
21:56:59.0629 1072netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:56:59.0680 1072netprofm - ok
21:56:59.0687 1072NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:59.0714 1072NetTcpActivator - ok
21:56:59.0721 1072NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:59.0748 1072NetTcpPortSharing - ok
21:56:59.0780 1072nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:56:59.0806 1072nfrd960 - ok
21:56:59.0874 1072NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
21:56:59.0968 1072NlaSvc - ok
21:56:59.0988 1072Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:57:00.0033 1072Npfs - ok
21:57:00.0069 1072nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:57:00.0125 1072nsi - ok
21:57:00.0154 1072nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:57:00.0199 1072nsiproxy - ok
21:57:00.0360 1072Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:57:00.0528 1072Ntfs - ok
21:57:00.0687 1072NTIBackupSvc (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
21:57:00.0758 1072NTIBackupSvc - ok
21:57:00.0888 1072NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys
21:57:00.0956 1072NTIDrvr - ok
21:57:00.0995 1072NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
21:57:01.0057 1072NTISchedulerSvc - ok
21:57:01.0097 1072Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:57:01.0152 1072Null - ok
21:57:01.0211 1072nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:57:01.0354 1072nvraid - ok
21:57:01.0390 1072nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:57:01.0526 1072nvstor - ok
21:57:01.0609 1072nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:57:01.0728 1072nv_agp - ok
21:57:01.0788 1072O2FLASH (d955d5de998db2476bf0892be3a96c26) C:\Windows\system32\DRIVERS\o2flash.exe
21:57:01.0957 1072O2FLASH - ok
21:57:02.0000 1072O2MDRDR (922046f114ac0c1b2484bcdd5ca43c07) C:\Windows\system32\DRIVERS\o2media.sys
21:57:02.0070 1072O2MDRDR - ok
21:57:02.0087 1072O2SDRDR (51c368f577513feb59ed70b45e930076) C:\Windows\system32\DRIVERS\o2sd.sys
21:57:02.0163 1072O2SDRDR - ok
21:57:02.0301 1072odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:57:02.0332 1072odserv - ok
21:57:02.0378 1072ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:57:02.0454 1072ohci1394 - ok
21:57:02.0504 1072ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:57:02.0530 1072ose - ok
21:57:03.0004 1072osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:57:03.0143 1072osppsvc - ok
21:57:03.0331 1072p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:57:03.0477 1072p2pimsvc - ok
21:57:03.0511 1072p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:57:03.0553 1072p2psvc - ok
21:57:03.0606 1072Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:57:03.0653 1072Parport - ok
21:57:03.0697 1072partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
21:57:03.0735 1072partmgr - ok
21:57:03.0756 1072Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:57:03.0785 1072Parvdm - ok
21:57:03.0816 1072PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:57:03.0854 1072PcaSvc - ok
21:57:03.0911 1072pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:57:03.0997 1072pci - ok
21:57:04.0025 1072pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:57:04.0096 1072pciide - ok
21:57:04.0138 1072pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:57:04.0191 1072pcmcia - ok
21:57:04.0218 1072pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:57:04.0255 1072pcw - ok
21:57:04.0311 1072PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:57:04.0373 1072PEAUTH - ok
21:57:04.0465 1072PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
21:57:04.0591 1072PeerDistSvc - ok
21:57:04.0794 1072pgfilter - ok
21:57:05.0150 1072pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
21:57:05.0247 1072pla - ok
21:57:05.0420 1072PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
21:57:05.0684 1072PlugPlay - ok
21:57:05.0745 1072Pml Driver HPZ12 (75cf9de0a67af916ed591743dfb69694) C:\Windows\system32\HPZipm12.dll
21:57:05.0852 1072Pml Driver HPZ12 - ok
21:57:05.0880 1072PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:57:05.0915 1072PNRPAutoReg - ok
21:57:05.0952 1072PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:57:05.0985 1072PNRPsvc - ok
21:57:06.0062 1072PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
21:57:06.0151 1072PolicyAgent - ok
21:57:06.0211 1072Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
21:57:06.0297 1072Power - ok
21:57:06.0363 1072PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:57:06.0429 1072PptpMiniport - ok
21:57:06.0448 1072Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:57:06.0476 1072Processor - ok
21:57:06.0504 1072ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
21:57:06.0576 1072ProfSvc - ok
21:57:06.0623 1072ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:57:06.0669 1072ProtectedStorage - ok
21:57:06.0695 1072Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:57:06.0742 1072Psched - ok
21:57:06.0818 1072PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
21:57:06.0869 1072PSI_SVC_2 - ok
21:57:06.0984 1072ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:57:07.0059 1072ql2300 - ok
21:57:07.0219 1072ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:57:07.0266 1072ql40xx - ok
21:57:07.0320 1072QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:57:07.0367 1072QWAVE - ok
21:57:07.0392 1072QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:57:07.0427 1072QWAVEdrv - ok
21:57:07.0442 1072RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:57:07.0487 1072RasAcd - ok
21:57:07.0519 1072RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:57:07.0579 1072RasAgileVpn - ok
21:57:07.0601 1072RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:57:07.0698 1072RasAuto - ok
21:57:07.0733 1072Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:57:07.0793 1072Rasl2tp - ok
21:57:07.0868 1072RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
21:57:07.0940 1072RasMan - ok
21:57:07.0971 1072RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:57:08.0033 1072RasPppoe - ok
21:57:08.0054 1072RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:57:08.0112 1072RasSstp - ok
21:57:08.0144 1072rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:57:08.0213 1072rdbss - ok
21:57:08.0233 1072rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:57:08.0277 1072rdpbus - ok
21:57:08.0322 1072RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:57:08.0396 1072RDPCDD - ok
21:57:08.0456 1072RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
21:57:08.0610 1072RDPDR - ok
21:57:08.0677 1072RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:57:08.0747 1072RDPENCDD - ok
21:57:08.0784 1072RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:57:08.0826 1072RDPREFMP - ok
21:57:08.0891 1072RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
21:57:08.0946 1072RDPWD - ok
21:57:09.0008 1072rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:57:09.0061 1072rdyboost - ok
21:57:09.0092 1072regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
21:57:09.0161 1072regi - ok
21:57:09.0210 1072RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:57:09.0301 1072RemoteAccess - ok
21:57:09.0342 1072RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:57:09.0400 1072RemoteRegistry - ok
21:57:09.0440 1072RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
21:57:09.0558 1072RFCOMM - ok
21:57:09.0587 1072RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:57:09.0641 1072RpcEptMapper - ok
21:57:09.0658 1072RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:57:09.0750 1072RpcLocator - ok
21:57:09.0967 1072RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:57:10.0017 1072RpcSs - ok
21:57:10.0064 1072rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:57:10.0126 1072rspndr - ok
21:57:10.0224 1072RS_Service (b5a4b7d779cf4070df408de18bd33b02) C:\Program Files\Acer\Acer VCM\RS_Service.exe
21:57:10.0264 1072RS_Service ( UnsignedFile.Multi.Generic ) - warning
21:57:10.0264 1072RS_Service - detected UnsignedFile.Multi.Generic (1)
21:57:10.0306 1072s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
21:57:10.0459 1072s3cap - ok
21:57:10.0519 1072SABKUTIL - ok
21:57:10.0556 1072SABProcEnum - ok
21:57:10.0600 1072SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:57:10.0629 1072SamSs - ok
21:57:10.0745 1072SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:57:10.0793 1072SASDIFSV - ok
21:57:10.0817 1072SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:57:10.0847 1072SASKUTIL - ok
21:57:10.0903 1072sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:57:11.0010 1072sbp2port - ok
21:57:11.0048 1072SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:57:11.0101 1072SCardSvr - ok
21:57:11.0143 1072scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:57:11.0188 1072scfilter - ok
21:57:11.0294 1072Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
21:57:11.0386 1072Schedule - ok
21:57:11.0436 1072SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:57:11.0507 1072SCPolicySvc - ok
21:57:11.0554 1072sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
21:57:11.0644 1072sdbus - ok
21:57:11.0669 1072SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
21:57:11.0762 1072SDRSVC - ok
21:57:11.0924 1072secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:57:11.0997 1072secdrv - ok
21:57:12.0034 1072seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:57:12.0095 1072seclogon - ok
21:57:12.0126 1072SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
21:57:12.0176 1072SENS - ok
21:57:12.0200 1072SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:57:12.0274 1072SensrSvc - ok
21:57:12.0294 1072Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:57:12.0321 1072Serenum - ok
21:57:12.0345 1072Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:57:12.0375 1072Serial - ok
21:57:12.0430 1072sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:57:12.0527 1072sermouse - ok
21:57:12.0594 1072SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
21:57:12.0682 1072SessionEnv - ok
21:57:12.0726 1072sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:57:12.0828 1072sffdisk - ok
21:57:12.0846 1072sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:57:12.0920 1072sffp_mmc - ok
21:57:12.0930 1072sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:57:13.0019 1072sffp_sd - ok
21:57:13.0047 1072sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:57:13.0074 1072sfloppy - ok
21:57:13.0167 1072SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:57:13.0224 1072SharedAccess - ok
21:57:13.0285 1072ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
21:57:13.0403 1072ShellHWDetection - ok
21:57:13.0447 1072sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:57:13.0573 1072sisagp - ok
21:57:13.0603 1072SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:57:13.0632 1072SiSRaid2 - ok
21:57:13.0662 1072SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:57:13.0689 1072SiSRaid4 - ok
21:57:13.0710 1072Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:57:13.0760 1072Smb - ok
21:57:13.0828 1072SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:57:13.0860 1072SNMPTRAP - ok
21:57:13.0887 1072spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:57:13.0914 1072spldr - ok
21:57:13.0984 1072Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
21:57:14.0078 1072Spooler - ok
21:57:14.0361 1072sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
21:57:14.0493 1072sppsvc - ok
21:57:14.0710 1072sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
21:57:14.0786 1072sppuinotify - ok
21:57:14.0903 1072SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:57:15.0037 1072SQLBrowser - ok
21:57:15.0055 1072SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:57:15.0092 1072SQLWriter - ok
21:57:15.0347 1072srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:57:15.0532 1072srv - ok
21:57:15.0599 1072srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:57:15.0759 1072srv2 - ok
21:57:15.0815 1072SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:57:15.0881 1072SrvHsfHDA - ok
21:57:15.0970 1072SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:57:16.0052 1072SrvHsfV92 - ok
21:57:16.0128 1072SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:57:16.0204 1072SrvHsfWinac - ok
21:57:16.0254 1072srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:57:16.0394 1072srvnet - ok
21:57:16.0512 1072SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:57:16.0588 1072SSDPSRV - ok
21:57:16.0622 1072SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:57:16.0672 1072SstpSvc - ok
21:57:16.0708 1072stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:57:16.0733 1072stexstor - ok
21:57:16.0804 1072StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
21:57:16.0916 1072StiSvc - ok
21:57:16.0967 1072storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
21:57:17.0076 1072storflt - ok
21:57:17.0203 1072StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
21:57:17.0340 1072StorSvc - ok
21:57:17.0360 1072storvsc (dcaffd62259e0bdb43322:13:15.0323 4984storvsc - ok
22:13:15.0383 4984swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
22:13:15.0495 4984swenum - ok
22:13:15.0566 4984swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
22:13:15.0650 4984swprv - ok
22:13:15.0706 4984SynTP (47183e3520c88fadd5b0c87d57040da5) C:\Windows\system32\DRIVERS\SynTP.sys
22:13:15.0808 4984SynTP - ok
22:13:16.0004 4984SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
22:13:16.0141 4984SysMain - ok
22:13:16.0188 4984TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
22:13:16.0304 4984TabletInputService - ok
22:13:16.0395 4984TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
22:13:16.0556 4984TapiSrv - ok
22:13:16.0599 4984TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
22:13:16.0664 4984TBS - ok
22:13:16.0842 4984Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
22:13:16.0925 4984Tcpip - ok
22:13:17.0180 4984TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
22:13:17.0230 4984TCPIP6 - ok
22:13:17.0431 4984tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:13:17.0529 4984tcpipreg - ok
22:13:17.0593 4984TcUsb (51d4e3f5d221539c0a4a186a27c09ad7) C:\Windows\system32\Drivers\tcusb.sys
22:13:17.0694 4984TcUsb - ok
22:13:17.0734 4984TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:13:17.0844 4984TDPIPE - ok
22:13:17.0907 4984TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
22:13:18.0004 4984TDTCP - ok
22:13:18.0053 4984tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
22:13:18.0149 4984tdx - ok
22:13:18.0221 4984TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
22:13:18.0369 4984TermDD - ok
22:13:18.0473 4984TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
22:13:18.0601 4984TermService - ok
22:13:18.0661 4984Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
22:13:18.0707 4984Themes - ok
22:13:18.0791 4984THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:13:18.0850 4984THREADORDER - ok
22:13:18.0909 4984TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
22:13:18.0962 4984TrkWks - ok
22:13:19.0057 4984TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
22:13:19.0184 4984TrustedInstaller - ok
22:13:19.0223 4984tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:13:19.0355 4984tssecsrv - ok
22:13:19.0445 4984TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:13:19.0607 4984TsUsbFlt - ok
22:13:19.0685 4984tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:13:19.0840 4984tunnel - ok
22:13:19.0902 4984uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:13:20.0014 4984uagp35 - ok
22:13:20.0046 4984UBHelper (d79c0b9bb011218b93705cbf77fa3e5e) C:\Windows\system32\drivers\UBHelper.sys
22:13:20.0117 4984UBHelper - ok
22:13:20.0184 4984udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:13:20.0314 4984udfs - ok
22:13:20.0370 4984UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
22:13:20.0503 4984UI0Detect - ok
22:13:20.0548 4984uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:13:20.0753 4984uliagpkx - ok
22:13:20.0818 4984umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
22:13:21.0006 4984umbus - ok
22:13:21.0035 4984UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:13:21.0192 4984UmPass - ok
22:13:21.0258 4984UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
22:13:21.0385 4984UmRdpService - ok
22:13:21.0503 4984Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
22:13:21.0570 4984Updater Service - ok
22:13:21.0623 4984upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
22:13:21.0684 4984upnphost - ok
22:13:21.0741 4984USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
22:13:21.0916 4984USBAAPL - ok
22:13:21.0993 4984usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
22:13:22.0123 4984usbaudio - ok
22:13:22.0154 4984usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
22:13:22.0409 4984usbccgp - ok
22:13:22.0432 4984usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:13:22.0576 4984usbcir - ok
22:13:22.0606 4984usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
22:13:22.0741 4984usbehci - ok
22:13:22.0779 4984usbfilter (0150b06d3e73f6c27afcb963fd931820) C:\Windows\system32\DRIVERS\usbfilter.sys
22:13:22.0877 4984usbfilter - ok
22:13:22.0922 4984usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:13:23.0049 4984usbhub - ok
22:13:23.0111 4984usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
22:13:23.0167 4984usbohci - ok
22:13:23.0210 4984usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:13:23.0306 4984usbprint - ok
22:13:23.0325 4984USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:13:23.0509 4984USBSTOR - ok
22:13:23.0568 4984usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
22:13:23.0719 4984usbuhci - ok
22:13:23.0904 4984usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
22:13:24.0065 4984usbvideo - ok
22:13:24.0126 4984UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
22:13:24.0175 4984UxSms - ok
22:13:24.0221 4984VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:13:24.0252 4984VaultSvc - ok
22:13:24.0318 4984vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:13:24.0436 4984vdrvroot - ok
22:13:24.0547 4984vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
22:13:24.0724 4984vds - ok
22:13:24.0760 4984vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:13:24.0912 4984vga - ok
22:13:24.0938 4984VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:13:25.0108 4984VgaSave - ok
22:13:25.0161 4984vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:13:25.0388 4984vhdmp - ok
22:13:25.0445 4984viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:13:25.0637 4984viaagp - ok
22:13:25.0678 4984ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:13:25.0853 4984ViaC7 - ok
22:13:25.0883 4984viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:13:26.0002 4984viaide - ok
22:13:26.0094 4984vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
22:13:26.0234 4984vmbus - ok
22:13:26.0251 4984VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
22:13:26.0398 4984VMBusHID - ok
22:13:26.0460 4984volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:13:26.0575 4984volmgr - ok
22:13:26.0625 4984volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:13:26.0724 4984volmgrx - ok
22:13:26.0809 4984volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:13:26.0955 4984volsnap - ok
22:13:26.0999 4984vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:13:27.0100 4984vsmraid - ok
22:13:27.0259 4984VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
22:13:27.0416 4984VSS - ok
22:13:27.0499 4984vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
22:13:27.0610 4984vwifibus - ok
22:13:27.0633 4984vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
22:13:27.0734 4984vwififlt - ok
22:13:27.0789 4984vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
22:13:27.0883 4984vwifimp - ok
22:13:27.0951 4984W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
22:13:28.0044 4984W32Time - ok
22:13:28.0095 4984WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:13:28.0186 4984WacomPen - ok
22:13:28.0255 4984WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:13:28.0349 4984WANARP - ok
22:13:28.0358 4984Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:13:28.0407 4984Wanarpv6 - ok
22:13:28.0589 4984WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
22:13:28.0665 4984WatAdminSvc - ok
22:13:28.0977 4984wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
22:13:29.0162 4984wbengine - ok
22:13:29.0222 4984WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
22:13:29.0302 4984WbioSrvc - ok
22:13:29.0378 4984wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
22:13:29.0556 4984wcncsvc - ok
22:13:29.0589 4984WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
22:13:29.0739 4984WcsPlugInService - ok
22:13:29.0801 4984Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:13:29.0955 4984Wd - ok
22:13:30.0019 4984Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:13:30.0099 4984Wdf01000 - ok
22:13:30.0133 4984WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:13:30.0251 4984WdiServiceHost - ok
22:13:30.0263 4984WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:13:30.0298 4984WdiSystemHost - ok
22:13:30.0357 4984WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
22:13:30.0461 4984WebClient - ok
22:13:30.0489 4984Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
22:13:30.0545 4984Wecsvc - ok
22:13:30.0570 4984wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
22:13:30.0620 4984wercplsupport - ok
22:13:30.0662 4984WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
22:13:30.0715 4984WerSvc - ok
22:13:30.0754 4984WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:13:30.0842 4984WfpLwf - ok
22:13:30.0862 4984WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:13:30.0936 4984WIMMount - ok
22:13:31.0002 4984winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:13:31.0161 4984winachsf - ok
22:13:31.0305 4984WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
22:13:31.0394 4984WinDefend - ok
22:13:31.0423 4984WinHttpAutoProxySvc - ok
22:13:31.0650 4984Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
22:13:31.0711 4984Winmgmt - ok
22:13:31.0852 4984WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
22:13:31.0962 4984WinRM - ok
22:13:32.0083 4984WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
22:13:32.0171 4984WinUsb - ok
22:13:32.0291 4984Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
22:13:32.0351 4984Wlansvc - ok
22:13:32.0667 4984wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:13:32.0753 4984wlidsvc - ok
22:13:32.0927 4984WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
22:13:33.0028 4984WmiAcpi - ok
22:13:33.0109 4984wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
22:13:33.0229 4984wmiApSrv - ok
22:13:33.0413 4984WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:13:33.0629 4984WMPNetworkSvc - ok
22:13:33.0742 4984WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
22:13:33.0868 4984WPCSvc - ok
22:13:33.0935 4984WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
22:13:34.0045 4984WPDBusEnum - ok
22:13:34.0254 4984ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:13:34.0360 4984ws2ifsl - ok
22:13:34.0390 4984wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
22:13:34.0429 4984wscsvc - ok
22:13:34.0495 4984WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
22:13:34.0656 4984WSDPrintDevice - ok
22:13:34.0668 4984WSearch - ok
22:13:34.0911 4984wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
22:13:35.0030 4984wuauserv - ok
22:13:35.0195 4984WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
22:13:35.0335 4984WudfPf - ok
22:13:35.0374 4984WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:13:35.0460 4984WUDFRd - ok
22:13:35.0520 4984wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
22:13:35.0645 4984wudfsvc - ok
22:13:35.0698 4984WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
22:13:35.0761 4984WwanSvc - ok
22:13:35.0796 4984XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
22:13:35.0869 4984XAudio - ok
22:13:36.0022 4984YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
22:13:36.0099 4984YahooAUService - ok
22:13:36.0158 4984MBR (0x1B8) (6fc6f9186c07bca94e140f63bfe6e9b4) \Device\Harddisk0\DR0
22:13:39.0553 4984\Device\Harddisk0\DR0 - ok
22:13:39.0587 4984Boot (0x1200) (f6db4357816cb62e20c12650128fa49f) \Device\Harddisk0\DR0\Partition0
22:13:39.0590 4984\Device\Harddisk0\DR0\Partition0 - ok
22:13:39.0612 4984Boot (0x1200) (8724746da5f04487e5f43566f61d6ad3) \Device\Harddisk0\DR0\Partition1
22:13:39.0615 4984\Device\Harddisk0\DR0\Partition1 - ok
22:13:39.0616 4984============================================================
22:13:39.0616 4984Scan finished
22:13:39.0616 4984============================================================
22:13:39.0640 5312Detected object count: 0
22:13:39.0640 5312Actual detected object count: 0
22:13:45.0411 5400Deinitialize success
Discussion
167.

Solve : Virus help before I strangle teenager :)?

Answer»

Seems to be okay
Online Armor is asking at start up if I want to allow MRT.exe (microsoft recovery tool)
Am I to allow it?

and yep, ready for cleanup. I really appreciate all the help.Go ahead and allow. It is required for Windows to finish its update process.

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done
To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make SURE you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Antivirus
Online Armor 4.0
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 20
Adobe Flash Player 10.0.45.2
Adobe Reader 6.0.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Tall Emu Online Armor OAcat.exe
Tall Emu Online Armor oasrv.exe
Tall Emu Online Armor oaui.exe
Tall Emu Online Armor OAhlp.exe
Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````



(and I've updated the Adobe reader) Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware
  • SpywareBlaster
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  • Spybot - Search & Destroy.
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ADS for information. Ask in a security forum that you trust if you are not sure. If you are unsure and LOOKING for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your LOCAL computer's loopback address, meaning it will be difficult to infect your computer in the future.
Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:
See this page for more info about malware and prevention.
Discussion
168.

Solve : Fighting infection?

Answer»

Thank you for all your help! Quote

Thank you for all your help!
You're welcome.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type commy /uninstall in the runbox
* Make sure there's a space between commy and /Uninstall
* Then hit Enter

* The above procedure will:
* DELETE the following:
* ComboFix and its associated files and folders.
* Reset the clock SETTINGS.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

=================================

Download OTC by OldTimer and save it to your desktop.

1. Double-click OTC to run it.
2. Click the CleanUp! button.
3. Select Yes when the "Begin cleanup Process?" prompt appears.
4. If you are prompted to Reboot during the cleanup, select Yes
5. OTC should delete itself once it finishes, if not delete it yourself.

==================================

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

======================================
Use the Secunia Software Inspector to check for out of DATE software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your BROWSER. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
Discussion
169.

Solve : my computer is infected?

Answer»

Hi,
My laptop is infected.
1. it does not have antivirus. it is not letting me install any new software to follow your steps in the malware help removal.
PLEASE help me.

Thanks,
SreeSorry for the delay, we are busy here on the boards. If you are still having issues, please do the following:


Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click FINISH.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection PROCESS. If asked to restart the computer, please do so immediately.Hi,
Thanks for the reply. I cleaned my laptop now. Thanks for your help.

Thanks,
SreeMost of the time, when you have originally detected the malware issue, it means the computer is infected by malware of some sort. Antivirus SCANNERS may not show a sign of the malware still being there, which could be a sign of a rootkit.

Whenever rootkit scanners, and antivirus software scan for the rootkit, it gets as close to the system kernel as possible. If the rootkit is beyond that point, it will not be detected.

So, the idea is, is when you POST to a forum that you need help removing malware, it is best to stay with the helper, to ensure your computer is clean. However, it is up to you to continue or not.
Discussion
170.

Solve : Snap.do?

Answer»

Quote

Standard Windows directory ‘Program Files’(where new applications are usually installed) doesn’t have a folder called ‘Snap.Do’, but another one called ‘LTD’ that doesn’t seem to be related to Snap.Do at a glimpse (in fact, this it belongs to Snap.Do). Main executable file of Snap.Do is located in a hidden path (C:\Users\USER_NAME\AppData\Local), in a folder called ‘Smartbar’.
Harry, did you look in ADD/Remove programs for any programs that were install just prior to this thing popping up?
Also try running MBAM again.

Quote
If you want to remove Snap.Do from your PC, please find below step-by-step instructions.

Note. This is a self-help guide. Use it at your own risk. This article is provided "as is" and to be used for information purposes.

1. Before you START, please make sure you are logged as a system administrator. Also, please save a copy of your important documents/files on an external hard drive.

2. Close all your browsers if any.

3. Open your Task Manager (right click on your task bar and choose ‘Task Manager’ from the context menu):

• In the ‘Processes’ tab, please find Lrcnta.exe and SnapDo.exe, right click on each one and choose ‘End Process’ from the context menu;
• In the ‘Services’ tab, please find LPTSystemUpdater and stop it using right-click menu.
4. From your desktop, click on Windows Start button and choose CONTROL Panel option (Windows 8 users: right-click on ‘Windows Start’ icon (by default, it is located in the left bottom corner of your screen), and choose Control Panel from the context menu):

• Click ‘Programs and Features’ (Windows Vista, 7 and /‘Add or Remove Programs’ (Windows XP),
• Find 2 entries: Snap.Do and Snap.Do Engine by ReSoft Ltd.,
• Right click on ‘Snap.Do’ and click on ‘UNINSTALL’ button,
• When a window below opens, click on a ‘CUSTOM’ button, and in the 2nd window check ‘Remove Snap.Do’ (making sure that 2 other boxes are UN-checked):

• in the next window, click on ‘Accept’, and then – ‘Continue’ (as we’ve CLOSED the browsers in step 2):

• Wait a few moments for the program to finish uninstallation. Once done, please press F5 key on your keyboard (while being in ‘Programs and Features’ window making sure you don’t have Snap.Do and Snap.Do Engine here anymore.

5. Please make sure that hidden files in your Windows Explorer are visible: Start –> Control Panel (Appearance and Personalization) –> Folder Options –> ‘View’ tab –> find ‘Hidden files and folders’ and check a box ‘Show hidden files, folders, and drives’.

6. Follow this path - C:\Users\YOUR_USER_NAME\AppData\Local\Temp (XP users: C:\Documents and Settings\YOUR_USER_NAME\Local Settings\Temp) -> highlight all the files/folders here -> press ‘Shift’+’Delete’ and click ‘Yes’ to completely clean this folder (Note. If you receive messages that some files cannot be removed, just skip the file in question).

7. Please find the directories below and make sure that Snap.Do folders are removed:
C:\Program Files (x86)\LPT
C:\Users\YOUR_USER_NAME\AppData\Local\Smartbar

8. Now please make sure that your browser is clean:
More to come after these are the processes



[attachment deleted by admin to conserve space]These are the services



[attachment deleted by admin to conserve space]These are add and remove



[attachment deleted by admin to conserve space]MBAM Clear after deleting this



[attachment deleted by admin to conserve space]Nothing found so its not done.


• In the ‘Processes’ tab, please find Lrcnta.exe and SnapDo.exe, right click on each one and choose ‘End Process’ from the context menu;
• In the ‘Services’ tab, please find LPTSystemUpdater and stop it using right-click menu.
4. From your desktop, click on Windows Start button and choose Control Panel option (Windows 8 users: right-click on ‘Windows Start’ icon (by default, it is located in the left bottom corner of your screen), and choose Control Panel from the context menu):

• Click ‘Programs and Features’ (Windows Vista, 7 and /‘Add or Remove Programs’ (Windows XP),
• Find 2 entries: Snap.Do and Snap.Do Engine by ReSoft Ltd.,
• Right click on ‘Snap.Do’ and click on ‘Uninstall’ button,
• When a window below opens, click on a ‘CUSTOM’ button, and in the 2nd window check ‘Remove Snap.Do’ (making sure that 2 other boxes are UN-checked):

• in the next window, click on ‘Accept’, and then – ‘Continue’ (as we’ve closed the browsers in step 2):


How do I do these and where

6. Follow this path - C:\Users\YOUR_USER_NAME\AppData\Local\Temp (XP users: C:\Documents and Settings\YOUR_USER_NAME\Local Settings\Temp) -> highlight all the files/folders here -> press ‘Shift’+’Delete’ and click ‘Yes’ to completely clean this folder (Note. If you receive messages that some files cannot be removed, just skip the file in question).

7. Please find the directories below and make sure that Snap.Do folders are removed:
C:\Program Files (x86)\LPT
C:\Users\YOUR_USER_NAME\AppData\Local\Smartbar

You can uninstall all those Java except 8-51. You can't uninstall either of those Snap.do? Are you logged in as Adm?
Do a search for this: C:\Users\YOUR_USER_NAME\AppData\Local\Temp (XP users: C:\Documents and Settings\YOUR_USER_NAME\Local Settings\Temp) Quote from: SuperDave on August 18, 2015, 07:56:31 PM
You can uninstall all those Java except 8-51. You can't uninstall either of those Snap.do? Are you logged in as Adm?
Do a search for this: C:\Users\YOUR_USER_NAME\AppData\Local\Temp (XP users: C:\Documents and Settings\YOUR_USER_NAME\Local Settings\Temp)


Java cleared

I'm always logged as admin

Cannot uninstall snap do in A&R

Searched but nothing foundAnd you can't find anything in your hard drive such as Program Files? MBAM is supposed to remove this pest.Nothing in files, I have tried as I know best to go through the PC.

I have tried MBAM a few times, no luck.

I guess its here to stay I'll do some more checking and will get back to you.
Discussion
171.

Solve : Power Query Tab missing from Excel 2013 after download and a file within missing?

Answer»

Having completed the step that was suggested i still have the power query tab missing and i recieve this dialog box error message, which i cannot make much sense of. I have PASTED the entireity of the error message below. What do I need to do to make the power query tab appear.
Image
See the end of this message for DETAILS on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.Office.Interop.Excel, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c' or one of its dependencies. The system cannot find the file specified.
File name: 'Microsoft.Office.Interop.Excel, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c'
at Microsoft.Mashup.Client.Excel.AddIn.Try CreateApplication(Object appObject, IApplication&AMP; application)
at Microsoft.Mashup.Client.Excel.AddIn.Ext ensibility.IDTExtensibility2.OnConnecti on(Object application, ext_ConnectMode connectMode, Object addInInst, Array& custom)

WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
Note: There is some performance penalty associated with assembly bind failure logging.
To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].



************** Loaded Assemblies **************
mscorlib
Assembly Version: 4.0.0.0
WIN32 Version: 4.0.30319.34209 built by: FX452RTMGDR
CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v4.0.30319/mscorlib.dll
----------------------------------------
Microsoft.Mashup.Client.Excel
Assembly Version: 1.0.0.0
Win32 Version: 2.25.4095.242
CodeBase: file:///C:/Program%20Files/Microsoft%20Power%20Query%20for%20Excel/bin/Microsoft.Mashup.Client.Excel.dll
----------------------------------------
Extensibility
Assembly Version: 7.0.3300.0
Win32 Version: 7.00.9466
CodeBase: file:///C:/WINDOWS/assembly/GAC/Extensibility/7.0.3300.0__b03f5f7f11d50a3a/Extensibility.dll
----------------------------------------
office
Assembly Version: 15.0.0.0
Win32 Version: 15.0.4745.1002
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/office/15.0.0.0__71e9bce111e9429c/office.dll
----------------------------------------
Microsoft.Mashup.Client.Windows
Assembly Version: 1.0.0.0
Win32 Version: 2.25.4095.242
CodeBase: file:///C:/Program%20Files/Microsoft%20Power%20Query%20for%20Excel/bin/Microsoft.Mashup.Client.Windows.DLL
----------------------------------------
Microsoft.Mashup.Document
Assembly Version: 1.0.0.0
Win32 Version: 2.25.4095.242
CodeBase: file:///C:/Program%20Files/Microsoft%20Power%20Query%20for%20Excel/bin/Microsoft.Mashup.Document.DLL
----------------------------------------
System
Assembly Version: 4.0.0.0
Win32 Version: 4.0.30319.34239 built by: FX452RTMGDR
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Core
Assembly Version: 4.0.0.0
Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll
----------------------------------------
Microsoft.MashupEngine
Assembly Version: 1.0.0.0
Win32 Version: 2.25.4095.242
CodeBase: file:///C:/Program%20Files/Microsoft%20Power%20Query%20for%20Excel/bin/Microsoft.MashupEngine.DLL
----------------------------------------
System.Drawing
Assembly Version: 4.0.0.0
Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Windows.Forms
Assembly Version: 4.0.0.0
Win32 Version: 4.0.30319.34250 built by: FX452RTMGDR
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
Microsoft.Mashup.OleDbProvider
Assembly Version: 1.0.0.0
Win32 Version: 2.25.4095.242
CodeBase: file:///C:/Program%20Files/Microsoft%20Power%20Query%20for%20Excel/bin/Microsoft.Mashup.OleDbProvider.DLL
----------------------------------------
System.Web.Mvc
Assembly Version: 2.0.0.0
Win32 Version: 2.0.60926.0
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Web.Mvc/2.0.0.0__31bf3856ad364e35/System.Web.Mvc.dll
----------------------------------------
System.Web.Routing
Assembly Version: 4.0.0.0
Win32 Version: 4.0.30319.33440
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Web.Routing/v4.0_4.0.0.0__31bf3856ad364e35/System.Web.Routing.dll
----------------------------------------
System.Web
Assembly Version: 4.0.0.0
Win32 Version: 4.0.30319.34248 built by: FX452RTMGDR
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_32/System.Web/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Web.dll
----------------------------------------
Microsoft.Mashup.Client.Models
Assembly Version: 1.0.0.0
Win32 Version: 2.25.4095.242
CodeBase: file:///C:/Program%20Files/Microsoft%20Power%20Query%20for%20Excel/bin/Microsoft.Mashup.Client.Models.DLL
----------------------------------------
EventSource
Assembly Version: 1.0.0.0
Win32 Version: 1.0.2236.3
CodeBase: file:///C:/Program%20Files/Microsoft%20Power%20Query%20for%20Excel/bin/EventSource.DLL
----------------------------------------
System.Configuration
Assembly Version: 4.0.0.0
Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Xml
Assembly Version: 4.0.0.0
Win32 Version: 4.0.30319.34230 built by: FX452RTMGDR
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:





When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger REGISTERED on the computer
rather than be handled by this dialog box.Why are you posting this in the malware forum?
Discussion
172.

Solve : Keep getting pop-ups about installing a Windows Vista Driver?

Answer»

Sorry I haven't gotten back to you before now, lot of things GOING on here. My Seagate Manager does not save things that way. It will ask you what you want to save, i.e., files, folders, photos, music, VIDEOS, etc., and you just click on those things and it saves them all, doesn't pick out one in particular. Now, I have plugged it into my husband's laptop to put the pictures on that and it doesn't do it. I'm thinking it's because he has Windows 7, mine is VISTA, and I don't think he has Windows Photo Gallery, it's some other Photo THING. I will look and see. It did transfer some stuff to the laptop, don't remember what right now as it was a while ago. I will try to look in the next few days and report to you what I find out. I will try to put the photos on his machine again. Thanks!
I realize that the instructions that I gave you is not the same as the Seagate Manager but if you can't save files to the ext. drive using the method I've described it will mean that there is something not quite correct with the ext. drive.Solved the PROBLEM, Super Dave, I got a new computer!
well, that's one solution I hadn't thought about. Keep safe.
Discussion
173.

Solve : Virus and something, possible spyware?

Answer»

Yeah [5]


[attachment deleted by admin to conserve space]Please do not ATTACH your logs unless absolutely necessary. Copy and paste them in your reply(ies)

There was lots of Spyware but it should be all gone now. Any other questions, problems?Oh okay . I'm sorry about that.Umm ... No .


Thank you for your help Mr Dave


I'll take care of the REST from here.


Namastey Click Start> Computer> right click the C Drive and CHOOSE Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
***************************************
This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

  • Activate UAC (optional; some users prefer to KEEP it off)
  • Remove disinfection tools
  • Create Registry backup
  • Purge System Restore Points
  • Re-set system settings
Now click "Run" and wait patiently.
Once finished a LOGFILE will be created. You don't have to attach it to your next reply.
********************************************
I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
Discussion
174.

Solve : Google virus ad pop up on my Samsung Galaxy 3 android phone!?

Answer»

Maybe because the Galaxy 3 phones aren't secure enough. I'm not SURE. It happens at least 3 times a week. When I press the home button, it goes to the home page. Any assistance would be APPRECIATED. Thanks.

[attachment deleted by admin to CONSERVE space]I'd post in the Malware section of the Forums...How do I move it to that section?Are they happening when you VISIT certain websites? Those messages are coming from websites you are visiting/being redirected to, not a malicious app installed on your device.i can just sit my phone down, and messages like that will pop up. Uber app pops up too. Game apps also. When I click on repair button, it sends me to a phone antivirus app. Galaxy 3 doesn't catch the pop up ads, I guess. Is there a legit app that will help with that annoying problem?
Discussion
175.

Solve : virus wont let me connect to internet?

Answer»

Quote

how do I update drivers? it is wireless
When you right-click on the device in Device Manager and SELECT Properties you should see a BUTTON there to update the drivers but I WOULD suspect there is something wrong with the interface.
Did you try connecting your computer to the modem with a cable?I tired connecting to ROUTER with wire no internet access
Did you try resetting the modem? Do you have a laptop or notebook to try on that modem? its a laptop I did reset modem and all other devices connect fine. I reset drivers still no luck
Do you GET any yellow warning icons in Device Manager?
Discussion
176.

Solve : spyware help?

Answer»

You should TRY CONTACTING MS.
Discussion
177.

Solve : HELP! C://Windows/system32/ipconfig.exe window pops up and dissapears?

Answer»

You won't EVEN NOTICE that MSE is working. Did you run the AdwCleaner SCAN?
Discussion
178.

Solve : "This site can't be reached" = ERR_Invalid_ARGUMENT?

Answer»

You may be right … it's back but with fewer deletions. I ran JRT again and only 14 deletions showed up. There are two files with EXCLAMATION marks that I tried to delete from the registry => didn't happen! Also, I added a REM to the line…that didn't take either. Those two files continue to show up. Whatever those files represent is very possible the problem.

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64
Ran by Mels (Administrator) on Sun 11/13/2016 at 18:01:16.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




FILE System: 16

Successfully deleted: C:\Users\Mels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HIEZ9IX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0IBKIU0Z (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5LGNH4GS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D08Q5LOW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E95WY7YF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0T62ECR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M387UF96 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URA0U975 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HIEZ9IX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0IBKIU0Z (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5LGNH4GS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D08Q5LOW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E95WY7YF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0T62ECR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M387UF96 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URA0U975 (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/13/2016 at 18:09:54.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
My friend phoned to tell me it happened again … She's sending the latest JRT text file. I'm narrowing this problem down to find out which files are left standing and causing the problem. Any thoughts are welcomed…tommyThe latest JRT text as of this morning:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64
Ran by Mels (Administrator) on Mon 11/14/2016 at 9:43:55.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 14

Successfully deleted: C:\Users\Mels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HIEZ9IX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0IBKIU0Z (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5LGNH4GS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D08Q5LOW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E95WY7YF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0T62ECR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URA0U975 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HIEZ9IX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0IBKIU0Z (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5LGNH4GS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D08Q5LOW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E95WY7YF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0T62ECR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URA0U975 (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/14/2016 at 9:55:07.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64
Ran by Mels (Administrator) on Mon 11/14/2016 at 9:43:55.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 14

Successfully deleted: C:\Users\Mels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HIEZ9IX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0IBKIU0Z (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5LGNH4GS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D08Q5LOW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E95WY7YF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0T62ECR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URA0U975 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HIEZ9IX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0IBKIU0Z (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5LGNH4GS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D08Q5LOW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E95WY7YF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0T62ECR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URA0U975 (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/14/2016 at 9:55:07.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Are you still experiencing the same problem?Maybe not Dave … I "THINK" the problem has been resolved … I updated that worst of the worst browsers KNOWN to the computing world => I.E. since that was in the text report JRT, and installed Mozilla Firefox to open to Yahoo. She likes Yahoo so I performed a work-around. So far so good. I found many - many Google matches on that topic. Even some not-too-easy to read YOUTUBE videos.

I've concluded the problem has so many variances that trying to nail one specific problem down to a "fix" is trial and error. Perhaps my SUBJECT would lend itself to more interest in an effort to find a solution. My friend told me she has several of her customers who are having the same exact problem with one variation => email.

In an effort to keep this topic in the forefront of curious computer minds, I'll post again on any NEW issues should I work to address others problems as well. TommySince the user claims the problem is solved, this topic is closed. Please start a new topic for further help.

=>SOLVED
Discussion
179.

Solve : Bad Image When Opening Some Applications?!?!?

Answer»

I do not think that that posted correctly and I am not sure where it cut off. I have posted them on pastebin if that is okay. If you have any other preferred methods to post the results please FEEL free to suggest them.

The OTL Logfile - http://pastebin.com/iGCjiDEW

The OTL Extras Logfile - http://pastebin.com/9CxfxXLT

I cant try to fit the results across multiple posts if needed. We're going to have to figure out a way to repair those files. Can you borrow a Windows 10 disk. It must be the same version that you have installed? 64 bit ProI do not have a windows 10 disk that I can borrow, but can't I download one off of the internet and put it on a USB?You can get a replacement from MS if you give them a call.Okay I have ATTAINED a USB with windows 10 installation on it. From here now what. Sorry for the delayed reply, with the holidays and all I was very busy.To RUN the SFC /SCANNOW Command in Windows 10
Click All Apps, select Windows Systems and select Command Prompt

2. To Scan and Repair System Files
NOTE: Scans the integrity of all protected system files and repairs the system files if needed.
A) In the elevated command prompt, type sfc /scannow and press Enter. (see screenshot below)
NOTE: This may take some TIME to finish.



If it finds corrupted files it will ask for the Windows 10 Media. Insert your USB stick

B) Go to step 4.

3. To Only Verify if the System Files are Corrupted
NOTE: Scans and only verifies the integrity of all proteced system files only.
A) In the elevated command prompt, type sfc /verifyonly and press Enter.

4. When the scan is complete, hopefully you will see all is ok like the screenshot below.
NOTE: If not, then you can attempt to run a System Restore using a restore POINT dated before the bad file occured to fix it. You may need to repeat doing a System Restore until you find a older restore point that may work.



5. When done, close the elevated command prompt.Ok so after following what you have said about the SFC /scannow , my computer has found corrupt files. However you said that it would ask for Windows 10 media but it has not. This is a screenshot of what I see. https://gyazo.com/d873580a0b14df0c2061243f4640c74b

Also I tried uploading my CBS file in text form to this post but it was too long I guess. So I also tried uploading it to Pastebin.com but it exceeded its 512 kb limit. The file is also too large to attach to this post as I tried that as well. It is 6,531kb so I will use a third party service just in case you need it. If you have any other preferred method of viewing it please feel free to suggest it. Here is the CBS http://www.filedropper.com/cbs_10

Thanks again!What is the make of your computer?Hm, what do you mean the make of my computer? Do you mean the specs? Here are the specs if that is what you are referring too. https://gyazo.com/716f26fb430dfe5a36199116bb3f5f2eNo, I meant is it a HP, Toshiba, Lenova??It is self built so none of the above I guess? I built it back a few years ago now. Ok. Do you know how to change the boot menu to boot from the USB port? You will need to do that to boot the computer from the USB stick and do a repair.Yes I know how to do that. So boot from the USB then what from there?Set your computer to boot from the USB and then run SFC again to see if it will repair the corrupted files.
Discussion
180.

Solve : HELP DECRYPT?

Answer»

Everything seems to be OK THANK you many times ,but should I worry about my external hd Quote

but should I worry about my external hd
You can PERFORM all those scans on your external drive.
Discussion
181.

Solve : Re: Spyhunter loop booting upon opening laptop?

Answer»

I find myself in a tough place.. I use my android phone for everything but I am slowly being invaded by SOMETHING beyond my control. I have been tampered with in all my social media ACCOUNTS, my gmail... Everything even at home.. Call me paranoid but things I don't talk about with anyone but with my brother gets to be a hot topic among people I don't even know and or people who do know me.. I've been REQUESTING data copies from a few social accounts, which I've been to download and see info I have supposedly sent to other users that I haven't. Upon deactivating my account on fb I notice it was logged into 8. Different locations BUT MY PHONE was the only place I would use fb on.. I consistently change my PWS and emails and I am tired of it.. I've been even super careful with even using the Wi-Fi at home even though its secure. I find it invasive and intruding. I even feel I'm being watched just through my phone cam cause some ppl know what I even do, where I'm at too.. Its been hard for me to do much without being harressed, followed and listened to and or watched. I've been receiving LATELY insecure emails.. This website being redflagged by gmail. In need valid reasoning and or opinions on this matter thank you!! 911!Must add to I've been receiving block calls and 353 area code calls that are no longer in service I don't think we're the ones who can help with your problem. Sorry.
Discussion
182.

Solve : "The requested resourse is in use" - Malware is preventing ALL exe files to run.?

Answer»

Reports attached per your instructions

FYI
I was able to run ADW Cleaner from a CD and this is the screen shot of the result'
It has done the same thing before but it wont CLEAN it.

[attachment deleted by admin to conserve space]Run AdwCleaner again and, after the scan, hit the clean button.

Please activate your Windows Defender and Windows Firewall.

Please check your browsers for add-ons such as Ndistpr64.sys or other SUSPICIOUS add-ons. If you can't find any please re-set your browser.
Were you able to run MBAM?
Please do a search for C:\Windows\System32\drivers\ndistpr64.sys If you can find it, please DELETE it.
Discussion
183.

Solve : Spyhunter loop booting upon opening laptop?

Answer»

here it is
this happen when i open the laptop



[attachment deleted by ADMIN to conserve space]just like what happen to handyric
saw it on his youtube channel

https://youtu.be/tkYm7YR2jHQOk, I see. You can try uninstalling and re-installing Spyhunter to see if it makes any difference. This is just a problem with that program.nothing happens SIR
its still there UNINSTALL Spyhunter and see if it makes and changes.nothing changes sir

ive installed and uninstalled it a couple of times I want you to un-install it only. No re-install and see if it makes any difference.still there sir
ive uninstalled spyhunter
no changesOk. With Spyhunter uninstalled please run MBAM, AdwCleaner and JRT again to see if we can clear that problem.ok sir i will update you when im DONE thankshello sir
ive run MBAM, AdwCleaner and JRT
and its still there

Can you explain to me when you start your computer and when this SHOWS up?
Discussion
184.

Solve : Folders in local disk?

Answer»

I just NOTICED my local disk (Y) is almost FILLED. Random labeled folders are filling it up. Can a virus or hacker place labeled folders in there? Or do folders have to have been placed in there by a person? The folders are filled with files consisting of videos and pics that I did not place there. COULD SOMEONE else in my house have placed them there?You REALLY should check with anyone who has access to this computer and find out what they are doing with the computer.
Discussion
185.

Solve : Accidentally click on unknown exe?

Answer»

YesHere is some information about that file. I would suggest using the SFC Scannow.after doing sfc scannow it gives me the FOLLOWING result

Windows Resource Protection FOUND corrupt files but was unable to fix some of them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.Please try RUNNING SFC this way. It should ask for the Windows 10 disk or USB stick

To Run the SFC /SCANNOW Command in Windows 10
Click All Apps, select Windows Systems and select Command Prompt

2. To Scan and Repair System Files
NOTE: Scans the integrity of all protected system files and repairs the system files if needed.
A) In the elevated command prompt, type sfc /scannow and press Enter. (see screenshot below)
NOTE: This may take some time to finish.

If it finds corrupted files it will ask for the Windows 10 Media. Insert your USB stick

B) Go to step 4.

3. To Only Verify if the System Files are Corrupted
NOTE: Scans and only verifies the integrity of all proteced system files only.
A) In the elevated command prompt, type sfc /verifyonly and press Enter.

4. When the scan is complete, hopefully you will see all is ok like the screenshot below.
NOTE: If not, then you can attempt to run a System Restore using a restore point dated before the bad file occured to fix it. You may need to repeat doing a System Restore until you find a older restore point that may work.

5. When done, close the elevated command prompt.i cant see the screenshot... The result still the same after i put my windows drive

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection found corrupt files but was unable to fix some of them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.At this point I would suggest that you try all the fixes that are SUGGESTED in the document I gave you in reply 13. It seems like oawwrapper is the one causing you all the problems. If it can't be resolved you may have to re-install Windows 10.ok...Thanks for solving my prob
Discussion
186.

Solve : 2 problem?

Answer»

So I just GOT my new ASUS ROG Strix YESTERDAY and today, foolishly enough, I tried to download a video game torrent. It turned out to contain some malware, which my anti-virus detected and I asked for my anti-virus to put the malicious files in quarantine-mode (or whatever it's called). Anywho, right as I did that, I went for the system recovery and chose "remove all files and wipe the computer" option. Everything worked fine up until now, the recovery has been stuck at 34% for about an hour. All it says is "recovering this PC 34%", with the dots spinning around. So the screen isn't entirely frozen (dots are moving around, indicating the machine is working) but it's been stuck on 34%.

Worth mentioning is that my machine has an SSD (128gb) and HDD (1tb) and the game I downloaded was in my D: drive, i.e. on my HDD.

second question


I have a Toshiba laptop with WINDOWS 10. I keep getting error messages like below. In Services there must be a lot that are disabled but I cannot get into Services to correct the problems.

Network errors
Windows cannot access C:\WINDOWS\system32\cmd.exe

Windows cannot access C:\Windows\regedit.exe

Windows cannot access C:\Windows\system32\services.msc

an unspecified error occurred during system restore in safe mode.

When I go to system restore in Recovery in the control panel, I get System Restore could not start.


Any way I can fix this? Thank you.Did you make the optional recovery media for this computer? It could be used to wipe out infection and corruption. If none were made then you need to contact the computer manufacturer and explain to them that you need the recovery media because the computer crashed. If you tell them you downloaded and infected your system they might just say good luck with that without the media you need to PERFORM a clean factory INSTALL.
Discussion
187.

Solve : saved files and viruses?

Answer»

If you save/BACK- up FILES when changing COMPUTERS or os are you saving any VIRUSES they may CONTAIN?yesIt is best to scan those files before putting them back on your computer.Thanks for replies and advice.
Discussion
188.

Solve : I think My Computer has a virus?

Answer»

You may still keep MBAM on your computer and run a scan on a regular basis. You should uninstall and re-install Chrome and see if that makes any difference. Is the computer slow all the time or just when using Chrome? Does it do that with Internet Explorer?
It happens when I use Chrome and IE. Please try FIREFOX and see it that is also slow. Has it ALWAYS been like that or did it just start recently?I haven't used Firefox yet. But Google Chrome shutting off and being slow really has started to happen a lot lately. Maybe the last week or two.Please try FF to see if it will do the same thing and report back.I haven't done that yet but Google Chrome is a little BETTER today. It's not shutting off as much. I have a dumb question but I have The Directv Now Streaming Service. Do you think that might have something to do with it? I thought when I clicked on Task Manager that it used a lot of memory.Quote from: JackCatalano on JULY 26, 2018, 05:04:20 PM

I haven't done that yet but Google Chrome is a little better today. It's not shutting off as much. I have a dumb question but I have The Directv Now Streaming Service. Do you think that might have something to do with it? I thought when I clicked on Task Manager that it used a lot of memory.
That could be the problem. Try turning it off in Task Manager and watch what happens.
Discussion
189.

Solve : Can't delete hidden folder?

Answer»

If you're not worried about it then I'm not worried about it. Thanks so much for the help!CLICK Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore POINTS, you will SEE a significant change in the free space in C drive)
***************************************
I suggest using WOT - WEB of Trust. WOT is a free Internet security addon for your browser. It will KEEP you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
Discussion
190.

Solve : numerous emails?

Answer»

I am getting inundated with the same emails from SEVERAL people.
The LAST count was 105 from these same sources.

What do I kick to stop this?SuperDave, our malware specialist, will be around to HELP with this. But, I suggest you contact those senders ASAP, assuming you know them, and tell them about this so that they can investigate whether they have a virus in their COMPUTER. The entire problem may, indeed, be in their computers, not yours.

I hope you have up-to-date virus protection in your computer and are being careful not to OPEN suspect email attachments.
Discussion
191.

Solve : Computer runs very very very Slooooow?

Answer»

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and POST in your next reply
Dave, when I clicked on the link provided it would not come up, so I googled it and hope this is the right one.

Here is the log:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-25 11:14:30
-----------------------------
11:14:30.769 OS Version: Windows 5.1.2600 Service Pack 3
11:14:30.769 Number of processors: 2 586 0x209
11:14:30.769 ComputerName: MAIN UserName:
11:14:31.441 Initialize success
11:14:53.941 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:14:53.941 Disk 0 Vendor: WDC_WD2000BB-22DWA0 15.05R15 Size: 190782MB BusType: 3
11:14:55.957 Disk 0 MBR read successfully
11:14:55.957 Disk 0 MBR scan
11:14:55.957 Disk 0 unknown MBR code
11:14:55.957 Disk 0 scanning sectors +390700800
11:14:56.019 Disk 0 scanning C:\WINDOWS\system32\drivers
11:15:06.675 Service scanning
11:15:07.660 Service MpKslf8aeaf35 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7273E013-1E81-4B00-A83F-9B9FA3AF065E}\MpKslf8aeaf35.sys **LOCKED** 32
11:15:08.519 Modules scanning
11:15:37.504 Disk 0 trace - called modules:
11:15:37.535 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:15:37.535 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a650ab8]
11:15:37.550 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000007c[0x8a6b34c8]
11:15:37.550 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a655940]
11:15:37.894 Scan finished successfully
11:16:26.144 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sean and Wylene\My Documents\MBR.dat"
11:16:26.144 The log file has been saved successfully to "C:\Documents and Settings\Sean and Wylene\My Documents\aswMBRlog92511.txt"


Quote

Dave, when I clicked on the link provided it would not come up, so I googled it and hope this is the right one.
I'm sorry about that. I've fixed it.

Please download TDSSKiller from here and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button (If prompted with a "hidden service warning" do go ahead and delete it.)

  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
  • Note:It will also create a log in the C:\ directory.
Dave here is the log:

16:59:14.0082 3308TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
16:59:16.0082 3308============================================================
16:59:16.0082 3308Current date / time: 2011/09/25 16:59:16.0082
16:59:16.0082 3308SystemInfo:
16:59:16.0082 3308
16:59:16.0082 3308OS Version: 5.1.2600 ServicePack: 3.0
16:59:16.0082 3308Product type: Workstation
16:59:16.0082 3308ComputerName: MAIN
16:59:16.0082 3308UserName: Sean and Wylene
16:59:16.0082 3308Windows directory: C:\WINDOWS
16:59:16.0082 3308System windows directory: C:\WINDOWS
16:59:16.0082 3308Processor architecture: Intel x86
16:59:16.0082 3308Number of processors: 2
16:59:16.0082 3308Page size: 0x1000
16:59:16.0082 3308Boot type: Normal boot
16:59:16.0082 3308============================================================
16:59:18.0972 3308Initialize success
16:59:40.0879 2936============================================================
16:59:40.0879 2936Scan started
16:59:40.0879 2936Mode: Manual;
16:59:40.0879 2936============================================================
16:59:41.0441 2936Abiosdsk - ok
16:59:41.0613 2936abp480n5 - ok
16:59:41.0754 2936ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:59:41.0769 2936ACPI - ok
16:59:41.0941 2936ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:59:41.0941 2936ACPIEC - ok
16:59:42.0066 2936adpu160m - ok
16:59:42.0238 2936aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:59:42.0238 2936aec - ok
16:59:42.0394 2936AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
16:59:42.0394 2936AFD - ok
16:59:42.0535 2936AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
16:59:42.0535 2936AFS2K - ok
16:59:42.0722 2936agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:59:42.0722 2936agp440 - ok
16:59:42.0847 2936Aha154x - ok
16:59:42.0988 2936aic78u2 - ok
16:59:43.0097 2936aic78xx - ok
16:59:43.0363 2936ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:59:43.0441 2936ALCXWDM - ok
16:59:43.0644 2936AliIde - ok
16:59:43.0754 2936amsint - ok
16:59:43.0910 2936Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:59:43.0910 2936Arp1394 - ok
16:59:44.0066 2936asc - ok
16:59:44.0191 2936asc3350p - ok
16:59:44.0316 2936asc3550 - ok
16:59:44.0535 2936AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:59:44.0535 2936AsyncMac - ok
16:59:44.0722 2936atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:59:44.0722 2936atapi - ok
16:59:44.0879 2936Atdisk - ok
16:59:45.0066 2936ati2mtag (7182bf0f2a392d48e4aa732b970aac9c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:59:45.0066 2936ati2mtag - ok
16:59:45.0238 2936Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:59:45.0238 2936Atmarpc - ok
16:59:45.0394 2936audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:59:45.0394 2936audstub - ok
16:59:45.0550 2936azt2320 (73c5a32199187c780abb93090cf068f1) C:\WINDOWS\system32\drivers\aztw2320.sys
16:59:45.0550 2936azt2320 - ok
16:59:45.0738 2936Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:59:45.0738 2936Beep - ok
16:59:45.0863 2936catchme - ok
16:59:46.0019 2936cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:59:46.0019 2936cbidf2k - ok
16:59:46.0160 2936CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:59:46.0160 2936CCDECODE - ok
16:59:46.0300 2936cd20xrnt - ok
16:59:46.0441 2936Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:59:46.0441 2936Cdaudio - ok
16:59:46.0660 2936Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:59:46.0660 2936Cdfs - ok
16:59:46.0816 2936Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:59:46.0816 2936Cdrom - ok
16:59:46.0957 2936Changer - ok
16:59:47.0113 2936CmdIde - ok
16:59:47.0269 2936Cpqarray - ok
16:59:47.0425 2936CX23880 (2d0823367d535d8b5f88ada609d7a305) C:\WINDOWS\system32\drivers\cx88vid.sys
16:59:47.0425 2936CX23880 - ok
16:59:47.0629 2936CX88ENC (87befc829316a34c99cd95dbbf26398b) C:\WINDOWS\system32\drivers\cx88enc.sys
16:59:47.0660 2936CX88ENC - ok
16:59:47.0816 2936CX88XBAR (23474ae80bfc2769bbecc8ab9e9cafe5) C:\WINDOWS\system32\drivers\CX88XBARDUAL.sys
16:59:47.0816 2936CX88XBAR - ok
16:59:47.0972 2936CXTUNE (80527a04734d170b993fe84b5715cfae) C:\WINDOWS\system32\drivers\CX88TUNE.sys
16:59:47.0972 2936CXTUNE - ok
16:59:48.0113 2936dac2w2k - ok
16:59:48.0222 2936dac960nt - ok
16:59:48.0394 2936Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:59:48.0394 2936Disk - ok
16:59:48.0660 2936dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:59:48.0691 2936dmboot - ok
16:59:49.0035 2936dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:59:49.0082 2936dmio - ok
16:59:49.0363 2936dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:59:49.0363 2936dmload - ok
16:59:49.0535 2936DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:59:49.0535 2936DMusic - ok
16:59:49.0691 2936dpti2o - ok
16:59:49.0832 2936drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:59:49.0832 2936drmkaud - ok
16:59:50.0035 2936Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:59:50.0050 2936Fastfat - ok
16:59:50.0222 2936Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:59:50.0222 2936Fdc - ok
16:59:50.0379 2936Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:59:50.0379 2936Fips - ok
16:59:50.0550 2936Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:59:50.0550 2936Flpydisk - ok
16:59:50.0722 2936FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:59:50.0738 2936FltMgr - ok
16:59:50.0894 2936fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
16:59:50.0894 2936fssfltr - ok
16:59:51.0050 2936Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:59:51.0050 2936Fs_Rec - ok
16:59:51.0207 2936Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:59:51.0222 2936Ftdisk - ok
16:59:51.0363 2936GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:59:51.0379 2936GEARAspiWDM - ok
16:59:51.0535 2936Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:59:51.0535 2936Gpc - ok
16:59:51.0707 2936HidCom (50302c11ddd22215626aa8b5e85f08fb) C:\WINDOWS\system32\DRIVERS\BdHidCom.sys
16:59:51.0707 2936HidCom - ok
16:59:51.0863 2936HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
16:59:51.0863 2936HidIr - ok
16:59:52.0019 2936HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:59:52.0019 2936HidUsb - ok
16:59:52.0175 2936hpn - ok
16:59:52.0316 2936HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:59:52.0316 2936HPZid412 - ok
16:59:52.0457 2936HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:59:52.0472 2936HPZipr12 - ok
16:59:52.0644 2936HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:59:52.0644 2936HPZius12 - ok
16:59:52.0800 2936HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:59:52.0800 2936HTTP - ok
16:59:52.0925 2936i2omgmt - ok
16:59:53.0035 2936i2omp - ok
16:59:53.0191 2936i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:59:53.0191 2936i8042prt - ok
16:59:53.0347 2936ialm (b076eb745ec3c669d4ae953225366f1d) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:59:53.0347 2936ialm - ok
16:59:53.0550 2936Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:59:53.0550 2936Imapi - ok
16:59:53.0707 2936ini910u - ok
16:59:53.0894 2936IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
16:59:53.0894 2936IntelIde - ok
16:59:54.0050 2936intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:59:54.0050 2936intelppm - ok
16:59:54.0222 2936ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:59:54.0222 2936ip6fw - ok
16:59:54.0550 2936IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:59:54.0550 2936IpFilterDriver - ok
16:59:54.0785 2936IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:59:54.0800 2936IpInIp - ok
16:59:54.0957 2936IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:59:54.0957 2936IpNat - ok
16:59:55.0129 2936IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:59:55.0129 2936IPSec - ok
16:59:55.0269 2936IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
16:59:55.0285 2936IrBus - ok
16:59:55.0410 2936IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:59:55.0425 2936IRENUM - ok
16:59:55.0613 2936isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:59:55.0629 2936isapnp - ok
16:59:55.0785 2936Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
16:59:55.0785 2936Iviaspi - ok
16:59:55.0957 2936Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:59:55.0957 2936Kbdclass - ok
16:59:56.0097 2936kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:59:56.0097 2936kbdhid - ok
16:59:56.0269 2936kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:59:56.0269 2936kmixer - ok
16:59:56.0441 2936KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:59:56.0441 2936KSecDD - ok
16:59:56.0613 2936lbrtfdc - ok
16:59:56.0832 2936ltmodem5 (3070246fba35aa2e0c2251d55f5848f8) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
16:59:56.0832 2936ltmodem5 - ok
16:59:57.0004 2936mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:59:57.0004 2936mnmdd - ok
16:59:57.0175 2936Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:59:57.0175 2936Modem - ok
16:59:57.0332 2936Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:59:57.0332 2936Mouclass - ok
16:59:57.0488 2936mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:59:57.0488 2936mouhid - ok
16:59:57.0660 2936MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:59:57.0660 2936MountMgr - ok
16:59:57.0863 2936MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
16:59:57.0879 2936MpFilter - ok
16:59:57.0957 2936MpKsl00f9383a - ok
16:59:57.0988 2936MpKsl18d1653b - ok
16:59:58.0004 2936MpKsl270bd62d - ok
16:59:58.0035 2936MpKsl41b40909 - ok
16:59:58.0050 2936MpKsl657b5787 - ok
16:59:58.0082 2936MpKsl65888894 - ok
16:59:58.0097 2936MpKsl670a56ac - ok
16:59:58.0129 2936MpKsl77223706 - ok
16:59:58.0191 2936MpKsl7d82caec (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7273E013-1E81-4B00-A83F-9B9FA3AF065E}\MpKsl7d82caec.sys
16:59:58.0191 2936MpKsl7d82caec - ok
16:59:58.0207 2936MpKsl80889e0e - ok
16:59:58.0222 2936MpKsl82022988 - ok
16:59:58.0254 2936MpKsl900ce35f - ok
16:59:58.0269 2936MpKsl97463d76 - ok
16:59:58.0300 2936MpKsla64cc5a6 - ok
16:59:58.0316 2936MpKslc242287c - ok
16:59:58.0332 2936MpKslc3cfb65c - ok
16:59:58.0379 2936MpKslc44d95fc - ok
16:59:58.0394 2936MpKslcfe8629b - ok
16:59:58.0425 2936MpKsld0c3b2d3 - ok
16:59:58.0472 2936MpKsld9fe4884 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7273E013-1E81-4B00-A83F-9B9FA3AF065E}\MpKsld9fe4884.sys
16:59:58.0472 2936MpKsld9fe4884 - ok
16:59:58.0504 2936MpKsle16118fb - ok
16:59:58.0535 2936MpKsle1868d84 - ok
16:59:58.0582 2936MpKslf8aeaf35 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7273E013-1E81-4B00-A83F-9B9FA3AF065E}\MpKslf8aeaf35.sys
16:59:58.0613 2936MpKslf8aeaf35 - ok
16:59:58.0644 2936MpKslfceee1bd - ok
16:59:58.0675 2936MpKslfd546ba9 - ok
16:59:58.0800 2936mraid35x - ok
16:59:58.0972 2936MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:59:58.0972 2936MRxDAV - ok
16:59:59.0160 2936MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:59:59.0207 2936MRxSmb - ok
16:59:59.0394 2936Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:59:59.0394 2936Msfs - ok
16:59:59.0566 2936MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:59:59.0566 2936MSKSSRV - ok
16:59:59.0707 2936MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:59:59.0722 2936MSPCLOCK - ok
16:59:59.0863 2936MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:59:59.0863 2936MSPQM - ok
17:00:00.0035 2936mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:00:00.0050 2936mssmbios - ok
17:00:00.0191 2936MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:00:00.0191 2936MSTEE - ok
17:00:00.0347 2936ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
17:00:00.0347 2936ms_mpu401 - ok
17:00:00.0504 2936Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:00:00.0519 2936Mup - ok
17:00:00.0675 2936NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:00:00.0675 2936NABTSFEC - ok
17:00:00.0847 2936NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:00:00.0847 2936NDIS - ok
17:00:01.0004 2936NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:00:01.0004 2936NdisIP - ok
17:00:01.0160 2936NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:00:01.0175 2936NdisTapi - ok
17:00:01.0332 2936Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:00:01.0332 2936Ndisuio - ok
17:00:01.0504 2936NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:00:01.0504 2936NdisWan - ok
17:00:01.0644 2936NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:00:01.0644 2936NDProxy - ok
17:00:01.0816 2936NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:00:01.0816 2936NetBIOS - ok
17:00:01.0988 2936NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:00:01.0988 2936NetBT - ok
17:00:02.0207 2936NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:00:02.0207 2936NIC1394 - ok
17:00:02.0394 2936Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:00:02.0410 2936Npfs - ok
17:00:02.0582 2936Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:00:02.0613 2936Ntfs - ok
17:00:02.0816 2936NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
17:00:02.0816 2936NuidFltr - ok
17:00:02.0972 2936Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:00:02.0988 2936Null - ok
17:00:03.0222 2936nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:00:03.0285 2936nv - ok
17:00:03.0425 2936NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:00:03.0425 2936NwlnkFlt - ok
17:00:03.0582 2936NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:00:03.0582 2936NwlnkFwd - ok
17:00:03.0754 2936OADevice (57b641cd45e3dbd784aba7174724f4e0) C:\WINDOWS\system32\drivers\OADriver.sys
17:00:03.0863 2936OADevice - ok
17:00:04.0035 2936OAmon (f21b332dab65c9601267d8fc8c04899b) C:\WINDOWS\system32\drivers\OAmon.sys
17:00:04.0050 2936OAmon - ok
17:00:04.0207 2936OAnet (5577a7f637f02621cb643f0f470872fc) C:\WINDOWS\system32\drivers\OAnet.sys
17:00:04.0222 2936OAnet - ok
17:00:04.0394 2936ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:00:04.0394 2936ohci1394 - ok
17:00:04.0519 2936omoecx - ok
17:00:04.0691 2936PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys
17:00:04.0691 2936PalmUSBD - ok
17:00:04.0847 2936Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:00:04.0847 2936Parport - ok
17:00:05.0004 2936PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:00:05.0004 2936PartMgr - ok
17:00:05.0175 2936ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:00:05.0191 2936ParVdm - ok
17:00:05.0363 2936pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
17:00:05.0363 2936pavboot - ok
17:00:05.0519 2936PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:00:05.0519 2936PCI - ok
17:00:05.0660 2936PCIDump - ok
17:00:05.0800 2936PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:00:05.0816 2936PCIIde - ok
17:00:05.0972 2936Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:00:05.0972 2936Pcmcia - ok
17:00:06.0113 2936PDCOMP - ok
17:00:06.0238 2936PDFRAME - ok
17:00:06.0363 2936PDRELI - ok
17:00:06.0488 2936PDRFRAME - ok
17:00:06.0613 2936perc2 - ok
17:00:06.0738 2936perc2hib - ok
17:00:06.0941 2936pfc (e5ac9f8c128b597dd7919af96b84172e) C:\WINDOWS\system32\drivers\pfc.sys
17:00:06.0972 2936pfc - ok
17:00:07.0144 2936Point32 (b4f59a953ef9e507f0d00c3a68580b8b) C:\WINDOWS\system32\DRIVERS\point32.sys
17:00:07.0144 2936Point32 - ok
17:00:07.0316 2936PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:00:07.0316 2936PptpMiniport - ok
17:00:07.0472 2936Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:00:07.0472 2936Processor - ok
17:00:07.0629 2936Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
17:00:07.0644 2936Ps2 - ok
17:00:07.0832 2936PSI (365622e1f0b6d5f9871d76e89bf0501a) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
17:00:07.0847 2936PSI - ok
17:00:08.0144 2936Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:00:08.0160 2936Ptilink - ok
17:00:08.0316 2936PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
17:00:08.0316 2936PxHelp20 - ok
17:00:08.0472 2936ql1080 - ok
17:00:08.0629 2936Ql10wnt - ok
17:00:08.0754 2936ql12160 - ok
17:00:08.0894 2936ql1240 - ok
17:00:09.0066 2936ql1280 - ok
17:00:09.0222 2936RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:00:09.0222 2936RasAcd - ok
17:00:09.0394 2936Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:00:09.0394 2936Rasl2tp - ok
17:00:09.0550 2936RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:00:09.0550 2936RasPppoe - ok
17:00:09.0722 2936Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:00:09.0722 2936Raspti - ok
17:00:09.0910 2936Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:00:09.0910 2936Rdbss - ok
17:00:10.0066 2936RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:00:10.0066 2936RDPCDD - ok
17:00:10.0254 2936rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:00:10.0254 2936rdpdr - ok
17:00:10.0410 2936RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:00:10.0425 2936RDPWD - ok
17:00:10.0629 2936redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:00:10.0629 2936redbook - ok
17:00:10.0785 2936regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys
17:00:10.0785 2936regi - ok
17:00:11.0019 2936RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
17:00:11.0019 2936RTL8023xp - ok
17:00:11.0160 2936rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
17:00:11.0160 2936rtl8139 - ok
17:00:11.0238 2936SABProcEnum - ok
17:00:11.0300 2936SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:00:11.0316 2936SASDIFSV - ok
17:00:11.0347 2936SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
17:00:11.0347 2936SASENUM - ok
17:00:11.0410 2936SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
17:00:11.0410 2936SASKUTIL - ok
17:00:11.0629 2936Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:00:11.0629 2936Secdrv - ok
17:00:11.0816 2936serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:00:11.0816 2936serenum - ok
17:00:11.0988 2936Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:00:11.0988 2936Serial - ok
17:00:12.0207 2936Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:00:12.0207 2936Sfloppy - ok
17:00:12.0363 2936Simbad - ok
17:00:12.0504 2936SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:00:12.0504 2936SLIP - ok
17:00:12.0707 2936Sparrow - ok
17:00:12.0847 2936splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:00:12.0847 2936splitter - ok
17:00:13.0019 2936sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:00:13.0019 2936sr - ok
17:00:13.0222 2936Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:00:13.0238 2936Srv - ok
17:00:13.0425 2936streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:00:13.0425 2936streamip - ok
17:00:13.0566 2936SunkFilt (2087b202cfe8a2f8a59cecfffbec58d5) C:\WINDOWS\System32\Drivers\sunkfilt.sys
17:00:13.0597 2936SunkFilt - ok
17:00:13.0754 2936Sunkfiltp - ok
17:00:13.0941 2936swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:00:13.0941 2936swenum - ok
17:00:14.0097 2936swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:00:14.0097 2936swmidi - ok
17:00:14.0285 2936symc810 - ok
17:00:14.0394 2936symc8xx - ok
17:00:14.0519 2936sym_hi - ok
17:00:14.0644 2936sym_u3 - ok
17:00:14.0847 2936sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:00:14.0847 2936sysaudio - ok
17:00:14.0972 2936SysProtDrv.sys - ok
17:00:15.0175 2936Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:00:15.0191 2936Tcpip - ok
17:00:15.0347 2936TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:00:15.0347 2936TDPIPE - ok
17:00:15.0488 2936TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:00:15.0488 2936TDTCP - ok
17:00:15.0660 2936TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:00:15.0660 2936TermDD - ok
17:00:15.0863 2936tmcomm (eb2283c0a4dfbd2e53d14f2c4d5a1e89) C:\WINDOWS\system32\drivers\tmcomm.sys
17:00:15.0863 2936tmcomm - ok
17:00:16.0004 2936TosIde - ok
17:00:16.0175 2936Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:00:16.0175 2936Udfs - ok
17:00:16.0332 2936ultra - ok
17:00:16.0504 2936Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:00:16.0535 2936Update - ok
17:00:16.0722 2936usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:00:16.0738 2936usbaudio - ok
17:00:16.0894 2936usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:00:16.0910 2936usbccgp - ok
17:00:17.0066 2936usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:00:17.0066 2936usbehci - ok
17:00:17.0222 2936usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:00:17.0222 2936usbhub - ok
17:00:17.0379 2936usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:00:17.0379 2936usbprint - ok
17:00:17.0535 2936usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:00:17.0535 2936usbscan - ok
17:00:17.0707 2936USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:00:17.0707 2936USBSTOR - ok
17:00:17.0863 2936usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:00:17.0863 2936usbuhci - ok
17:00:18.0019 2936VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:00:18.0019 2936VgaSave - ok
17:00:18.0175 2936ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
17:00:18.0175 2936ViaIde - ok
17:00:18.0316 2936VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:00:18.0316 2936VolSnap - ok
17:00:18.0535 2936Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:00:18.0535 2936Wanarp - ok
17:00:18.0675 2936wanatw - ok
17:00:18.0863 2936Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:00:18.0879 2936Wdf01000 - ok
17:00:19.0019 2936WDICA - ok
17:00:19.0160 2936wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:00:19.0160 2936wdmaud - ok
17:00:19.0504 2936WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
17:00:19.0504 2936WpdUsb - ok
17:00:19.0660 2936WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:00:19.0660 2936WS2IFSL - ok
17:00:19.0847 2936WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:00:19.0847 2936WSTCODEC - ok
17:00:20.0050 2936{6080A529-897E-4629-A488-ABA0C29B635E} (61002db7b6efb5711685b9d79b8e8ce6) C:\WINDOWS\system32\drivers\ialmsbw.sys
17:00:20.0050 2936{6080A529-897E-4629-A488-ABA0C29B635E} - ok
17:00:20.0207 2936{D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (35ce2baa708ea038ab72359de87bab87) C:\WINDOWS\system32\drivers\ialmkchw.sys
17:00:20.0207 2936{D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
17:00:20.0238 2936MBR (0x1B8) (8cc68602644010dfdb2a22cb60ddf258) \Device\Harddisk0\DR0
17:00:20.0238 2936\Device\Harddisk0\DR0 - ok
17:00:20.0254 2936Boot (0x1200) (08962e3c828933f501f2e1a7691d2ca1) \Device\Harddisk0\DR0\Partition0
17:00:20.0254 2936\Device\Harddisk0\DR0\Partition0 - ok
17:00:20.0269 2936Boot (0x1200) (deae0bc0d56ba40c4734ddb2d97a2a02) \Device\Harddisk0\DR0\Partition1
17:00:20.0269 2936\Device\Harddisk0\DR0\Partition1 - ok
17:00:20.0269 2936============================================================
17:00:20.0269 2936Scan finished
17:00:20.0269 2936============================================================
17:00:20.0316 2200Detected object count: 0
17:00:20.0316 2200Actual detected object count: 0
17:00:39.0800 1056============================================================
17:00:39.0800 1056Scan started
17:00:39.0800 1056Mode: Manual; SigCheck; TDLFS;
17:00:39.0800 1056============================================================
17:00:40.0332 1056Abiosdsk - ok
17:00:40.0441 1056abp480n5 - ok
17:00:40.0582 1056ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:00:42.0519 1056ACPI - ok
17:00:42.0660 1056ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:00:42.0894 1056ACPIEC - ok
17:00:43.0019 1056adpu160m - ok
17:00:43.0175 1056aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:00:43.0425 1056aec - ok
17:00:43.0582 1056AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
17:00:43.0675 1056AFD - ok
17:00:43.0832 1056AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
17:00:43.0910 1056AFS2K - ok
17:00:44.0066 1056agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:00:44.0300 1056agp440 - ok
17:00:44.0441 1056Aha154x - ok
17:00:44.0550 1056aic78u2 - ok
17:00:44.0660 1056aic78xx - ok
17:00:44.0894 1056ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:00:45.0050 1056ALCXWDM - ok
17:00:45.0191 1056AliIde - ok
17:00:45.0316 1056amsint - ok
17:00:45.0472 1056Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:00:45.0738 1056Arp1394 - ok
17:00:45.0863 1056asc - ok
17:00:45.0988 1056asc3350p - ok
17:00:46.0113 1056asc3550 - ok
17:00:46.0316 1056AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:00:46.0550 1056AsyncMac - ok
17:00:46.0707 1056atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:00:46.0988 1056atapi - ok
17:00:47.0129 1056Atdisk - ok
17:00:47.0316 1056ati2mtag (7182bf0f2a392d48e4aa732b970aac9c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:00:47.0519 1056ati2mtag - ok
17:00:47.0691 1056Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:00:47.0957 1056Atmarpc - ok
17:00:48.0129 1056audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:00:48.0332 1056audstub - ok
17:00:48.0488 1056azt2320 (73c5a32199187c780abb93090cf068f1) C:\WINDOWS\system32\drivers\aztw2320.sys
17:00:48.0722 1056azt2320 - ok
17:00:48.0894 1056Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:00:49.0129 1056Beep - ok
17:00:49.0254 1056catchme - ok
17:00:49.0410 1056cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:00:49.0660 1056cbidf2k - ok
17:00:49.0800 1056CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:00:50.0035 1056CCDECODE - ok
17:00:50.0160 1056cd20xrnt - ok
17:00:50.0285 1056Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:00:50.0550 1056Cdaudio - ok
17:00:50.0707 1056Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:00:50.0957 1056Cdfs - ok
17:00:51.0129 1056Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:00:51.0238 1056Cdrom - ok
17:00:51.0379 1056Changer - ok
17:00:51.0550 1056CmdIde - ok
17:00:51.0707 1056Cpqarray - ok
17:00:51.0863 1056CX23880 (2d0823367d535d8b5f88ada609d7a305) C:\WINDOWS\system32\drivers\cx88vid.sys
17:00:51.0988 1056CX23880 - ok
17:00:52.0144 1056CX88ENC (87befc829316a34c99cd95dbbf26398b) C:\WINDOWS\system32\drivers\cx88enc.sys
17:00:52.0238 1056CX88ENC - ok
17:00:52.0394 1056CX88XBAR (23474ae80bfc2769bbecc8ab9e9cafe5) C:\WINDOWS\system32\drivers\CX88XBARDUAL.sys
17:00:52.0457 1056CX88XBAR - ok
17:00:52.0816 1056CXTUNE (80527a04734d170b993fe84b5715cfae) C:\WINDOWS\system32\drivers\CX88TUNE.sys
17:00:52.0972 1056CXTUNE - ok
17:00:53.0097 1056dac2w2k - ok
17:00:53.0222 1056dac960nt - ok
17:00:53.0410 1056Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:00:53.0660 1056Disk - ok
17:00:53.0863 1056dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:00:54.0129 1056dmboot - ok
17:00:54.0285 1056dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:00:54.0535 1056dmio - ok
17:00:54.0707 1056dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:00:54.0925 1056dmload - ok
17:00:55.0082 1056DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:00:55.0316 1056DMusic - ok
17:00:55.0472 1056dpti2o - ok
17:00:55.0613 1056drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:00:55.0816 1056drmkaud - ok
17:00:56.0035 1056Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:00:56.0254 1056Fastfat - ok
17:00:56.0441 1056Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:00:56.0675 1056Fdc - ok
17:00:56.0816 1056Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:00:57.0066 1056Fips - ok
17:00:57.0222 1056Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:00:57.0441 1056Flpydisk - ok
17:00:57.0644 1056FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:00:57.0894 1056FltMgr - ok
17:00:58.0066 1056fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
17:00:58.0129 1056fssfltr - ok
17:00:58.0285 1056Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:00:58.0519 1056Fs_Rec - ok
17:00:58.0675 1056Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:00:58.0925 1056Ftdisk - ok
17:00:59.0066 1056GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:00:59.0113 1056GEARAspiWDM - ok
17:00:59.0285 1056Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:00:59.0535 1056Gpc - ok
17:00:59.0707 1056HidCom (50302c11ddd22215626aa8b5e85f08fb) C:\WINDOWS\system32\DRIVERS\BdHidCom.sys
17:00:59.0800 1056HidCom - ok
17:00:59.0925 1056HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
17:01:00.0144 1056HidIr - ok
17:01:00.0300 1056HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:01:00.0535 1056HidUsb - ok
17:01:00.0675 1056hpn - ok
17:01:00.0832 1056HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:01:00.0957 1056HPZid412 - ok
17:01:01.0113 1056HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:01:01.0207 1056HPZipr12 - ok
17:01:01.0347 1056HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:01:01.0425 1056HPZius12 - ok
17:01:01.0582 1056HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:01:01.0722 1056HTTP - ok
17:01:01.0894 1056i2omgmt - ok
17:01:02.0019 1056i2omp - ok
17:01:02.0160 1056i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:01:02.0410 1056i8042prt - ok
17:01:02.0550 1056ialm (b076eb745ec3c669d4ae953225366f1d) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:01:02.0863 1056ialm - ok
17:01:03.0050 1056Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:01:03.0285 1056Imapi - ok
17:01:03.0441 1056ini910u - ok
17:01:03.0597 1056IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
17:01:03.0800 1056IntelIde - ok
17:01:03.0957 1056intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:01:04.0160 1056intelppm - ok
17:01:04.0332 1056ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:01:04.0566 1056ip6fw - ok
17:01:04.0722 1056IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:01:04.0972 1056IpFilterDriver - ok
17:01:05.0113 1056IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:01:05.0332 1056IpInIp - ok
17:01:05.0519 1056IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:01:05.0738 1056IpNat - ok
17:01:05.0879 1056IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:01:06.0113 1056IPSec - ok
17:01:06.0285 1056IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
17:01:06.0535 1056IrBus - ok
17:01:06.0675 1056IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:01:06.0879 1056IRENUM - ok
17:01:07.0066 1056isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:01:07.0300 1056isapnp - ok
17:01:07.0441 1056Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
17:01:07.0488 1056Iviaspi ( UnsignedFile.Multi.Generic ) - warning
17:01:07.0488 1056Iviaspi - detected UnsignedFile.Multi.Generic (1)
17:01:07.0660 1056Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:01:07.0879 1056Kbdclass - ok
17:01:08.0035 1056kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:01:08.0254 1056kbdhid - ok
17:01:08.0425 1056kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:01:08.0644 1056kmixer - ok
17:01:08.0816 1056KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:01:08.0957 1056KSecDD - ok
17:01:09.0113 1056lbrtfdc - ok
17:01:09.0316 1056ltmodem5 (3070246fba35aa2e0c2251d55f5848f8) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
17:01:09.0457 1056ltmodem5 - ok
17:01:09.0660 1056mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:01:09.0894 1056mnmdd - ok
17:01:10.0066 1056Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:01:10.0300 1056Modem - ok
17:01:10.0457 1056Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:01:10.0769 1056Mouclass - ok
17:01:10.0910 1056mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:01:11.0144 1056mouhid - ok
17:01:11.0300 1056MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:01:11.0550 1056MountMgr - ok
17:01:11.0707 1056MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:01:11.0800 1056MpFilter - ok
17:01:11.0863 1056MpKsl00f9383a - ok
17:01:11.0894 1056MpKsl18d1653b - ok
17:01:11.0925 1056MpKsl270bd62d - ok
17:01:11.0941 1056MpKsl41b40909 - ok
17:01:11.0972 1056MpKsl657b5787 - ok
17:01:11.0988 1056MpKsl65888894 - ok
17:01:12.0019 1056MpKsl670a56ac - ok
17:01:12.0035 1056MpKsl77223706 - ok
17:01:12.0097 1056MpKsl7d82caec (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7273E013-1E81-4B00-A83F-9B9FA3AF065E}\MpKsl7d82caec.sys
17:01:12.0175 1056MpKsl7d82caec - ok
17:01:12.0191 1056MpKsl80889e0e - ok
17:01:12.0222 1056MpKsl82022988 - ok
17:01:12.0238 1056MpKsl900ce35f - ok
17:01:12.0254 1056MpKsl97463d76 - ok
17:01:12.0285 1056MpKsla64cc5a6 - ok
17:01:12.0300 1056MpKslc242287c - ok
17:01:12.0316 1056MpKslc3cfb65c - ok
17:01:12.0347 1056MpKslc44d95fc - ok
17:01:12.0363 1056MpKslcfe8629b - ok
17:01:12.0394 1056MpKsld0c3b2d3 - ok
17:01:12.0441 1056MpKsld9fe4884 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7273E013-1E81-4B00-A83F-9B9FA3AF065E}\MpKsld9fe4884.sys
17:01:12.0488 1056MpKsld9fe4884 - ok
17:01:12.0504 1056MpKsle16118fb - ok
17:01:12.0535 1056MpKsle1868d84 - ok
17:01:12.0582 1056MpKslf8aeaf35 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7273E013-1E81-4B00-A83F-9B9FA3AF065E}\MpKslf8aeaf35.sys
17:01:12.0629 1056MpKslf8aeaf35 - ok
17:01:12.0644 1056MpKslfceee1bd - ok
17:01:12.0675 1056MpKslfd546ba9 - ok
17:01:12.0800 1056mraid35x - ok
17:01:12.0957 1056MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:01:13.0175 1056MRxDAV - ok
17:01:13.0347 1056MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:01:13.0504 1056MRxSmb - ok
17:01:13.0722 1056Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:01:13.0925 1056Msfs - ok
17:01:14.0082 1056MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:01:14.0285 1056MSKSSRV - ok
17:01:14.0441 1056MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:01:14.0644 1056MSPCLOCK - ok
17:01:14.0816 1056MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:01:15.0019 1056MSPQM - ok
17:01:15.0175 1056mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:01:15.0410 1056mssmbios - ok
17:01:15.0550 1056MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:01:15.0769 1056MSTEE - ok
17:01:15.0910 1056ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
17:01:16.0144 1056ms_mpu401 - ok
17:01:16.0316 1056Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:01:16.0425 1056Mup - ok
17:01:16.0597 1056NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:01:16.0832 1056NABTSFEC - ok
17:01:16.0988 1056NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:01:17.0238 1056NDIS - ok
17:01:17.0379 1056NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:01:17.0582 1056NdisIP - ok
17:01:17.0738 1056NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:01:17.0800 1056NdisTapi - ok
17:01:17.0957 1056Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:01:18.0175 1056Ndisuio - ok
17:01:18.0332 1056NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:01:18.0597 1056NdisWan - ok
17:01:18.0754 1056NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:01:18.0832 1056NDProxy - ok
17:01:18.0988 1056NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:01:19.0207 1056NetBIOS - ok
17:01:19.0379 1056NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:01:19.0629 1056NetBT - ok
17:01:19.0847 1056NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:01:20.0097 1056NIC1394 - ok
17:01:20.0269 1056Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:01:20.0488 1056Npfs - ok
17:01:20.0691 1056Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:01:20.0925 1056Ntfs - ok
17:01:21.0129 1056NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
17:01:21.0160 1056NuidFltr - ok
17:01:21.0332 1056Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:01:21.0535 1056Null - ok
17:01:21.0754 1056nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:01:22.0050 1056nv - ok
17:01:22.0207 1056NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:01:22.0441 1056NwlnkFlt - ok
17:01:22.0629 1056NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:01:22.0863 1056NwlnkFwd - ok
17:01:23.0035 1056OADevice (57b641cd45e3dbd784aba7174724f4e0) C:\WINDOWS\system32\drivers\OADriver.sys
17:01:23.0207 1056OADevice - ok
17:01:23.0363 1056OAmon (f21b332dab65c9601267d8fc8c04899b) C:\WINDOWS\system32\drivers\OAmon.sys
17:01:23.0410 1056OAmon - ok
17:01:23.0582 1056OAnet (5577a7f637f02621cb643f0f470872fc) C:\WINDOWS\system32\drivers\OAnet.sys
17:01:23.0613 1056OAnet - ok
17:01:23.0754 1056ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:01:24.0004 1056ohci1394 - ok
17:01:24.0129 1056omoecx - ok
17:01:24.0300 1056PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys
17:01:24.0379 1056PalmUSBD - ok
17:01:24.0535 1056Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:01:24.0800 1056Parport - ok
17:01:24.0941 1056PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:01:25.0144 1056PartMgr - ok
17:01:25.0300 1056ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:01:25.0519 1056ParVdm - ok
17:01:25.0675 1056pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
17:01:25.0722 1056pavboot - ok
17:01:25.0879 1056PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:01:26.0113 1056PCI - ok
17:01:26.0254 1056PCIDump - ok
17:01:26.0394 1056PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:01:26.0597 1056PCIIde - ok
17:01:26.0738 1056Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:01:26.0972 1056Pcmcia - ok
17:01:27.0097 1056PDCOMP - ok
17:01:27.0238 1056PDFRAME - ok
17:01:27.0347 1056PDRELI - ok
17:01:27.0488 1056PDRFRAME - ok
17:01:27.0613 1056perc2 - ok
17:01:27.0738 1056perc2hib - ok
17:01:27.0910 1056pfc (e5ac9f8c128b597dd7919af96b84172e) C:\WINDOWS\system32\drivers\pfc.sys
17:01:27.0957 1056pfc ( UnsignedFile.Multi.Generic ) - warning
17:01:27.0957 1056pfc - detected UnsignedFile.Multi.Generic (1)
17:01:28.0144 1056Point32 (b4f59a953ef9e507f0d00c3a68580b8b) C:\WINDOWS\system32\DRIVERS\point32.sys
17:01:28.0222 1056Point32 - ok
17:01:28.0379 1056PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:01:28.0660 1056PptpMiniport - ok
17:01:28.0800 1056Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:01:29.0019 1056Processor - ok
17:01:29.0191 1056Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
17:01:29.0285 1056Ps2 - ok
17:01:29.0441 1056PSI (365622e1f0b6d5f9871d76e89bf0501a) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
17:01:29.0488 1056PSI ( UnsignedFile.Multi.Generic ) - warning
17:01:29.0488 1056PSI - detected UnsignedFile.Multi.Generic (1)
17:01:29.0660 1056Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:01:29.0879 1056Ptilink - ok
17:01:30.0050 1056PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
17:01:30.0097 1056PxHelp20 - ok
17:01:30.0222 1056ql1080 - ok
17:01:30.0347 1056Ql10wnt - ok
17:01:30.0472 1056ql12160 - ok
17:01:30.0613 1056ql1240 - ok
17:01:30.0754 1056ql1280 - ok
17:01:30.0925 1056RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:01:31.0144 1056RasAcd - ok
17:01:31.0316 1056Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:01:31.0566 1056Rasl2tp - ok
17:01:31.0738 1056RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:01:31.0988 1056RasPppoe - ok
17:01:32.0144 1056Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:01:32.0363 1056Raspti - ok
17:01:32.0519 1056Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:01:32.0754 1056Rdbss - ok
17:01:32.0925 1056RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:01:33.0129 1056RDPCDD - ok
17:01:33.0300 1056rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:01:33.0566 1056rdpdr - ok
17:01:33.0738 1056RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:01:33.0863 1056RDPWD - ok
17:01:34.0050 1056redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:01:34.0285 1056redbook - ok
17:01:34.0613 1056regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys
17:01:34.0644 1056regi - ok
17:01:34.0847 1056RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
17:01:35.0019 1056RTL8023xp - ok
17:01:35.0160 1056rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
17:01:35.0254 1056rtl8139 - ok
17:01:35.0332 1056SABProcEnum - ok
17:01:35.0394 1056SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:01:35.0472 1056SASDIFSV - ok
17:01:35.0535 1056SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
17:01:35.0550 1056SASENUM - ok
17:01:35.0629 1056SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
17:01:35.0675 1056SASKUTIL - ok
17:01:35.0847 1056Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:01:36.0050 1056Secdrv - ok
17:01:36.0238 1056serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:01:36.0441 1056serenum - ok
17:01:36.0613 1056Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:01:36.0894 1056Serial - ok
17:01:37.0113 1056Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:01:37.0316 1056Sfloppy - ok
17:01:37.0472 1056Simbad - ok
17:01:37.0629 1056SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:01:37.0847 1056SLIP - ok
17:01:38.0035 1056Sparrow - ok
17:01:38.0191 1056splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:01:38.0410 1056splitter - ok
17:01:38.0597 1056sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:01:38.0863 1056sr - ok
17:01:39.0050 1056Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:01:39.0144 1056Srv - ok
17:01:39.0332 1056streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:01:39.0550 1056streamip - ok
17:01:39.0707 1056SunkFilt (2087b202cfe8a2f8a59cecfffbec58d5) C:\WINDOWS\System32\Drivers\sunkfilt.sys
17:01:39.0754 1056SunkFilt ( UnsignedFile.Multi.Generic ) - warning
17:01:39.0754 1056SunkFilt - detected UnsignedFile.Multi.Generic (1)
17:01:39.0894 1056Sunkfiltp - ok
17:01:40.0050 1056swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:01:40.0254 1056swenum - ok
17:01:40.0410 1056swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:01:40.0660 1056swmidi - ok
17:01:40.0816 1056symc810 - ok
17:01:40.0925 1056symc8xx - ok
17:01:41.0066 1056sym_hi - ok
17:01:41.0175 1056sym_u3 - ok
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.Dave,

Here is the log, but just as an FYI when I try to shut off the computer it doesn't do it 100% of the time but maybe 70% of the time. A box will pop up that says " RUNDLL32.exe " not responding will shut down in so many seconds. Sometimes when the computer is running very slow and I look at the process' running there will be up to 3 of these rundll32.exe running. Not sure if this helps you or not?

Log:


Command-line:
Windows Version:Windows XP Professional
Windows Information:Service Pack 3 (build 2600)
Logical Drives Mask:0x000003fd

Kernel Drivers (total 152):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7607000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF798B000 dmload.sys
0xF74B2000 dmio.sys
0xF770F000 PartMgr.sys
0xF7717000 pavboot.sys
0xF7617000 VolSnap.sys
0xF749A000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF747A000 fltmgr.sys
0xF7468000 sr.sys
0xF7647000 PxHelp20.sys
0xF7451000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7424000 NDIS.sys
0xF7657000 ohci1394.sys
0xF7667000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xBA7E6000 Mup.sys
0xF7677000 agp440.sys
0xF76A7000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xB9E67000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB99C0000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xB99AC000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF77EF000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB9988000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF77F7000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xB9958000 \SystemRoot\system32\drivers\cx88vid.sys
0xB9E57000 \SystemRoot\system32\drivers\STREAM.SYS
0xB9935000 \SystemRoot\system32\drivers\ks.sys
0xB98EC000 \SystemRoot\system32\drivers\cx88enc.sys
0xB9851000 \SystemRoot\System32\DRIVERS\ltmdmnt.sys
0xF77FF000 \SystemRoot\System32\Drivers\Modem.SYS
0xB9831000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xB9E47000 \SystemRoot\System32\DRIVERS\serial.sys
0xBA712000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF7807000 \SystemRoot\System32\DRIVERS\fdc.sys
0xB981D000 \SystemRoot\System32\DRIVERS\parport.sys
0xB9E37000 \SystemRoot\System32\DRIVERS\imapi.sys
0xBA70E000 \SystemRoot\system32\drivers\iviaspi.sys
0xBA70A000 \SystemRoot\system32\drivers\pfc.sys
0xB9E27000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xB9E17000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xB9E07000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF780F000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xB95F0000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB95CC000 \SystemRoot\system32\drivers\portcls.sys
0xF76B7000 \SystemRoot\system32\drivers\drmk.sys
0xF7A7B000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF76D7000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA6FE000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB95B5000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF76E7000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF76F7000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7817000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF781F000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7727000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB9585000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF7587000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF774F000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7757000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF79B5000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB94D7000 \SystemRoot\System32\DRIVERS\update.sys
0xBA6E6000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7577000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7527000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF79B9000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF775F000 \SystemRoot\system32\drivers\CX88TUNE.sys
0xF79BD000 \SystemRoot\system32\drivers\CX88XBARDUAL.sys
0xF7767000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xAB371000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF7787000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xF7A05000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7AAA000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A07000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7797000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF779F000 \SystemRoot\System32\drivers\vga.sys
0xF7A09000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF798D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77A7000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77AF000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9494000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xBA7B6000 \??\C:\WINDOWS\system32\drivers\OAnet.sys
0xAB33E000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xBA7A6000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xAB2E5000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF77B7000 \??\C:\WINDOWS\system32\drivers\OAmon.sys
0xAB2BF000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xAB297000 \SystemRoot\System32\DRIVERS\netbt.sys
0xBA796000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xAB24D000 \SystemRoot\System32\drivers\afd.sys
0xBA786000 \SystemRoot\System32\DRIVERS\netbios.sys
0xBA766000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xAB22B000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF77BF000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xAB1B0000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xAB167000 \??\C:\WINDOWS\system32\drivers\OADriver.sys
0xAB0F7000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF77CF000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7273E013-1E81-4B00-A83F-9B9FA3AF065E}\MpKsld9fe4884.sys
0xBA756000 \SystemRoot\System32\Drivers\Fips.SYS
0xAB0D3000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xAD3A4000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xF76C7000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xF77DF000 \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys
0xF77E7000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xB9B75000 \SystemRoot\System32\DRIVERS\usbscan.sys
0xB957D000 \SystemRoot\System32\DRIVERS\usbprint.sys
0xF7923000 \SystemRoot\System32\DRIVERS\kbdhid.sys
0xB9575000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xB1450000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xAAF90000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xF793F000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xB956D000 \SystemRoot\system32\DRIVERS\point32.sys
0xAAF78000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79E9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAD3AC000 \SystemRoot\System32\drivers\Dxapi.sys
0xB9545000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A89000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF071000 \SystemRoot\System32\ati3d2ag.dll
0xBF16F000 \SystemRoot\System32\ATMFD.DLL
0xB1420000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xAAEF8000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xAB0C3000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA9FB000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF79ED000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xAAD88000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xAA6E6000 \SystemRoot\System32\DRIVERS\srv.sys
0xF79FB000 \SystemRoot\system32\drivers\regi.sys
0xAA599000 \??\C:\WINDOWS\system32\drivers\tmcomm.sys
0xAB223000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7273E013-1E81-4B00-A83F-9B9FA3AF065E}\MpKslf8aeaf35.sys
0xAA05C000 \SystemRoot\system32\drivers\wdmaud.sys
0xAA1C9000 \SystemRoot\system32\drivers\sysaudio.sys
0xA9FCD000 \SystemRoot\System32\Drivers\HTTP.sys
0xAA694000 \SystemRoot\system32\DRIVERS\psi_mf.sys
0xA9B0A000 \??\C:\DOCUME~1\SEANAN~1\LOCALS~1\Temp\aswMBR.sys
0xAAC04000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xAA349000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{849E6A6F-918C-459F-8BDB-FADF483005D2}\MpKslc9f6e492.sys
0xA8CDE000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 49):
0 System Idle Process
4 System
424 C:\WINDOWS\system32\smss.exe
504 csrss.exe
528 C:\WINDOWS\system32\winlogon.exe
572 C:\WINDOWS\system32\services.exe
584 C:\WINDOWS\system32\lsass.exe
764 C:\WINDOWS\system32\ati2evxx.exe
780 C:\WINDOWS\system32\svchost.exe
832 svchost.exe
936 C:\WINDOWS\system32\svchost.exe
1020 svchost.exe
1080 svchost.exe
1204 C:\Program Files\Tall Emu\Online Armor\oacat.exe
1332 C:\Program Files\Tall Emu\Online Armor\oasrv.exe
1684 C:\WINDOWS\system32\spoolsv.exe
1908 svchost.exe
128 C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
480 C:\WINDOWS\eHome\ehsched.exe
980 C:\WINDOWS\system32\inetsrv\inetinfo.exe
1456 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
1996 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
324 C:\Program Files\Java\jre6\bin\jqs.exe
1108 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
2004 C:\WINDOWS\system32\snmp.exe
2176 C:\WINDOWS\system32\svchost.exe
2564 wdfmgr.exe
2708 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2924 C:\WINDOWS\system32\searchindexer.exe
3940 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
496 alg.exe
1028 C:\WINDOWS\system32\svchost.exe
2412 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
3288 C:\WINDOWS\system32\dllhost.exe
2220 C:\WINDOWS\system32\inetsrv\davcdata.exe
492 C:\WINDOWS\explorer.exe
2212 C:\Program Files\Tall Emu\Online Armor\oaui.exe
3708 C:\Program Files\Microsoft Security Client\msseces.exe
4068 C:\Program Files\Common Files\Java\Java Update\jusched.exe
188 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1288 C:\WINDOWS\system32\ctfmon.exe
2652 C:\Program Files\Tall Emu\Online Armor\oahlp.exe
1656 C:\Program Files\Secunia\PSI\psi.exe
1152 C:\Program Files\Internet Explorer\iexplore.exe
2812 C:\Program Files\Internet Explorer\iexplore.exe
3056 C:\Program Files\Internet Explorer\iexplore.exe
2844 C:\WINDOWS\system32\searchprotocolhost.exe
3848 searchfilterhost.exe
2164 C:\Documents and Settings\Sean and Wylene\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`93494000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: WDCWD2000BB-22DWA0, Rev: 15.05R15

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 6661067B21B4865F9CDD7839FBE84588AEDD87C 4


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!Please open Command Prompt (Start > Run and type CMD and press OK [Vista/7: Start search: CMD and press enter])
Enter the following in to the black box, pressing enter after each line:

Code: [Select]cd desktop

mbr.exe -f

exit

Post a log (MBR.log).
*************************************************
Please do this even if you don't have the OS disk.

Do you have an XP CD?

If so, place it in your CD ROM drive and follow the instructions below:
•Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows INSTALLATION source files, and then replaces the incorrect file.
I don't have an XP disk, but here is the log.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2000BB-22DWA0 rev.15.05R15 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Quote
I don't have an XP disk, but here is the log.
What happened when you ran the SFC check?I ran it twice, but not sure if it did anything. It starts and takes some time to run. When I come back to the computer the box is gone. Does it put a log somewhere?Quote
When I come back to the computer the box is gone. Does it put a log somewhere?
No, there's no log but if there is a corrupt or infected MS file, it will ask for the disk.
I didn't get the complete log from TDSSKiller. Could you please run it again and post the complete log? Reply # 1719:05:49.0375 1160TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
19:06:00.0218 1160============================================================
19:06:00.0218 1160Current date / time: 2011/10/08 19:06:00.0218
19:06:00.0234 1160SystemInfo:
19:06:00.0234 1160
19:06:00.0234 1160OS Version: 5.1.2600 ServicePack: 3.0
19:06:00.0234 1160Product type: Workstation
19:06:00.0234 1160ComputerName: MAIN
19:06:00.0234 1160UserName: Sean and Wylene
19:06:00.0234 1160Windows directory: C:\WINDOWS
19:06:00.0234 1160System windows directory: C:\WINDOWS
19:06:00.0234 1160Processor architecture: Intel x86
19:06:00.0234 1160Number of processors: 2
19:06:00.0234 1160Page size: 0x1000
19:06:00.0234 1160Boot type: Normal boot
19:06:00.0234 1160============================================================
19:06:02.0890 1160Initialize success
19:06:12.0625 1856============================================================
19:06:12.0625 1856Scan started
19:06:12.0625 1856Mode: Manual;
19:06:12.0625 1856============================================================
19:06:13.0281 1856Abiosdsk - ok
19:06:13.0421 1856abp480n5 - ok
19:06:13.0593 1856ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:06:13.0593 1856ACPI - ok
19:06:13.0750 1856ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:06:13.0765 1856ACPIEC - ok
19:06:13.0906 1856adpu160m - ok
19:06:14.0062 1856aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:06:14.0078 1856aec - ok
19:06:14.0250 1856AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
19:06:14.0265 1856AFD - ok
19:06:14.0437 1856AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
19:06:14.0437 1856AFS2K - ok
19:06:14.0609 1856agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:06:14.0625 1856agp440 - ok
19:06:14.0750 1856Aha154x - ok
19:06:14.0875 1856aic78u2 - ok
19:06:15.0000 1856aic78xx - ok
19:06:15.0265 1856ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
19:06:15.0375 1856ALCXWDM - ok
19:06:15.0562 1856AliIde - ok
19:06:15.0671 1856amsint - ok
19:06:15.0859 1856Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:06:15.0875 1856Arp1394 - ok
19:06:16.0031 1856asc - ok
19:06:16.0156 1856asc3350p - ok
19:06:16.0328 1856asc3550 - ok
19:06:16.0625 1856AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:06:16.0640 1856AsyncMac - ok
19:06:16.0812 1856atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:06:16.0812 1856atapi - ok
19:06:16.0984 1856Atdisk - ok
19:06:17.0187 1856ati2mtag (7182bf0f2a392d48e4aa732b970aac9c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:06:17.0234 1856ati2mtag - ok
19:06:17.0437 1856Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:06:17.0453 1856Atmarpc - ok
19:06:17.0640 1856audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:06:17.0640 1856audstub - ok
19:06:17.0828 1856azt2320 (73c5a32199187c780abb93090cf068f1) C:\WINDOWS\system32\drivers\aztw2320.sys
19:06:17.0843 1856azt2320 - ok
19:06:18.0078 1856Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:06:18.0078 1856Beep - ok
19:06:18.0265 1856catchme - ok
19:06:18.0453 1856cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:06:18.0453 1856cbidf2k - ok
19:06:18.0890 1856CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:06:18.0890 1856CCDECODE - ok
19:06:19.0031 1856cd20xrnt - ok
19:06:19.0187 1856Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:06:19.0203 1856Cdaudio - ok
19:06:19.0406 1856Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:06:19.0421 1856Cdfs - ok
19:06:19.0609 1856Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:06:19.0625 1856Cdrom - ok
19:06:19.0796 1856Changer - ok
19:06:20.0031 1856CmdIde - ok
19:06:20.0312 1856Cpqarray - ok
19:06:20.0515 1856CX23880 (2d0823367d535d8b5f88ada609d7a305) C:\WINDOWS\system32\drivers\cx88vid.sys
19:06:20.0531 1856CX23880 - ok
19:06:20.0718 1856CX88ENC (87befc829316a34c99cd95dbbf26398b) C:\WINDOWS\system32\drivers\cx88enc.sys
19:06:20.0734 1856CX88ENC - ok
19:06:20.0921 1856CX88XBAR (23474ae80bfc2769bbecc8ab9e9cafe5) C:\WINDOWS\system32\drivers\CX88XBARDUAL.sys
19:06:20.0921 1856CX88XBAR - ok
19:06:21.0093 1856CXTUNE (80527a04734d170b993fe84b5715cfae) C:\WINDOWS\system32\drivers\CX88TUNE.sys
19:06:21.0109 1856CXTUNE - ok
19:06:21.0250 1856dac2w2k - ok
19:06:21.0390 1856dac960nt - ok
19:06:21.0671 1856Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:06:21.0671 1856Disk - ok
19:06:21.0921 1856dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:06:21.0968 1856dmboot - ok
19:06:22.0140 1856dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:06:22.0156 1856dmio - ok
19:06:22.0375 1856dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:06:22.0390 1856dmload - ok
19:06:22.0578 1856DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:06:22.0593 1856DMusic - ok
19:06:22.0812 1856dpti2o - ok
19:06:22.0968 1856drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:06:22.0968 1856drmkaud - ok
19:06:23.0468 1856Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:06:23.0484 1856Fastfat - ok
19:06:23.0718 1856Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:06:23.0734 1856Fdc - ok
19:06:23.0906 1856Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:06:23.0906 1856Fips - ok
19:06:24.0093 1856Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:06:24.0109 1856Flpydisk - ok
19:06:24.0312 1856FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:06:24.0312 1856FltMgr - ok
19:06:24.0546 1856fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
19:06:24.0578 1856fssfltr - ok
19:06:24.0781 1856Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:06:24.0796 1856Fs_Rec - ok
19:06:24.0984 1856Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:06:25.0000 1856Ftdisk - ok
19:06:25.0171 1856GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:06:25.0171 1856GEARAspiWDM - ok
19:06:25.0375 1856Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:06:25.0390 1856Gpc - ok
19:06:25.0640 1856HidCom (50302c11ddd22215626aa8b5e85f08fb) C:\WINDOWS\system32\DRIVERS\BdHidCom.sys
19:06:25.0656 1856HidCom - ok
19:06:25.0828 1856HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
19:06:25.0828 1856HidIr - ok
19:06:26.0031 1856HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:06:26.0031 1856HidUsb - ok
19:06:26.0421 1856hpn - ok
19:06:26.0593 1856HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:06:26.0593 1856HPZid412 - ok
19:06:26.0781 1856HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:06:26.0796 1856HPZipr12 - ok
19:06:26.0953 1856HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:06:26.0968 1856HPZius12 - ok
19:06:27.0156 1856HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:06:27.0171 1856HTTP - ok
19:06:27.0390 1856i2omgmt - ok
19:06:27.0546 1856i2omp - ok
19:06:27.0750 1856i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:06:27.0765 1856i8042prt - ok
19:06:27.0953 1856ialm (b076eb745ec3c669d4ae953225366f1d) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:06:27.0953 1856ialm - ok
19:06:28.0281 1856Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:06:28.0296 1856Imapi - ok
19:06:28.0609 1856ini910u - ok
19:06:28.0796 1856IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
19:06:28.0796 1856IntelIde - ok
19:06:29.0000 1856intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:06:29.0015 1856intelppm - ok
19:06:29.0250 1856ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:06:29.0265 1856ip6fw - ok
19:06:29.0484 1856IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:06:29.0500 1856IpFilterDriver - ok
19:06:29.0687 1856IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:06:29.0703 1856IpInIp - ok
19:06:29.0906 1856IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:06:29.0921 1856IpNat - ok
19:06:30.0171 1856IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:06:30.0171 1856IPSec - ok
19:06:30.0359 1856IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
19:06:30.0359 1856IrBus - ok
19:06:30.0562 1856IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:06:30.0578 1856IRENUM - ok
19:06:30.0796 1856isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:06:30.0812 1856isapnp - ok
19:06:30.0984 1856Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
19:06:31.0015 1856Iviaspi - ok
19:06:31.0296 1856Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:06:31.0296 1856Kbdclass - ok
19:06:31.0500 1856kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:06:31.0500 1856kbdhid - ok
19:06:31.0687 1856kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:06:31.0703 1856kmixer - ok
19:06:31.0890 1856KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:06:31.0906 1856KSecDD - ok
19:06:32.0140 1856lbrtfdc - ok
19:06:32.0500 1856ltmodem5 (3070246fba35aa2e0c2251d55f5848f8) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
19:06:32.0546 1856ltmodem5 - ok
19:06:32.0750 1856mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:06:32.0765 1856mnmdd - ok
19:06:32.0968 1856Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:06:33.0000 1856Modem - ok
19:06:33.0203 1856Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:06:33.0203 1856Mouclass - ok
19:06:33.0421 1856mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:06:33.0421 1856mouhid - ok
19:06:33.0609 1856MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:06:33.0625 1856MountMgr - ok
19:06:33.0859 1856MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
19:06:33.0875 1856MpFilter - ok
19:06:33.0984 1856MpKsl00f9383a - ok
19:06:34.0046 1856MpKsl18d1653b - ok
19:06:34.0125 1856MpKsl270bd62d - ok
19:06:34.0171 1856MpKsl41b40909 - ok
19:06:34.0218 1856MpKsl657b5787 - ok
19:06:34.0312 1856MpKsl65888894 - ok
19:06:34.0359 1856MpKsl670a56ac - ok
19:06:34.0390 1856MpKsl77223706 - ok
19:06:34.0468 1856MpKsl80889e0e - ok
19:06:34.0515 1856MpKsl82022988 - ok
19:06:34.0625 1856MpKsl84d9df68 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{249C1BF8-5492-4E4F-AFA2-4F7B2946CFE7}\MpKsl84d9df68.sys
19:06:34.0625 1856MpKsl84d9df68 - ok
19:06:34.0687 1856MpKsl900ce35f - ok
19:06:34.0765 1856MpKsl97463d76 - ok
19:06:34.0828 1856MpKsla64cc5a6 - ok
19:06:34.0890 1856MpKslc242287c - ok
19:06:34.0968 1856MpKslc3cfb65c - ok
19:06:35.0031 1856MpKslc44d95fc - ok
19:06:35.0109 1856MpKslcfe8629b - ok
19:06:35.0171 1856MpKsld0c3b2d3 - ok
19:06:35.0250 1856MpKsld9fe4884 - ok
19:06:35.0312 1856MpKsle16118fb - ok
19:06:35.0359 1856MpKsle1868d84 - ok
19:06:35.0421 1856MpKslf8aeaf35 - ok
19:06:35.0453 1856MpKslfceee1bd - ok
19:06:35.0546 1856MpKslfd546ba9 - ok
19:06:35.0734 1856mraid35x - ok
19:06:35.0953 1856MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:06:35.0953 1856MRxDAV - ok
19:06:36.0171 1856MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:06:36.0203 1856MRxSmb - ok
19:06:36.0546 1856Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:06:36.0562 1856Msfs - ok
19:06:36.0765 1856MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:06:36.0781 1856MSKSSRV - ok
19:06:37.0015 1856MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:06:37.0031 1856MSPCLOCK - ok
19:06:37.0234 1856MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:06:37.0234 1856MSPQM - ok
19:06:37.0500 1856mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:06:37.0515 1856mssmbios - ok
19:06:37.0734 1856MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:06:37.0734 1856MSTEE - ok
19:06:37.0937 1856ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
19:06:37.0953 1856ms_mpu401 - ok
19:06:38.0156 1856Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:06:38.0171 1856Mup - ok
19:06:38.0359 1856NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:06:38.0375 1856NABTSFEC - ok
19:06:38.0609 1856NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:06:38.0625 1856NDIS - ok
19:06:38.0796 1856NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:06:38.0812 1856NdisIP - ok
19:06:38.0984 1856NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:06:38.0984 1856NdisTapi - ok
19:06:39.0187 1856Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:06:39.0203 1856Ndisuio - ok
19:06:39.0375 1856NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:06:39.0390 1856NdisWan - ok
19:06:39.0609 1856NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:06:39.0609 1856NDProxy - ok
19:06:39.0796 1856NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:06:39.0812 1856NetBIOS - ok
19:06:40.0015 1856NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:06:40.0031 1856NetBT - ok
19:06:40.0515 1856NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:06:40.0515 1856NIC1394 - ok
19:06:40.0828 1856Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:06:40.0828 1856Npfs - ok
19:06:41.0109 1856Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:06:41.0125 1856Ntfs - ok
19:06:41.0468 1856NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
19:06:41.0468 1856NuidFltr - ok
19:06:41.0718 1856Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:06:41.0718 1856Null - ok
19:06:42.0000 1856nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:06:42.0031 1856nv - ok
19:06:42.0250 1856NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:06:42.0265 1856NwlnkFlt - ok
19:06:42.0484 1856NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:06:42.0500 1856NwlnkFwd - ok
19:06:42.0765 1856OADevice (57b641cd45e3dbd784aba7174724f4e0) C:\WINDOWS\system32\drivers\OADriver.sys
19:06:42.0890 1856OADevice - ok
19:06:43.0109 1856OAmon (f21b332dab65c9601267d8fc8c04899b) C:\WINDOWS\system32\drivers\OAmon.sys
19:06:43.0156 1856OAmon - ok
19:06:43.0375 1856OAnet (5577a7f637f02621cb643f0f470872fc) C:\WINDOWS\system32\drivers\OAnet.sys
19:06:43.0421 1856OAnet - ok
19:06:43.0609 1856ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:06:43.0640 1856ohci1394 - ok
19:06:43.0812 1856omoecx - ok
19:06:44.0109 1856PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys
19:06:44.0125 1856PalmUSBD - ok
19:06:44.0343 1856Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:06:44.0359 1856Parport - ok
19:06:44.0578 1856PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:06:44.0593 1856PartMgr - ok
19:06:44.0765 1856ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:06:44.0781 1856ParVdm - ok
19:06:44.0984 1856pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
19:06:44.0984 1856pavboot - ok
19:06:45.0187 1856PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:06:45.0203 1856PCI - ok
19:06:45.0343 1856PCIDump - ok
19:06:45.0515 1856PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:06:45.0531 1856PCIIde - ok
19:06:45.0687 1856Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:06:45.0687 1856Pcmcia - ok
19:06:45.0843 1856PDCOMP - ok
19:06:45.0968 1856PDFRAME - ok
19:06:46.0125 1856PDRELI - ok
19:06:46.0281 1856PDRFRAME - ok
19:06:46.0453 1856perc2 - ok
19:06:46.0625 1856perc2hib - ok
19:06:46.0906 1856pfc (e5ac9f8c128b597dd7919af96b84172e) C:\WINDOWS\system32\drivers\pfc.sys
19:06:46.0953 1856pfc - ok
19:06:47.0171 1856Point32 (b4f59a953ef9e507f0d00c3a68580b8b) C:\WINDOWS\system32\DRIVERS\point32.sys
19:06:47.0187 1856Point32 - ok
19:06:47.0796 1856PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:06:47.0828 1856PptpMiniport - ok
19:06:47.0984 1856Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:06:47.0984 1856Processor - ok
19:06:48.0156 1856Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
19:06:48.0156 1856Ps2 - ok
19:06:48.0359 1856PSI (365622e1f0b6d5f9871d76e89bf0501a) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
19:06:48.0375 1856PSI - ok
19:06:48.0546 1856Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:06:48.0546 1856Ptilink - ok
19:06:48.0843 1856PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
19:06:48.0843 1856PxHelp20 - ok
19:06:49.0000 1856ql1080 - ok
19:06:49.0140 1856Ql10wnt - ok
19:06:49.0281 1856ql12160 - ok
19:06:49.0406 1856ql1240 - ok
19:06:49.0562 1856ql1280 - ok
19:06:49.0734 1856RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:06:49.0750 1856RasAcd - ok
19:06:49.0921 1856Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:06:49.0921 1856Rasl2tp - ok
19:06:50.0078 1856RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:06:50.0093 1856RasPppoe - ok
19:06:50.0296 1856Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:06:50.0296 1856Raspti - ok
19:06:50.0484 1856Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:06:50.0484 1856Rdbss - ok
19:06:50.0671 1856RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:06:50.0671 1856RDPCDD - ok
19:06:50.0875 1856rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:06:50.0875 1856rdpdr - ok
19:06:51.0109 1856RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:06:51.0109 1856RDPWD - ok
19:06:51.0281 1856redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:06:51.0281 1856redbook - ok
19:06:51.0421 1856regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys
19:06:51.0437 1856regi - ok
19:06:51.0640 1856RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
19:06:51.0656 1856RTL8023xp - ok
19:06:51.0843 1856rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
19:06:51.0843 1856rtl8139 - ok
19:06:51.0906 1856SABProcEnum - ok
19:06:51.0984 1856SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:06:51.0984 1856SASDIFSV - ok
19:06:52.0031 1856SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
19:06:52.0031 1856SASENUM - ok
19:06:52.0109 1856SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
19:06:52.0109 1856SASKUTIL - ok
19:06:52.0281 1856Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:06:52.0296 1856Secdrv - ok
19:06:52.0468 1856serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:06:52.0468 1856serenum - ok
19:06:52.0625 1856Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:06:52.0640 1856Serial - ok
19:06:52.0906 1856Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:06:52.0906 1856Sfloppy - ok
19:06:53.0156 1856Simbad - ok
19:06:53.0593 1856SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:06:53.0593 1856SLIP - ok
19:06:54.0015 1856Sparrow - ok
19:06:54.0281 1856splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:06:54.0281 1856splitter - ok
19:06:54.0453 1856sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:06:54.0468 1856sr - ok
19:06:54.0640 1856Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:06:54.0656 1856Srv - ok
19:06:54.0859 1856streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:06:54.0859 1856streamip - ok
19:06:55.0000 1856SunkFilt (2087b202cfe8a2f8a59cecfffbec58d5) C:\WINDOWS\System32\Drivers\sunkfilt.sys
19:06:55.0031 1856SunkFilt - ok
19:06:55.0171 1856Sunkfiltp - ok
19:06:55.0312 1856swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:06:55.0312 1856swenum - ok
19:06:55.0484 1856swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:06:55.0484 1856swmidi - ok
19:06:55.0640 1856symc810 - ok
19:06:55.0765 1856symc8xx - ok
19:06:55.0890 1856sym_hi - ok
19:06:56.0031 1856sym_u3 - ok
19:06:56.0218 1856sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:06:56.0218 1856sysaudio - ok
19:06:56.0359 1856SysProtDrv.sys - ok
19:06:56.0562 1856Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:06:56.0578 1856Tcpip - ok
19:06:56.0718 1856TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:06:56.0734 1856TDPIPE - ok
19:06:56.0859 1856TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:06:56.0875 1856TDTCP - ok
19:06:57.0015 1856TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:06:57.0015 1856TermDD - ok
19:06:57.0203 1856tmcomm (eb2283c0a4dfbd2e53d14f2c4d5a1e89) C:\WINDOWS\system32\drivers\tmcomm.sys
19:06:57.0218 1856tmcomm - ok
19:06:57.0343 1856TosIde - ok
19:06:57.0515 1856Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:06:57.0515 1856Udfs - ok
19:06:57.0656 1856ultra - ok
19:06:57.0859 1856Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:06:57.0859 1856Update - ok
19:06:58.0078 1856usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:06:58.0078 1856usbaudio - ok
19:06:58.0250 1856usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:06:58.0250 1856usbccgp - ok
19:06:58.0406 1856usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:06:58.0406 1856usbehci - ok
19:06:58.0562 1856usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:06:58.0562 1856usbhub - ok
19:06:58.0718 1856usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:06:58.0718 1856usbprint - ok
19:06:58.0890 1856usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:06:58.0890 1856usbscan - ok
19:06:59.0046 1856USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:06:59.0046 1856USBSTOR - ok
19:06:59.0234 1856usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:06:59.0234 1856usbuhci - ok
19:06:59.0406 1856VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:06:59.0406 1856VgaSave - ok
19:06:59.0546 1856ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
19:06:59.0546 1856ViaIde - ok
19:06:59.0703 1856VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:06:59.0703 1856VolSnap - ok
19:06:59.0921 1856Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:06:59.0937 1856Wanarp - ok
19:07:00.0078 1856wanatw - ok
19:07:00.0265 1856Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:07:00.0296 1856Wdf01000 - ok
19:07:00.0437 1856WDICA - ok
19:07:00.0578 1856wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:07:00.0593 1856wdmaud - ok
19:07:00.0921 1856WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
19:07:00.0921 1856WpdUsb - ok
19:07:01.0093 1856WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:07:01.0093 1856WS2IFSL - ok
19:07:01.0265 1856WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:07:01.0265 1856WSTCODEC - ok
19:07:01.0484 1856{6080A529-897E-4629-A488-ABA0C29B635E} (61002db7b6efb5711685b9d79b8e8ce6) C:\WINDOWS\system32\drivers\ialmsbw.sys
19:07:01.0484 1856{6080A529-897E-4629-A488-ABA0C29B635E} - ok
19:07:01.0640 1856{D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (35ce2baa708ea038ab72359de87bab87) C:\WINDOWS\system32\drivers\ialmkchw.sys
19:07:01.0640 1856{D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
19:07:01.0656 1856MBR (0x1B8) (8cc68602644010dfdb2a22cb60ddf258) \Device\Harddisk0\DR0
19:07:01.0671 1856\Device\Harddisk0\DR0 - ok
19:07:01.0671 1856Boot (0x1200) (ea0a5cd1837a6e3ea7de92511c4b2c08) \Device\Harddisk0\DR0\Partition0
19:07:01.0671 1856\Device\Harddisk0\DR0\Partition0 - ok
19:07:01.0703 1856Boot (0x1200) (deae0bc0d56ba40c4734ddb2d97a2a02) \Device\Harddisk0\DR0\Partition1
19:07:01.0718 1856\Device\Harddisk0\DR0\Partition1 - ok
19:07:01.0718 1856============================================================
19:07:01.0718 1856Scan finished
19:07:01.0718 1856============================================================
19:07:01.0750 4604Detected object count: 0
19:07:01.0750 4604Actual detected object count: 0
19:07:49.0875 4952Deinitialize success

19:03:56.0359 6132TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
19:04:06.0296 6132Perform update action was selected
19:04:06.0296 2160Deinitialize success
So, what's happening with your computer? Still having problems?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
Discussion
192.

Solve : Browser link redirection, spotify/ipod issues?

Answer»
Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-24 10:25:49
-----------------------------
10:25:49.328 OS Version: Windows 5.1.2600 Service Pack 3
10:25:49.328 Number of processors: 2 586 0xF06
10:25:49.328 ComputerName: YOUR-9499940BF8 UserName: james green
10:25:50.593 Initialize success
10:26:21.593 AVAST engine download error: 0
10:26:37.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:26:37.140 Disk 0 VENDOR: Maxtor_6 VA11 Size: 286188MB BusType: 3
10:26:37.140 Disk 0 MBR read successfully
10:26:37.140 Disk 0 MBR scan
10:26:37.140 Disk 0 [emailprotected] CODE has been found
10:26:37.140 Disk 0 MBR hidden
10:26:37.140 Disk 0 MBR [TDL4] **ROOTKIT**
10:26:37.140 Disk 0 trace - called modules:
10:26:37.140 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89dd94d0]<<
10:26:37.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89e06458]
10:26:37.140 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> [0x8a74ba68]
10:26:37.140 \Driver\iaStor[0x8a779d48] -> IRP_MJ_CREATE -> 0x89dd94d0
10:26:37.140 Scan finished successfully
10:26:52.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\james green\Desktop\MBR.dat"
10:26:52.703 The log file has been saved successfully to "C:\Documents and Settings\james green\Desktop\aswMBR.txt"


We need to fix the infection found with aswMBR now

  • Double click aswMBR.exe to run it like before
  • Once the scan finishes click Fix to remove the infection as illustrated below


  • Once the scan finishes click Save log to save the log to your Desktop



  • Copy and paste the contents of aswMBR.txt back here for review
I fixed the problem although didn't manage to keep the log as it requested I restarted my machine.
Good news though, the ipod now syncs, so it's possible my computer is clean.

Anyway, I appreciate the help as i'm able to sync my ipod again I will need to run a couple more scans to make sure it's clean.

Please download TDSSKiller from here and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button (If prompted with a "hidden service WARNING" do go ahead and delete it.)

  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
  • Note:It will also create a log in the C:\ directory.
20:40:02.0324 1948TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
20:40:02.0433 1948============================================================
20:40:02.0433 1948Current date / time: 2011/09/28 20:40:02.0433
20:40:02.0433 1948SystemInfo:
20:40:02.0433 1948
20:40:02.0433 1948OS Version: 5.1.2600 ServicePack: 3.0
20:40:02.0433 1948Product type: Workstation
20:40:02.0433 1948ComputerName: YOUR-9499940BF8
20:40:02.0433 1948UserName: james green
20:40:02.0433 1948Windows directory: C:\WINDOWS
20:40:02.0433 1948System windows directory: C:\WINDOWS
20:40:02.0433 1948Processor architecture: Intel x86
20:40:02.0433 1948Number of processors: 2
20:40:02.0433 1948Page size: 0x1000
20:40:02.0433 1948Boot type: Normal boot
20:40:02.0433 1948============================================================
20:40:03.0105 1948Initialize success
20:40:07.0605 1172============================================================
20:40:07.0605 1172Scan started
20:40:07.0605 1172Mode: Manual;
20:40:07.0605 1172============================================================
20:40:08.0777 1172Abiosdsk - ok
20:40:10.0215 1172abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:40:10.0215 1172abp480n5 - ok
20:40:10.0262 1172ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:40:10.0262 1172ACPI - ok
20:40:10.0387 1172ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:40:10.0402 1172ACPIEC - ok
20:40:10.0496 1172adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:40:10.0496 1172adpu160m - ok
20:40:10.0715 1172aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:40:10.0762 1172aec - ok
20:40:10.0965 1172AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:40:10.0965 1172AegisP - ok
20:40:11.0043 1172AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
20:40:11.0074 1172AFD - ok
20:40:11.0137 1172agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:40:11.0152 1172agp440 - ok
20:40:11.0262 1172agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:40:11.0262 1172agpCPQ - ok
20:40:11.0418 1172Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:40:11.0418 1172Aha154x - ok
20:40:11.0605 1172aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:40:11.0605 1172aic78u2 - ok
20:40:11.0730 1172aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:40:11.0730 1172aic78xx - ok
20:40:12.0090 1172AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
20:40:12.0090 1172AliIde - ok
20:40:12.0230 1172alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:40:12.0230 1172alim1541 - ok
20:40:12.0308 1172amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:40:12.0308 1172amdagp - ok
20:40:12.0402 1172amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
20:40:12.0402 1172amsint - ok
20:40:12.0621 1172Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:40:12.0621 1172Arp1394 - ok
20:40:13.0168 1172asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
20:40:13.0168 1172asc - ok
20:40:13.0308 1172asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:40:13.0308 1172asc3350p - ok
20:40:13.0449 1172asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:40:13.0449 1172asc3550 - ok
20:40:13.0730 1172AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:40:13.0824 1172AsyncMac - ok
20:40:14.0090 1172atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:40:14.0105 1172atapi - ok
20:40:14.0308 1172Atdisk - ok
20:40:15.0355 1172ati2mtag (492bd2a5f65f218d4ede5764a3bb67e9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:40:15.0480 1172ati2mtag - ok
20:40:16.0137 1172Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:40:16.0137 1172Atmarpc - ok
20:40:16.0387 1172audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:40:16.0387 1172audstub - ok
20:40:16.0762 1172AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
20:40:16.0793 1172AVGIDSDriver - ok
20:40:17.0277 1172AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
20:40:17.0308 1172AVGIDSEH - ok
20:40:17.0605 1172AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
20:40:17.0621 1172AVGIDSFilter - ok
20:40:17.0730 1172AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
20:40:17.0730 1172AVGIDSShim - ok
20:40:18.0308 1172Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
20:40:18.0355 1172Avgldx86 - ok
20:40:18.0574 1172Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
20:40:18.0574 1172Avgmfx86 - ok
20:40:19.0105 1172Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
20:40:19.0183 1172Avgrkx86 - ok
20:40:19.0371 1172Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
20:40:19.0496 1172Avgtdix - ok
20:40:19.0855 1172Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:40:19.0887 1172Beep - ok
20:40:20.0168 1172catchme - ok
20:40:20.0449 1172cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:40:20.0480 1172cbidf - ok
20:40:20.0902 1172cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:40:20.0902 1172cbidf2k - ok
20:40:21.0090 1172CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:40:21.0090 1172CCDECODE - ok
20:40:21.0262 1172cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:40:21.0277 1172cd20xrnt - ok
20:40:21.0387 1172Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:40:21.0418 1172Cdaudio - ok
20:40:21.0558 1172Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:40:21.0558 1172Cdfs - ok
20:40:22.0340 1172Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
20:40:22.0340 1172Cdr4_xp - ok
20:40:22.0558 1172Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
20:40:22.0558 1172Cdralw2k - ok
20:40:22.0855 1172Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:40:22.0871 1172Cdrom - ok
20:40:23.0027 1172Changer - ok
20:40:23.0277 1172CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:40:23.0277 1172CmdIde - ok
20:40:23.0480 1172Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:40:23.0480 1172Cpqarray - ok
20:40:23.0887 1172CX23880 (f396ef24a11c63340bc637789f22d76d) C:\WINDOWS\system32\drivers\cx88vid.sys
20:40:23.0933 1172CX23880 - ok
20:40:24.0137 1172CXAVSAUD (8d0ccebaf0a108f9867cef13107eaf0c) C:\WINDOWS\system32\DRIVERS\cxavsaud.sys
20:40:24.0152 1172CXAVSAUD - ok
20:40:24.0340 1172CXAVSTS (2a5466bd4cc60c8df9d9738a4b00900c) C:\WINDOWS\system32\drivers\cxavsts.sys
20:40:24.0340 1172CXAVSTS - ok
20:40:24.0590 1172CXAVXBAR (67841cd234559439647d45a9a4bfd34a) C:\WINDOWS\system32\drivers\cxavxbar.sys
20:40:24.0590 1172CXAVXBAR - ok
20:40:24.0824 1172CXBDATUNE (df719bc6a4d7ac7593aefc12fb2907c3) C:\WINDOWS\system32\drivers\cxBDAtun.sys
20:40:25.0090 1172CXBDATUNE - ok
20:40:25.0308 1172CXTUNE (078262221e238ce13d5f6880065b2c30) C:\WINDOWS\system32\drivers\CX88TUNE.sys
20:40:25.0308 1172CXTUNE - ok
20:40:25.0465 1172dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:40:25.0590 1172dac2w2k - ok
20:40:25.0730 1172dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:40:25.0730 1172dac960nt - ok
20:40:25.0949 1172Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:40:25.0965 1172Disk - ok
20:40:26.0324 1172dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:40:26.0512 1172dmboot - ok
20:40:26.0824 1172dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:40:27.0012 1172dmio - ok
20:40:27.0324 1172dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:40:27.0324 1172dmload - ok
20:40:27.0512 1172DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:40:27.0512 1172DMusic - ok
20:40:27.0574 1172dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:40:27.0590 1172dpti2o - ok
20:40:27.0621 1172drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:40:27.0621 1172drmkaud - ok
20:40:27.0699 1172e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
20:40:27.0855 1172e1express - ok
20:40:28.0215 1172ELacpi (0923aec043f5d355b4ef0c2b29a362de) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
20:40:28.0215 1172ELacpi - ok
20:40:28.0293 1172ELhid (cbd71e7772f92bfb85ccc302b2deefba) C:\WINDOWS\System32\Drivers\Elhid.sys
20:40:28.0293 1172ELhid - ok
20:40:28.0340 1172ELkbd (ac75b576c45d144e146fd1f0576a1f53) C:\WINDOWS\System32\Drivers\Elkbd.sys
20:40:28.0340 1172ELkbd - ok
20:40:28.0371 1172ELmon (483cce5e40137d4e437f4def55c80007) C:\WINDOWS\System32\Drivers\Elmon.sys
20:40:28.0387 1172ELmon - ok
20:40:28.0449 1172ELmou (8e88cafeac0812bf2d15beeedfcce8bd) C:\WINDOWS\System32\Drivers\Elmou.sys
20:40:28.0449 1172ELmou - ok
20:40:28.0590 1172ENTECH (bdd170fecb0e496a914318009d85b819) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
20:40:28.0590 1172ENTECH - ok
20:40:28.0668 1172Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:40:28.0683 1172Fastfat - ok
20:40:28.0855 1172Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:40:28.0855 1172Fdc - ok
20:40:29.0058 1172Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:40:29.0058 1172Fips - ok
20:40:29.0105 1172Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:40:29.0105 1172Flpydisk - ok
20:40:29.0168 1172FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:40:29.0168 1172FltMgr - ok
20:40:29.0262 1172Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:40:29.0262 1172Fs_Rec - ok
20:40:29.0340 1172Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:40:29.0340 1172Ftdisk - ok
20:40:29.0402 1172GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:40:29.0402 1172GEARAspiWDM - ok
20:40:29.0449 1172Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:40:29.0449 1172Gpc - ok
20:40:29.0574 1172HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:40:29.0590 1172HDAudBus - ok
20:40:29.0637 1172HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
20:40:29.0637 1172HidIr - ok
20:40:29.0746 1172HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:40:29.0762 1172HidUsb - ok
20:40:29.0965 1172hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
20:40:29.0965 1172hpn - ok
20:40:30.0215 1172HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:40:30.0230 1172HTTP - ok
20:40:30.0293 1172i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:40:30.0293 1172i2omgmt - ok
20:40:30.0449 1172i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:40:30.0449 1172i2omp - ok
20:40:30.0621 1172i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:40:30.0621 1172i8042prt - ok
20:40:30.0699 1172iaStor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\IASTOR.SYS
20:40:30.0699 1172iaStor - ok
20:40:30.0902 1172Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:40:30.0902 1172Imapi - ok
20:40:31.0027 1172ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:40:31.0027 1172ini910u - ok
20:40:31.0246 1172IntcAzAudAddService (3b63ff522b0ebe4e685860b18ccb8e22) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:40:31.0418 1172IntcAzAudAddService - ok
20:40:31.0574 1172IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:40:31.0574 1172IntelIde - ok
20:40:31.0762 1172intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:40:31.0762 1172intelppm - ok
20:40:32.0012 1172Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:40:32.0012 1172Ip6Fw - ok
20:40:32.0152 1172IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:40:32.0168 1172IpFilterDriver - ok
20:40:32.0293 1172IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:40:32.0293 1172IpInIp - ok
20:40:32.0340 1172IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:40:32.0340 1172IpNat - ok
20:40:32.0496 1172IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:40:32.0496 1172IPSec - ok
20:40:32.0855 1172IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
20:40:32.0871 1172IrBus - ok
20:40:33.0121 1172IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:40:33.0121 1172IRENUM - ok
20:40:33.0215 1172isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:40:33.0215 1172isapnp - ok
20:40:33.0340 1172Jukebox3 (09f29a61dc7bf2e711ea272256035c77) C:\WINDOWS\system32\DRIVERS\ctpdusb.sys
20:40:33.0355 1172Jukebox3 - ok
20:40:33.0449 1172Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:40:33.0449 1172Kbdclass - ok
20:40:33.0590 1172kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:40:33.0590 1172kbdhid - ok
20:40:33.0652 1172kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:40:33.0683 1172kmixer - ok
20:40:33.0808 1172KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:40:33.0808 1172KSecDD - ok
20:40:33.0902 1172lbrtfdc - ok
20:40:34.0058 1172MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
20:40:34.0058 1172MHNDRV - ok
20:40:34.0183 1172mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:40:34.0183 1172mnmdd - ok
20:40:34.0277 1172Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:40:34.0277 1172Modem - ok
20:40:34.0371 1172Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:40:34.0371 1172Mouclass - ok
20:40:34.0543 1172mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:40:34.0558 1172mouhid - ok
20:40:34.0715 1172MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:40:34.0715 1172MountMgr - ok
20:40:35.0418 1172MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
20:40:35.0418 1172MPE - ok
20:40:35.0621 1172mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:40:35.0621 1172mraid35x - ok
20:40:35.0730 1172MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:40:35.0730 1172MRxDAV - ok
20:40:35.0980 1172MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:40:35.0996 1172MRxSmb - ok
20:40:36.0058 1172Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:40:36.0058 1172Msfs - ok
20:40:36.0152 1172MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:40:36.0152 1172MSKSSRV - ok
20:40:36.0215 1172MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:40:36.0215 1172MSPCLOCK - ok
20:40:36.0308 1172MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:40:36.0324 1172MSPQM - ok
20:40:36.0465 1172mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:40:36.0465 1172mssmbios - ok
20:40:36.0605 1172MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:40:36.0605 1172MSTEE - ok
20:40:36.0918 1172ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
20:40:36.0918 1172ms_mpu401 - ok
20:40:37.0121 1172Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:40:37.0121 1172Mup - ok
20:40:37.0402 1172NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:40:37.0402 1172NABTSFEC - ok
20:40:37.0652 1172NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:40:37.0762 1172NDIS - ok
20:40:37.0918 1172NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:40:37.0918 1172NdisIP - ok
20:40:38.0152 1172NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:40:38.0152 1172NdisTapi - ok
20:40:38.0355 1172Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:40:38.0355 1172Ndisuio - ok
20:40:38.0512 1172NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:40:38.0512 1172NdisWan - ok
20:40:38.0683 1172NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:40:38.0683 1172NDProxy - ok
20:40:38.0855 1172NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:40:38.0855 1172NetBIOS - ok
20:40:39.0121 1172NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:40:39.0215 1172NetBT - ok
20:40:39.0621 1172NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:40:39.0621 1172NIC1394 - ok
20:40:39.0933 1172Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:40:40.0012 1172Npfs - ok
20:40:40.0246 1172Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:40:40.0340 1172Ntfs - ok
20:40:40.0558 1172Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:40:40.0558 1172Null - ok
20:40:41.0027 1172nvata (11d1ad7e946538e02f9ef6a6e1792061) C:\WINDOWS\system32\DRIVERS\NVATA.SYS
20:40:41.0027 1172nvata - ok
20:40:41.0324 1172nvatabus (11d1ad7e946538e02f9ef6a6e1792061) C:\WINDOWS\system32\DRIVERS\NVATABUS.SYS
20:40:41.0324 1172nvatabus - ok
20:40:41.0480 1172nvraid (3bc8b9d8a744df75698fe35d52f18a0a) C:\WINDOWS\system32\DRIVERS\NVRAID.SYS
20:40:41.0480 1172nvraid - ok
20:40:41.0683 1172NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:40:41.0683 1172NwlnkFlt - ok
20:40:41.0840 1172NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:40:41.0871 1172NwlnkFwd - ok
20:40:42.0027 1172ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:40:42.0027 1172ohci1394 - ok
20:40:42.0230 1172Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:40:42.0246 1172Parport - ok
20:40:42.0433 1172PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:40:42.0433 1172PartMgr - ok
20:40:42.0621 1172ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:40:42.0621 1172ParVdm - ok
20:40:42.0855 1172PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:40:42.0855 1172PCI - ok
20:40:42.0918 1172PCIDump - ok
20:40:43.0183 1172PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:40:43.0183 1172PCIIde - ok
20:40:43.0480 1172Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:40:43.0480 1172Pcmcia - ok
20:40:43.0637 1172PDCOMP - ok
20:40:43.0668 1172PDFRAME - ok
20:40:44.0012 1172PDRELI - ok
20:40:44.0137 1172PDRFRAME - ok
20:40:44.0308 1172perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
20:40:44.0308 1172perc2 - ok
20:40:44.0402 1172perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:40:44.0418 1172perc2hib - ok
20:40:44.0621 1172PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:40:44.0621 1172PptpMiniport - ok
20:40:44.0840 1172PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:40:44.0840 1172PSched - ok
20:40:44.0996 1172Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:40:44.0996 1172Ptilink - ok
20:40:45.0121 1172PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:40:45.0121 1172PxHelp20 - ok
20:40:45.0293 1172ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:40:45.0308 1172ql1080 - ok
20:40:45.0496 1172Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:40:45.0496 1172Ql10wnt - ok
20:40:45.0777 1172ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:40:45.0777 1172ql12160 - ok
20:40:46.0043 1172ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:40:46.0043 1172ql1240 - ok
20:40:46.0215 1172ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:40:46.0215 1172ql1280 - ok
20:40:46.0387 1172RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:40:46.0402 1172RasAcd - ok
20:40:46.0621 1172Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:40:46.0621 1172Rasl2tp - ok
20:40:46.0762 1172RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:40:46.0762 1172RasPppoe - ok
20:40:47.0340 1172Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:40:47.0340 1172Raspti - ok
20:40:47.0590 1172Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:40:47.0605 1172Rdbss - ok
20:40:47.0637 1172RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:40:47.0637 1172RDPCDD - ok
20:40:47.0808 1172rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:40:47.0808 1172rdpdr - ok
20:40:48.0105 1172RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:40:48.0105 1172RDPWD - ok
20:40:48.0168 1172redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:40:48.0168 1172redbook - ok
20:40:48.0465 1172RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys
20:40:48.0496 1172RsFx0102 - ok
20:40:49.0058 1172RT61 (3ed606790b5a696d375d7b6f9bcb6455) C:\WINDOWS\system32\DRIVERS\RT61.sys
20:40:49.0168 1172RT61 - ok
20:40:49.0324 1172SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:40:49.0324 1172SASDIFSV - ok
20:40:49.0340 1172SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:40:49.0340 1172SASKUTIL - ok
20:40:49.0637 1172Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:40:49.0637 1172Secdrv - ok
20:40:49.0918 1172serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:40:49.0918 1172serenum - ok
20:40:50.0168 1172Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:40:50.0168 1172Serial - ok
20:40:50.0371 1172Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
20:40:50.0371 1172Sfloppy - ok
20:40:50.0652 1172Simbad - ok
20:40:50.0887 1172sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:40:50.0887 1172sisagp - ok
20:40:51.0324 1172SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:40:51.0324 1172SLIP - ok
20:40:51.0527 1172Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:40:51.0527 1172Sparrow - ok
20:40:51.0683 1172splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:40:51.0683 1172splitter - ok
20:40:51.0840 1172sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:40:51.0840 1172sr - ok
20:40:52.0183 1172Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:40:52.0215 1172Srv - ok
20:40:52.0308 1172streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:40:52.0308 1172streamip - ok
20:40:52.0465 1172swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:40:52.0465 1172swenum - ok
20:40:52.0902 1172swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:40:52.0902 1172swmidi - ok
20:40:53.0074 1172symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
20:40:53.0074 1172symc810 - ok
20:40:53.0137 1172symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:40:53.0152 1172symc8xx - ok
20:40:53.0277 1172sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:40:53.0277 1172sym_hi - ok
20:40:53.0449 1172sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:40:53.0465 1172sym_u3 - ok
20:40:53.0949 1172sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:40:54.0074 1172sysaudio - ok
20:40:54.0340 1172Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:40:54.0387 1172Tcpip - ok
20:40:54.0590 1172TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:40:54.0590 1172TDPIPE - ok
20:40:54.0887 1172TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:40:54.0902 1172TDTCP - ok
20:40:55.0262 1172TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:40:55.0262 1172TermDD - ok
20:40:55.0387 1172TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
20:40:55.0418 1172TosIde - ok
20:40:55.0683 1172Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:40:55.0683 1172Udfs - ok
20:40:55.0840 1172ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
20:40:55.0855 1172ultra - ok
20:40:56.0090 1172Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:40:56.0121 1172Update - ok
20:40:56.0355 1172USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:40:56.0355 1172USBAAPL - ok
20:40:56.0543 1172usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:40:56.0543 1172usbccgp - ok
20:40:56.0699 1172usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:40:56.0715 1172usbehci - ok
20:40:57.0137 1172usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:40:57.0152 1172usbhub - ok
20:40:57.0355 1172usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:40:57.0371 1172usbscan - ok
20:40:57.0480 1172USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:40:57.0480 1172USBSTOR - ok
20:40:57.0746 1172usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:40:57.0746 1172usbuhci - ok
20:40:58.0137 1172V0260VID (4f6d02349cac986a017ad1a0f2e2b099) C:\WINDOWS\system32\DRIVERS\V0260Vid.sys
20:40:58.0168 1172V0260VID - ok
20:40:58.0480 1172VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:40:58.0480 1172VgaSave - ok
20:40:58.0762 1172viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:40:58.0762 1172viaagp - ok
20:40:59.0183 1172ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:40:59.0183 1172ViaIde - ok
20:40:59.0449 1172VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:40:59.0449 1172VolSnap - ok
20:40:59.0699 1172Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:40:59.0715 1172Wanarp - ok
20:40:59.0902 1172WDICA - ok
20:41:00.0215 1172wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:41:00.0230 1172wdmaud - ok
20:41:01.0058 1172WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:41:01.0105 1172WpdUsb - ok
20:41:01.0480 1172WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:41:01.0480 1172WSTCODEC - ok
20:41:02.0949 1172WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:41:02.0949 1172WudfPf - ok
20:41:03.0230 1172WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:41:03.0230 1172WudfRd - ok
20:41:03.0293 1172MBR (0x1B8) (2d572a71bbc779eccd3d2595fc788a35) \Device\Harddisk0\DR0
20:41:03.0293 1172\Device\Harddisk0\DR0 - ok
20:41:03.0355 1172Boot (0x1200) (592b1550995b8e94e914db96b7e902db) \Device\Harddisk0\DR0\Partition0
20:41:03.0355 1172\Device\Harddisk0\DR0\Partition0 - ok
20:41:03.0355 1172============================================================
20:41:03.0355 1172Scan finished
20:41:03.0355 1172============================================================
20:41:03.0371 4564Detected object count: 0
20:41:03.0371 4564Actual detected object count: 0
20:41:10.0449 6140Deinitialize success
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
There were no threats found on this scan (although I don't have the log).How's the computer working now? Any other issues?It seems to be working fine. Apart from my open office files don't appear to be opening.Ok. We can do some cleanup.

To uninstall ComboFix

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall


(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
********************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*******************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these RELIABLE vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ
Discussion
193.

Solve : 3 severe infections of Java has been removed w/ MSE?

Answer»

Exploit:Java/CVE-2010-0840.EX

Exploit:Java/CVE-2010-0840.LV

Exploit:Java/CVE-2010-4452

These were LISTED as SEVERE, by MSE and REMOVED supposedly

Any other SUGGESTIONS here? Thanks kindly
Firedup420


Please See Here...Quote from: Firedup420 on October 20, 2011, 09:53:00 AM

Exploit:Java/CVE-2010-0840.EX

Exploit:Java/CVE-2010-0840.LV

Exploit:Java/CVE-2010-4452

These were listed as severe, by MSE and removed supposedly

Any other suggestions here? Thanks kindly
Firedup420

Do you still need help?

Please step through the guide POSTED by patio and I will take a look...
Discussion
194.

Solve : Home Page has been hijacked - http://www.msn.com/?pc=Z192&install_date=20111021?

Answer»

Doing this now. Can I just say you've been really great and patient. And I can't say enough about the step by step instructions that has to be very time consuming. I feel so relieved to have found someone who can help me. Thanks for all your efforts.Quote

Can I just say you've been really great and patient. And I can't say enough about the step by step instructions that has to be very time consuming. I feel so relieved to have found someone who can help me. Thanks for all your efforts.
Actually, it only takes a few minutes. Please post the ESET log. If it looks ok, we can do some cleanup.C:\Users\Valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\5fc22f26-7b3642dfa variant of Java/Agent.AP trojandeleted - quarantined
C:\Users\Valerie\Downloads\cnet_RegpairSetup_exe.exea variant of Win32/InstallCore.D applicationcleaned by deleting - quarantined
That looks good. If there are no other issues, we can do some cleanup.

To uninstall ComboFix

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall


(Note: Make SURE there's a space between the word ComboFix and the forward-slash.)

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
*********************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select YES when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (BELONGING to the program we have used) hasn't been deleted, please delete it manually.
***********************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
**************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, IDENTITY theft, spyware, spam, viruses and UNRELIABLE shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
Discussion
195.

Solve : Virus/malware blocking Internet access?

Answer»

I have been presumably infected with a virus that is blocking my Internet connection. I have run mbar and superantispyware but still have a problem. I researched and evilFantasy looks like he helped a user in Jan 2009 on a similar type of issue. Any suggestions?Hello and welcome to Computer HOPE Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
**********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
**********************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )
SuperDave
Thanks in advance for your help! I think you have solved a few of these in the past!

I've done the SuperSpyware scan and removed all of the identified objects. I've also attached the MBAM log below. These are bit challenging without internet access. I've been unable to download the "dds" file. Neither link works on my mac? Is there an alternative way to get this program and run the scan?


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7622

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/8/2011 1:09:02 PM
mbam-log-2011-11-08 (13-09-01).txt

Scan type: Quick scan
Objects scanned: 186134
Time elapsed: 10 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ANTIVIRUSDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig (Windows.Tool.Disabled) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks!Sorry...SuperSpyware Log attached:SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/08/2011 at 12:50 PM

Application Version : 5.0.1134

Core Rules Database Version : 7911
Trace Rules Database Version: 5723

Scan type : Complete Scan
Total Scan Time : 00:14:42

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 685
Memory threats detected : 0
Registry items scanned : 39208
Registry threats detected : 30
File items scanned : 8765
File threats detected : 342

Adware.Zugo
HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\InprocServer32
HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\InprocServer32#ThreadingModel
HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ProgID
HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\Programmable
HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\TypeLib
HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
HKCR\SearchToolbarLib.CSearchToolbarImpl.1
HKCR\SearchToolbarLib.CSearchToolbarImpl.1\CLSID
HKCR\SearchToolbarLib.CSearchToolbarImpl
HKCR\SearchToolbarLib.CSearchToolbarImpl\CLSID
HKCR\SearchToolbarLib.CSearchToolbarImpl\CurVer
HKCR\TypeLib\{E43AD97A-5248-46A7-BB03-35574058224C}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
HKU\S-1-5-21-1482476501-2000478354-682003330-197641\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{9D425283-D487-4337-BAB6-AB8354A81457}
[SASINPROCSERVER32]
HKU\S-1-5-21-1482476501-2000478354-682003330-197641\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{9D425283-D487-4337-BAB6-AB8354A81457}

Browser Hijacker.Tubby
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#URLInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#EstimatedSize

Disabled.SecurityCenterOption
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY

Adware.Tracking Cookie
C:\Documents and Settings\cturner\Cookies\[emailprotected][2].txt [ /2o7 ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /a1.interclick ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][2].txt [ /ad.wsod ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][2].txt [ /adbrite ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][2].txt [ /adinterax ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /ads.jiwire ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][2].txt [ /ads.ookla ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /ads.pointroll ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][2].txt [ /advertising ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /adxpose ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /apmebf ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /at.atwola ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /bs.serving-sys ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /carlson.112.2o7 ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][2].txt [ /casalemedia ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /charter.122.2o7 ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][2].txt [ /chitika ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][2].txt [ /collective-media ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /doubleclick ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /etrade.122.2o7 ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /fastclick ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][2].txt [ /find-assist ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /in.getclicky ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /insightexpressai ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][2].txt [ /interclick ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /invitemedia ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /liveperson ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][2].txt [ /liveperson ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][4].txt [ /liveperson ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /media6degrees ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /mediaplex ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][2].txt [ /megaporn ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /microsoftwindows.112.2o7 ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][2].txt [ /p1335.superclick ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /perf.overture ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][2].txt [ /pointroll ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /revsci ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /sales.liveperson ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /serving-sys ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /specificclick ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /specificmedia ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /statse.webtrendslive ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /tacoda ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][2].txt [ /tribalfusion ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /usta.122.2o7 ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][2].txt [ /www.windowsmedia ]
C:\Documents and Settings\cturner\Cookies\[emailprotected][1].txt [ /yieldmanager ]
C:\Documents and Settings\cturner\Cookies\17ZMQ1Q5.txt [ /ad.wsod.com ]
C:\Documents and Settings\cturner\Cookies\88EBIUVA.txt [ /statse.webtrendslive.com ]
C:\Documents and Settings\cturner\Cookies\3GMXMBJ4.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\cturner\Cookies\ZTHEZ3Z4.txt [ /doubleclick.net ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\YYVQ403R.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\KCYNZTFN.txt [ Cookie:[emailprotected]/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\ZNJDW43R.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\5NUV8A6S.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\4I9ASM7T.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\7TYMF8XL.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\BISCZF21.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\Y3N2GK5K.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\NW3ZHILF.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\S6JQZINI.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\C3APYU6K.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\XJ91S8VI.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\TOPBCPVF.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\4MBZG0FZ.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\MWTG6OIO.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\I7F0LPIU.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\Q7NFRWTO.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\PX2OGM2S.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\OWYIOBR6.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\NY2JE567.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\WVFNC18S.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\2SK393OC.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\3146XLDS.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\3RPMQFZ1.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\TGVKJRRD.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\G40ZRP89.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\8RQKWQAY.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\WTT2KGXY.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\SQ20W33E.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\BTU70DAK.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\9788YBDA.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\PH1JC8FD.txt [ Cookie:[emailprotected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[emailprotected][2].txt [ Cookie:[emailprotected]/ ]
data-ero-advertising.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\USPJS8B9 ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\USPJS8B9 ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adviva.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.*adult URL* [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hornymatches.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hornymatches.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hornymatches.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hornymatches.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hornymatches.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.getclicky.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.static.getclicky.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hornymatches.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hornymatches.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hornymatches.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hornymatches.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hornymatches.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ero-advertising.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ero-advertising.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.*adult URL* [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.*adult URL* [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.*adult URL* [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.*adult URL* [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.*adult URL* [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.*adult URL* [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.*adult URL* [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.*adult URL* [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pornmart.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pornmart.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pornmart.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.akamai.interclickproxy.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
a.intentmedia.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
a.intentmedia.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
a.intentmedia.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.viewablemedia.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exoclick.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.crakmedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
dc.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.officialsexandlondoncity.blogspot.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.officialsexandlondoncity.blogspot.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.officialsexandlondoncity.blogspot.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
s07.flagcounter.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
officialsexandlondoncity.blogspot.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
officialsexandlondoncity.blogspot.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
officialsexandlondoncity.blogspot.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
officialsexandlondoncity.blogspot.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
officialsexandlondoncity.blogspot.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
officialsexandlondoncity.blogspot.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.linksynergy.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
counters.gigya.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.thehairymonster.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.thehairymonster.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.thehairymonster.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.thehairymonster.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.picadmedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.picadmedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.r1-ads.ace.advertising.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
network.realmedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.network.realmedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sex.healthguru.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sex.healthguru.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sex.healthguru.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\CTURNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
SuperDave-
Forgive the multiple posts. I was able to get the dds. Both logs posted here:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by cturner at 16:35:23 on 2011-11-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1944.1058 [GMT -6:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\WinMagic\SecureDoc-NT\WMPUCmd.exe
C:\Program Files\WinMagic\SecureDoc-NT\SDPin.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\odClientMgr.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www-int.juniper.net/
uSearch Page = hxxp://www.charter.net/google/index.php?q=
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uWindow Title = Windows Internet Explorer provided by Juniper Networks
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 : {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
TB: {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [COMMUNICATOR] "c:\program files\microsoft office communicator\Communicator.exe" /background
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Privacy Protection] c:\documents and settings\all users\application data\privacy.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [TrackPointSrv] c:\program files\lenovo\trackpoint\tp4serv.exe
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [OdTray.exe] "c:\program files\juniper networks\odyssey access client\OdTray.exe"
mRun: [TpShocks] TpShocks.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StartSecurDoc] c:\program files\winmagic\securedoc-nt\SDPin.exe
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: []
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [Communicator] "c:\program files\microsoft office communicator\Communicator.exe"
dRun: [GoTrusted] c:\program files\gotrusted.com\gotrusted secure tunnel v2.3.1.5\GoTrusted Secure Tunnel.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoPropertiesRecycleBin = 1 (0x1)
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
uPolicies-explorer: NoInternetIcon = 1 (0x1)
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: NoActiveDesktop = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
uPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)
uPolicies-explorer: NoPublishingWizard = 1 (0x1)
uPolicies-explorer: NoWebServices = 1 (0x1)
uPolicies-explorer: NoOnlinePrintsWizard = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: MaxGPOScriptWait = 300 (0x12c)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: microsoft.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://wf-access.juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: OdysseyClient - odyEvent.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\cturner\application data\mozilla\firefox\profiles\fk2rldz9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\cturner\application data\mozilla\firefox\profiles\fk2rldz9.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\cturner\application data\mozilla\firefox\profiles\fk2rldz9.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\cturner\application data\mozilla\firefox\profiles\fk2rldz9.default\extensions\[emailprotected]\lib\winnt\ff3\AbineComponent.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-6-30 24304]
R0 mv64xx;mv64xx;c:\windows\system32\drivers\mv64xx.sys [2010-5-5 277032]
R0 odFips;odFips;c:\windows\system32\drivers\odFIPS.sys [2010-2-18 9856]
R0 odFips2;odFips2;c:\windows\system32\drivers\odFIPS2.sys [2010-2-18 282496]
R0 PinFile;PinFile;c:\windows\system32\drivers\PinFile.sys [2007-10-30 11776]
R0 SDDisk2K;WinMagic SecureDoc;c:\windows\system32\drivers\SDDisk2K.sys [2008-7-29 144128]
R0 SDDToki;WinMagic SecureDoc Encryption Engine;c:\windows\system32\drivers\SDDToki.sys [2008-7-29 109696]
R0 SDDVD;WinMagic SecureDoc Removable Media Encryptor;c:\windows\system32\drivers\SDDVD.sys [2008-7-29 67840]
R0 SDUPC;WinMagic SecureDoc USB Driver;c:\windows\system32\drivers\SDUPC.sys [2007-12-12 9728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2010-5-5 17584]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2009-7-8 13480]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-5-9 108456]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-5-9 108456]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-6-30 132456]
R2 EraserSvc11113;Symantec Eraser Service;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-5-9 108456]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2009-11-12 132392]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-8 366152]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-6-30 53248]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-5-9 1839888]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2010-4-8 63928]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2011-3-9 240640]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2011-3-9 1062912]
R2 WinMagic SecureDoc Service;WinMagic SecureDoc Service;c:\program files\winmagic\securedoc-nt\SDService.exe [2008-9-12 212992]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2010-6-30 238736]
R3 EacService;Juniper TNC Endpoint Assessment;c:\program files\common files\juniper networks\tnc client\jTnccService.exe [2010-2-18 136560]
R3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys [2008-3-18 20480]
R3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna.sys [2010-2-16 420264]
R3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;c:\windows\system32\drivers\jnprvamgr.sys [2010-2-16 29312]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-8 22216]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20111106.009\NAVENG.SYS [2011-11-6 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20111106.009\NAVEX15.SYS [2011-11-6 1576312]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2010-6-30 22568]
S0 fxlj;fxlj;c:\windows\system32\drivers\jrnrhj.sys --> c:\windows\system32\drivers\jrnrhj.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-4 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-4-8 45496]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\seagatedashboardservice.exe --> c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [?]
S2 WDSC;WD File Management Shadow Engine;"c:\program files\western digital\wd smartware\front parlor\wdsc.exe" --> c:\program files\western digital\wd smartware\front parlor\WDSC.exe [?]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2006-9-21 347648]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-4 136176]
S3 jnprva;Juniper Networks Virtual Adapter Service;c:\windows\system32\drivers\jnprva.sys [2010-2-16 12288]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 tpflhlp;tpflhlp;\??\c:\windows\temp\jnprbi~1\tpflhlp.sys --> c:\windows\temp\jnprbi~1\tpflhlp.sys [?]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2010-5-5 22448]
S3 vmxnet;VMware ETHERNET Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [2010-5-5 29232]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2010-5-5 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-11-08 18:57:18--------d-----w-c:\documents and settings\cturner\application data\Malwarebytes
2011-11-08 18:56:50--------d-----w-c:\documents and settings\all users\application data\Malwarebytes
2011-11-08 18:56:4622216----a-w-c:\windows\system32\drivers\mbam.sys
2011-11-08 18:56:44--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2011-11-08 18:35:16--------d-----w-c:\documents and settings\cturner\application data\SUPERAntiSpyware.com
2011-11-08 18:34:47--------d-----w-c:\program files\SUPERAntiSpyware
2011-11-08 18:34:47--------d-----w-c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-10-31 22:08:18--------d-----w-c:\documents and settings\cturner\.swt
2011-10-25 18:32:53--------d-----w-c:\program files\iPod
2011-10-25 18:24:40--------d-----w-c:\program files\Bonjour
2011-10-14 01:40:05--------d-----w-c:\windows\ms
2011-10-14 01:32:32--------d-----w-c:\windows\system32\wbem\repository\FS
2011-10-14 01:32:32--------d-----w-c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-11-02 22:52:2360808----a-w-c:\windows\system32\S32EVNT1.DLL
2011-11-02 22:52:23125488----a-w-c:\windows\system32\drivers\SYMEVENT.SYS
2011-09-26 16:41:20611328----a-w-c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20220160----a-w-c:\windows\system32\oleacc.dll
2011-09-26 16:41:1420480----a-w-c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:511858944----a-w-c:\windows\system32\win32k.sys
2011-09-03 10:17:37599040----a-w-c:\windows\system32\crypt32.dll
2011-08-30 22:05:0483816----a-w-c:\windows\system32\dns-sd.exe
2011-08-30 22:05:0473064----a-w-c:\windows\system32\dnssd.dll
2011-08-30 22:05:0450536----a-w-c:\windows\system32\jdns_sd.dll
2011-08-30 22:05:04178536----a-w-c:\windows\system32\dnssdX.dll
2011-08-24 16:15:20404640----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-22 23:48:55916480----a-w-c:\windows\system32\wininet.dll
2011-08-22 23:48:5443520----a-w-c:\windows\system32\licmgr10.dll
2011-08-22 23:48:541469440----a-w-c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39385024----a-w-c:\windows\system32\html.iec
2011-08-17 13:49:54138496----a-w-c:\windows\system32\drivers\afd.sys
.
============= FINISH: 16:36:36.09 ===============

attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/30/2010 5:28:30 PM
System Uptime: 11/8/2011 3:00:04 PM (1 hours ago)
.
Motherboard: LENOVO | | 74592S6
Processor: Intel Pentium III Xeon processor | None | 789/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 151.596 GiB free.
D: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Photosmart C4700 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: C4700,192.168.0.145
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 4100 Series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: Hewlett-Packard
Name: HP LaserJet 4100 Series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet 4550
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 4550
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C4700 series
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 5200
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: Hewlett-Packard
Name: HP LaserJet 5200
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 5200
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer: Hewlett-Packard
Name: HP LaserJet 5200
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 8100 Series
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer: Hewlett-Packard
Name: HP LaserJet 8100 Series
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0006
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0006
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C6300 series
Device ID: ROOT\MULTIFUNCTION\0007
Manufacturer: HP
Name: Photosmart C6300 series
PNP Device ID: ROOT\MULTIFUNCTION\0007
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4250
Device ID: ROOT\MULTIFUNCTION\0008
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4250
PNP Device ID: ROOT\MULTIFUNCTION\0008
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: DesignJet 1050C (C6074A)
Device ID: ROOT\MULTIFUNCTION\0009
Manufacturer: Hewlett-Packard
Name: DesignJet 1050C (C6074A)
PNP Device ID: ROOT\MULTIFUNCTION\0009
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet 4700
Device ID: ROOT\MULTIFUNCTION\0010
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 4700
PNP Device ID: ROOT\MULTIFUNCTION\0010
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 2420
Device ID: ROOT\MULTIFUNCTION\0011
Manufacturer: Hewlett-Packard
Name: hp LaserJet 2420
PNP Device ID: ROOT\MULTIFUNCTION\0011
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4250
Device ID: ROOT\MULTIFUNCTION\0012
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4250
PNP Device ID: ROOT\MULTIFUNCTION\0012
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro 8500 A910
Device ID: ROOT\MULTIFUNCTION\0013
Manufacturer: HP
Name: Officejet Pro 8500 A910
PNP Device ID: ROOT\MULTIFUNCTION\0013
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet 6500 E710n-z
Device ID: ROOT\MULTIFUNCTION\0014
Manufacturer: HP
Name: Officejet 6500 E710n-z
PNP Device ID: ROOT\MULTIFUNCTION\0014
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 8150 Series
Device ID: ROOT\MULTIFUNCTION\0015
Manufacturer: Hewlett-Packard
Name: HP LaserJet 8150 Series
PNP Device ID: ROOT\MULTIFUNCTION\0015
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 5200
Device ID: ROOT\MULTIFUNCTION\0016
Manufacturer: Hewlett-Packard
Name: HP LaserJet 5200
PNP Device ID: ROOT\MULTIFUNCTION\0016
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet CP3525
Device ID: ROOT\MULTIFUNCTION\0017
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CP3525
PNP Device ID: ROOT\MULTIFUNCTION\0017
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 8100 Series
Device ID: ROOT\MULTIFUNCTION\0018
Manufacturer: Hewlett-Packard
Name: HP LaserJet 8100 Series
PNP Device ID: ROOT\MULTIFUNCTION\0018
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 8000 Series
Device ID: ROOT\MULTIFUNCTION\0019
Manufacturer: Hewlett-Packard
Name: HP LaserJet 8000 Series
PNP Device ID: ROOT\MULTIFUNCTION\0019
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BlackBerry Desktop Software 6.1
Bonjour
BufferChm
C4700
Conexant 20561 SmartAudio HD
Configuration Manager Client
CopyTrans Suite Remove Only
Destinations
DeviceDiscovery
DivX Setup
GlobalMeet
Google Chrome
Google Earth Plug-in
Google Update Helper
GoToMeeting 4.5.0.457
GoTrusted Secure Tunnel v2.3.1.5
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Office (KB2512788)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
InterVideo Register Manager
InterVideo WinDVD
iPassConnect
iTunes
Java 2 Runtime Environment, SE v1.4.2
Java Auto Updater
Java(TM) 6 Update 25
Juniper Networks Host Checker
Juniper Networks Network Connect 6.5.0
Juniper Networks Network Connect 7.0.0
Juniper Networks Secure Meeting 6.5.0
Juniper Networks Secure Meeting 7.0.0
Juniper Networks Setup Client
Juniper Odyssey Access Client 5.1
junos_screensaver
junos_screensaver_macv1
Lenovo System Interface Driver
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2005
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio Viewer 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Mozilla Firefox 7.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
OGA Notifier 2.0.0048.0
On Screen Display
PDFCreator
Picasa 3
Presentation Director
PS_AIO_06_C4700_SW_Min
QuickTime
QuickTransfer
RDC
RealPlayer
RSA Security - EAP - Uninstall
Safari
Scan
ScreenTime for Flash 3.7.0 Demo
Seagate Dashboard
SecureDoc Disk Encryption
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2483614)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
Skype Toolbars
Skypeô 5.3
SmartWebPrinting
SolutionCenter
Sonic RecordNow!
Status
SUPERAntiSpyware
Symantec Endpoint Protection
Symantec Enterprise Vault Outlook Add-In
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Integration Setup
ThinkPad MODEM Adapter
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad TrackPoint Driver
ThinkVantage Active Protection System
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2607712)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.5
Vuze
Vuze Remote Toolbar
WD SmartWare
WebFldrs XP
WebReg
WIMGAPI
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
WinRAR 4.01 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
11/8/2011 4:36:47 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 480 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
11/8/2011 10:48:09 AM, error: Service Control Manager [7034] - The ThinkPad PM Service service terminated unexpectedly. It has done this 1 time(s).
11/7/2011 8:08:28 AM, error: Service Control Manager [7011] - Timeout (120000 milliseconds) waiting for a transaction response from the odClientService service.
11/7/2011 5:09:42 PM, error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/7/2011 4:11:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/7/2011 4:03:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm lenovo.smi NetBT SRTSP SRTSPX SYMTDI TPHKDRV TPPWRIF TSMAPIP
11/7/2011 4:01:57 PM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service odClientService with arguments "-Service" in order to run the server: {801B616C-A8CE-4EDC-A7F0-AFE343D44A77}
11/7/2011 3:58:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl Fips intelppm IPSec lenovo.smi MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSP SRTSPX SYMTDI Tcpip TPHKDRV TPPWRIF TSMAPIP WPS
11/7/2011 3:58:46 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/7/2011 3:58:46 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/7/2011 3:58:46 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/7/2011 3:58:46 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/7/2011 3:58:46 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/7/2011 3:58:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/7/2011 2:52:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: NetBT
11/7/2011 2:52:05 PM, error: Service Control Manager [7023] - The Symantec Endpoint Protection service terminated with the following error: The environment is incorrect.
11/7/2011 2:52:04 PM, error: Service Control Manager [7000] - The WD File Management Shadow Engine service failed to start due to the following error: The system cannot find the file specified.
11/7/2011 2:52:02 PM, error: Service Control Manager [7000] - The Seagate Dashboard Service service failed to start due to the following error: The system cannot find the file specified.
11/7/2011 2:52:01 PM, error: Service Control Manager [7000] - The IviRegMgr service failed to start due to the following error: The system cannot find the file specified.
11/7/2011 2:51:59 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/7/2011 2:51:58 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/7/2011 2:41:59 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The system cannot find the file specified.
11/7/2011 2:41:59 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/7/2011 2:27:48 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
11/7/2011 2:24:48 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/7/2011 2:21:47 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/5/2011 2:37:54 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
11/5/2011 11:41:21 AM, error: NETLOGON [5719] - No Domain Controller is available for domain JNPR due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
11/5/2011 11:34:45 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
11/4/2011 9:22:49 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
11/4/2011 8:05:53 AM, error: Service Control Manager [7011] - Timeout (120000 milliseconds) waiting for a transaction response from the WDSC service.
11/4/2011 2:27:50 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 240 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
11/4/2011 1:34:38 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
11/4/2011 1:03:35 PM, error: Service Control Manager [7011] - Timeout (120000 milliseconds) waiting for a transaction response from the CcmExec service.
11/3/2011 10:42:31 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
11/3/2011 10:41:18 AM, error: Service Control Manager [7034] - The iPassPeriodicUpdateApp service terminated unexpectedly. It has done this 1 time(s).
11/2/2011 6:44:38 AM, error: Service Control Manager [7011] - Timeout (120000 milliseconds) waiting for a transaction response from the WDFME service.
11/2/2011 5:45:43 PM, error: Dhcp [1002] - The IP address lease 172.28.131.225 for the Network Card with network address 00FF98AC9F88 has been denied by the DHCP server 172.28.128.1 (The DHCP Server sent a DHCPNACK message).
11/1/2011 9:39:01 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
11/1/2011 9:33:47 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
11/1/2011 9:32:50 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
11/1/2011 8:36:59 PM, error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
11/1/2011 8:36:43 PM, error: Dhcp [1002] - The IP address lease 172.28.131.225 for the Network Card with network address 00FF48DA4288 has been denied by the DHCP server 172.28.128.1 (The DHCP Server sent a DHCPNACK message).
11/1/2011 6:28:15 AM, error: Service Control Manager [7011] - Timeout (120000 milliseconds) waiting for a transaction response from the W32Time service.
11/1/2011 6:28:14 AM, error: Service Control Manager [7011] - Timeout (120000 milliseconds) waiting for a transaction response from the WZCSVC service.
11/1/2011 6:28:14 AM, error: Service Control Manager [7011] - Timeout (120000 milliseconds) waiting for a transaction response from the WSearch service.
11/1/2011 6:28:14 AM, error: Service Control Manager [7011] - Timeout (120000 milliseconds) waiting for a transaction response from the TPHKSVC service.
11/1/2011 6:28:14 AM, error: Service Control Manager [7011] - Timeout (120000 milliseconds) waiting for a transaction response from the Power Manager DBC Service service.
11/1/2011 6:12:19 AM, error: Service Control Manager [7011] - Timeout (120000 milliseconds) waiting for a transaction response from the Spooler service.
11/1/2011 6:12:19 AM, error: Service Control Manager [7011] - Timeout (120000 milliseconds) waiting for a transaction response from the HPSLPSVC service.
.
==== End Of File ===========================
Thanks!!Please download MiniToolBox to Desktop and run it.



Checkmark the following boxes:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • List content of Hosts
    • List IP Configuration
    • Lst Last 10 Event Viewer Errors
    • List Users, Partitions and Memory Size
      • [/b]
    Click Go and copy/paste the log (Result.txt) into your next post.
    minitoolbox results:


    MiniToolBox by Farbar
    Ran by cturner (administrator) on 08-11-2011 at 17:29:19
    Microsoft Windows XP Service Pack 3 (X86)

    ***************************************************************************

    ========================= Flush DNS: ===================================


    Windows IP Configuration



    Successfully flushed the DNS Resolver Cache.


    ========================= IE Proxy Settings: ==============================

    Proxy is enabled.
    No Proxy Server is set.

    "Reset IE Proxy Settings": IE Proxy Settings were reset.
    ========================= Hosts content: =================================


    127.0.0.1 localhost

    ========================= IP Configuration: ================================

    # ----------------------------------
    # Interface IP Configuration
    # ----------------------------------
    pushd interface ip


    # Interface IP Configuration for "Wireless Network Connection"

    set address name="Wireless Network Connection" source=dhcp
    set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
    set wins name="Wireless Network Connection" source=dhcp

    # Interface IP Configuration for "Local Area Connection"

    set address name="Local Area Connection" source=dhcp
    set dns name="Local Area Connection" source=dhcp register=PRIMARY
    set wins name="Local Area Connection" source=dhcp

    # Interface IP Configuration for "{7564E1B5-45FC-4EF4-848B-834E0B3AF82A}"

    set address name="{7564E1B5-45FC-4EF4-848B-834E0B3AF82A}" source=dhcp
    set dns name="{7564E1B5-45FC-4EF4-848B-834E0B3AF82A}" source=dhcp register=PRIMARY
    set wins name="{7564E1B5-45FC-4EF4-848B-834E0B3AF82A}" source=dhcp

    # Interface IP Configuration for "Network Connect Adapter"

    set address name="Network Connect Adapter" source=dhcp
    set dns name="Network Connect Adapter" source=dhcp register=PRIMARY
    set wins name="Network Connect Adapter" source=dhcp


    popd
    # End of interface IP configuration




    Windows IP Configuration



    Host Name . . . . . . . . . . . . : CTURNER-X200

    Primary Dns Suffix . . . . . . . : jnpr.net

    Node Type . . . . . . . . . . . . : Unknown

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No



    Ethernet adapter Wireless Network Connection:



    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN

    Physical Address. . . . . . . . . : 00-1E-65-25-8B-7A

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 0.0.0.0

    Subnet Mask . . . . . . . . . . . : 0.0.0.0

    Default Gateway . . . . . . . . . :

    DHCP Server . . . . . . . . . . . : 255.255.255.255

    NetBIOS over Tcpip. . . . . . . . : Disabled



    Ethernet adapter Local Area Connection:



    Media State . . . . . . . . . . . : Media disconnected

    Description . . . . . . . . . . . : Intel(R) 82567LM Gigabit Network Connection

    Physical Address. . . . . . . . . : 00-1F-16-21-AE-D6



    Ethernet adapter {7564E1B5-45FC-4EF4-848B-834E0B3AF82A}:



    Media State . . . . . . . . . . . : Media disconnected

    Description . . . . . . . . . . . : GoTrusted TAP Adapter - Teefer2 Miniport

    Physical Address. . . . . . . . . : 00-FF-75-64-E1-B5



    Ethernet adapter Network Connect Adapter:



    Media State . . . . . . . . . . . : Media disconnected

    Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter

    Physical Address. . . . . . . . . : 00-FF-98-9C-40-88

    Server: UnKnown
    Address: 127.0.0.1

    Ping request could not find host google.com. Please check the name and try again.

    Server: UnKnown
    Address: 127.0.0.1

    Ping request could not find host yahoo.com. Please check the name and try again.



    Pinging ¯ò with 32 BYTES of data:



    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



    Ping statistics for :

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x2 ...00 1e 65 25 8b 7a ...... Intel(R) WiFi Link 5100 AGN - Teefer2 Miniport
    0x3 ...00 1f 16 21 ae d6 ...... Intel(R) 82567LM Gigabit Network Connection - Teefer2 Miniport
    0x4 ...00 ff 75 64 e1 b5 ...... GoTrusted TAP Adapter - Teefer2 Miniport
    0x10006 ...00 ff 98 9c 40 88 ...... Juniper Network Connect Virtual Adapter - Teefer2 Miniport
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    255.255.255.255 255.255.255.255 255.255.255.255 10006 1
    255.255.255.255 255.255.255.255 255.255.255.255 2 1
    255.255.255.255 255.255.255.255 255.255.255.255 3 1
    255.255.255.255 255.255.255.255 255.255.255.255 4 1
    ===========================================================================
    Persistent Routes:
    None

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (11/08/2011 04:52:49 PM) (Source: AutoEnrollment) (User: )
    Description: Automatic certificate enrollment for JNPR\cturner failed to contact the active directory (0x800704cf). The network location cannot be reached. For information about network troubleshooting, see Windows Help.
    Enrollment will not be performed.

    Error: (11/08/2011 04:51:39 PM) (Source: UserInit) (User: )
    Description: Could not execute the following script \\jnpr.net\NETLOGON\ClientTechnologyGroup\CTG_UserLogonScript.vbs. The network location cannot be reached. For information about network troubleshooting, see Windows Help.
    .

    Error: (11/08/2011 04:51:37 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
    Description: Windows cannot obtain the domain controller name for your computer network. (The network location cannot be reached. For information about network troubleshooting, see Windows Help. ). Group Policy processing aborted.

    Error: (11/08/2011 04:51:15 PM) (Source: AutoEnrollment) (User: )
    Description: Automatic certificate enrollment for local system failed to contact the active directory (0x800704cf). The network location cannot be reached. For information about network troubleshooting, see Windows Help.
    Enrollment will not be performed.

    Error: (11/08/2011 04:51:15 PM) (Source: UserInit) (User: )
    Description: Could not execute the following script \\jnpr.net\NETLOGON\ClientTechnologyGroup\CTG_ComputerStartupScript.vbs. The network location cannot be reached. For information about network troubleshooting, see Windows Help.
    .

    Error: (11/08/2011 04:51:13 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
    Description: Windows cannot obtain the domain controller name for your computer network. (The network location cannot be reached. For information about network troubleshooting, see Windows Help. ). Group Policy processing aborted.

    Error: (11/08/2011 04:50:58 PM) (Source: JavaQuickStarterService) (User: )
    Description: Unable to create JQS API server: socket() failed (Socket error 10091)

    Error: (11/08/2011 04:23:23 PM) (Source: AutoEnrollment) (User: )
    Description: Automatic certificate enrollment for JNPR\cturner failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
    Enrollment will not be performed.

    Error: (11/08/2011 04:22:09 PM) (Source: UserInit) (User: )
    Description: Could not execute the following script \\jnpr.net\NETLOGON\ClientTechnologyGroup\CTG_UserLogonScript.vbs. The network location cannot be reached. For information about network troubleshooting, see Windows Help.
    .

    Error: (11/08/2011 04:22:08 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
    Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.


    System errors:
    =============
    Error: (11/08/2011 04:55:43 PM) (Source: DCOM) (User: SYSTEM)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

    Error: (11/08/2011 04:54:16 PM) (Source: DCOM) (User: SYSTEM)
    Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

    Error: (11/08/2011 04:53:46 PM) (Source: Service Control Manager) (User: )
    Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952491 (0x8007276B).

    Error: (11/08/2011 04:53:46 PM) (Source: DCOM) (User: SYSTEM)
    Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

    Error: (11/08/2011 04:53:16 PM) (Source: Service Control Manager) (User: )
    Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952491 (0x8007276B).

    Error: (11/08/2011 04:53:16 PM) (Source: DCOM) (User: SYSTEM)
    Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

    Error: (11/08/2011 04:52:46 PM) (Source: Service Control Manager) (User: )
    Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952491 (0x8007276B).

    Error: (11/08/2011 04:52:46 PM) (Source: DCOM) (User: SYSTEM)
    Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

    Error: (11/08/2011 04:52:16 PM) (Source: Service Control Manager) (User: )
    Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952491 (0x8007276B).

    Error: (11/08/2011 04:52:16 PM) (Source: DCOM) (User: SYSTEM)
    Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.


    Microsoft Office Sessions:
    =========================
    Error: (09/30/2011 11:04:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 25815 seconds with 600 seconds of active time. This session ended with a crash.

    Error: (07/20/2011 08:15:35 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 945 seconds with 120 seconds of active time. This session ended with a crash.

    Error: (06/21/2011 05:51:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 3572 seconds with 2100 seconds of active time. This session ended with a crash.

    Error: (06/10/2011 10:08:20 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3269 seconds with 60 seconds of active time. This session ended with a crash.

    Error: (06/02/2011 10:36:33 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 95337 seconds with 7320 seconds of active time. This session ended with a crash.

    Error: (06/01/2011 08:07:24 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 5645 seconds with 3000 seconds of active time. This session ended with a crash.

    Error: (04/13/2011 11:36:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 261160 seconds with 7260 seconds of active time. This session ended with a crash.

    Error: (03/27/2011 08:13:59 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4083 seconds with 3780 seconds of active time. This session ended with a crash.

    Error: (03/11/2011 05:09:25 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 239801 seconds with 2280 seconds of active time. This session ended with a crash.

    Error: (02/07/2011 05:46:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 735 seconds with 180 seconds of active time. This session ended with a crash.


    ========================= Memory info: ===================================

    Percentage of memory in use: 56%
    Total physical RAM: 1943.92 MB
    Available physical RAM: 850.17 MB
    Total Pagefile: 3731.27 MB
    Available Pagefile: 2904.15 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1994.03 MB

    ========================= Partitions: =====================================

    1 Drive c: (Local Disk) (Fixed) (Total:232.88 GB) (Free:151.59 GB) NTFS
    2 Drive d: () (Removable) (Total:3.81 GB) (Free:3.74 GB) FAT32

    ========================= Users: ========================================

    User accounts for \\CTURNER-X200

    Administrator ASPNET Guest
    HelpAssistant jadmin SUPPORT_388945a0


    **** End of log ****
    combofix log :


    ComboFix 11-11-08.02 - cturner 11/09/2011 10:35:29.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1944.1385 [GMT -6:00]
    Running from: c:\documents and settings\cturner\Desktop\ComboFix.exe
    AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\cturner\My Documents\~WRL1605.tmp
    c:\documents and settings\cturner\My Documents\ppt415.tmp
    c:\documents and settings\cturner\Recent\Thumbs.db
    C:\install.exe
    c:\program files\Search Toolbar
    c:\program files\Search Toolbar\icon.ico
    c:\program files\Search Toolbar\SearchToolbar.dll
    c:\program files\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files\Search Toolbar\SearchToolbarUpdater.exe
    c:\windows\$NtUninstallKB42965$
    c:\windows\$NtUninstallKB42965$\2826694737\@
    c:\windows\$NtUninstallKB42965$\2826694737\L\pmouqyoi
    c:\windows\$NtUninstallKB42965$\2826694737\loader.tlb
    c:\windows\$NtUninstallKB42965$\2826694737\U\@00000001
    c:\windows\$NtUninstallKB42965$\2826694737\U\@000000c0
    c:\windows\$NtUninstallKB42965$\2826694737\U\@000000cb
    c:\windows\$NtUninstallKB42965$\2826694737\U\@000000cf
    c:\windows\$NtUninstallKB42965$\2826694737\U\@80000000
    c:\windows\$NtUninstallKB42965$\2826694737\U\@800000c0
    c:\windows\$NtUninstallKB42965$\2826694737\U\@800000cb
    c:\windows\$NtUninstallKB42965$\2826694737\U\@800000cf
    c:\windows\$NtUninstallKB42965$\541119706
    c:\windows\system32\
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-09 to 2011-11-09 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-08 18:57 . 2011-11-08 18:57--------d-----w-c:\documents and settings\cturner\Application Data\Malwarebytes
    2011-11-08 18:56 . 2011-11-08 18:56--------d-----w-c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-11-08 18:56 . 2011-08-31 23:0022216----a-w-c:\windows\system32\drivers\mbam.sys
    2011-11-08 18:56 . 2011-11-08 18:56--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2011-11-08 18:35 . 2011-11-08 18:35--------d-----w-c:\documents and settings\cturner\Application Data\SUPERAntiSpyware.com
    2011-11-08 18:34 . 2011-11-08 18:35--------d-----w-c:\program files\SUPERAntiSpyware
    2011-11-08 18:34 . 2011-11-08 18:34--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-11-07 22:50 . 2011-11-07 22:50--------d-----w-c:\documents and settings\Administrator\Application Data\Windows Search
    2011-10-31 22:08 . 2011-10-31 22:08--------d-----w-c:\documents and settings\cturner\.swt
    2011-10-25 18:32 . 2011-10-25 18:32--------d-----w-c:\program files\iPod
    2011-10-25 18:24 . 2011-10-25 18:24--------d-----w-c:\program files\Bonjour
    2011-10-14 01:40 . 2011-10-14 01:40--------d-----w-c:\windows\ms
    2011-10-14 01:32 . 2011-10-14 01:32--------d-----w-c:\windows\system32\wbem\Repository
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-02 22:52 . 2010-05-05 09:5760808----a-w-c:\windows\system32\S32EVNT1.DLL
    2011-11-02 22:52 . 2010-05-05 09:57125488----a-w-c:\windows\system32\drivers\SYMEVENT.SYS
    2011-09-26 16:41 . 2010-05-05 10:41220160----a-w-c:\windows\system32\oleacc.dll
    2011-09-26 16:41 . 2008-07-30 01:59611328----a-w-c:\windows\system32\uiautomationcore.dll
    2011-09-26 16:41 . 2010-05-05 10:4120480----a-w-c:\windows\system32\oleaccrc.dll
    2011-09-06 13:20 . 2010-05-05 10:411858944----a-w-c:\windows\system32\win32k.sys
    2011-09-03 10:17 . 2010-05-05 10:40599040----a-w-c:\windows\system32\crypt32.dll
    2011-08-30 22:05 . 2011-08-30 22:0583816----a-w-c:\windows\system32\dns-sd.exe
    2011-08-30 22:05 . 2011-08-30 22:0573064----a-w-c:\windows\system32\dnssd.dll
    2011-08-30 22:05 . 2011-08-30 22:0550536----a-w-c:\windows\system32\jdns_sd.dll
    2011-08-30 22:05 . 2011-08-30 22:05178536----a-w-c:\windows\system32\dnssdX.dll
    2011-08-24 16:15 . 2011-05-20 22:24404640----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-08-22 23:48 . 2010-05-05 10:41916480----a-w-c:\windows\system32\wininet.dll
    2011-08-22 23:48 . 2010-05-05 10:4043520----a-w-c:\windows\system32\licmgr10.dll
    2011-08-22 23:48 . 2010-05-05 10:401469440----a-w-c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56 . 2010-05-05 10:40385024----a-w-c:\windows\system32\html.iec
    2011-08-17 13:49 . 2010-05-05 10:40138496----a-w-c:\windows\system32\drivers\afd.sys
    2011-10-04 02:57 . 2011-05-06 17:05134104----a-w-c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2011-01-17 21:54175912----a-w-c:\program files\Vuze_Remote\prxtbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "COMMUNICATOR"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2007-12-06 3900936]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 4615552]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-05 185896]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-05-09 115624]
    "TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2008-03-04 92960]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
    "OdTray.exe"="c:\program files\Juniper Networks\Odyssey Access Client\OdTray.exe" [2010-02-19 955760]
    "TpShocks"="TpShocks.exe" [2009-12-11 337256]
    "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-03-03 513384]
    "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-04-16 61728]
    "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "StartSecurDoc"="c:\program files\WinMagic\SecureDoc-NT\SDPin.exe" [2008-09-12 1945600]
    "Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-03 136216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-03 170008]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-03 145432]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2007-12-06 3900936]
    "GoTrusted"="c:\program files\GoTrusted.com\GoTrusted Secure Tunnel v2.3.1.5\GoTrusted Secure Tunnel.exe" [2011-08-23 193096]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "MaxGPOScriptWait"= 300 (0x12c)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoWelcomeScreen"= 1 (0x1)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMMyPictures"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)
    "NoPropertiesRecycleBin"= 1 (0x1)
    "NoSimpleStartMenu"= 0 (0x0)
    "ForceStartMenuLogOff"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoStartMenuMyMusic"= 1 (0x1)
    "NoPublishingWizard"= 1 (0x1)
    "NoWebServices"= 1 (0x1)
    "NoOnlinePrintsWizard"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54551296----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
    2010-06-30 23:03202096----a-w-c:\windows\system32\odyEvent.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1482476501-2000478354-682003330-197641\Scripts\Logon\0\0]
    "Script"=\\jnpr.net\NETLOGON\ClientTechnologyGroup\CTG_UserLogonScript.vbs
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
    "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
    "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [6/30/2010 5:10 PM 24304]
    R0 mv64xx;mv64xx;c:\windows\system32\drivers\mv64xx.sys [5/5/2010 5:27 AM 277032]
    R0 odFips;odFips;c:\windows\system32\drivers\odFIPS.sys [2/18/2010 6:37 PM 9856]
    R0 odFips2;odFips2;c:\windows\system32\drivers\odFIPS2.sys [2/18/2010 6:37 PM 282496]
    R0 PinFile;PinFile;c:\windows\system32\drivers\PinFile.sys [10/30/2007 5:55 PM 11776]
    R0 SDDisk2K;WinMagic SecureDoc;c:\windows\system32\drivers\SDDisk2K.sys [7/29/2008 3:44 PM 144128]
    R0 SDDToki;WinMagic SecureDoc Encryption Engine;c:\windows\system32\drivers\SDDToki.sys [7/29/2008 2:41 PM 109696]
    R0 SDDVD;WinMagic SecureDoc Removable Media Encryptor;c:\windows\system32\drivers\SDDVD.sys [7/29/2008 2:41 PM 67840]
    R0 SDUPC;WinMagic SecureDoc USB Driver;c:\windows\system32\drivers\SDUPC.sys [12/12/2007 4:49 PM 9728]
    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/9/2009 1:10 PM 20520]
    R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [5/5/2010 4:41 AM 17584]
    R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [7/8/2009 11:41 AM 13480]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
    R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [6/30/2010 5:10 PM 132456]
    R2 EraserSvc11113;Symantec Eraser Service;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [5/9/2011 9:30 AM 108456]
    R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [11/12/2009 7:59 PM 132392]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/8/2011 12:56 PM 366152]
    R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [6/30/2010 5:10 PM 53248]
    R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [4/8/2010 2:16 PM 63928]
    R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [3/9/2011 10:07 AM 240640]
    R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [3/9/2011 10:18 AM 1062912]
    R2 WinMagic SecureDoc Service;WinMagic SecureDoc Service;c:\program files\WinMagic\SecureDoc-NT\SDService.exe [9/12/2008 5:47 PM 212992]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [6/30/2010 5:10 PM 238736]
    R3 EacService;Juniper TNC Endpoint Assessment;c:\program files\Common Files\Juniper Networks\TNC Client\jTnccService.exe [2/18/2010 6:52 PM 136560]
    R3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys [3/18/2008 3:23 PM 20480]
    R3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna.sys [2/16/2010 4:39 PM 420264]
    R3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;c:\windows\system32\drivers\jnprvamgr.sys [2/16/2010 4:39 PM 29312]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/8/2011 12:56 PM 22216]
    R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [6/30/2010 5:09 PM 22568]
    S0 fxlj;fxlj;c:\windows\system32\drivers\jrnrhj.sys --> c:\windows\system32\drivers\jrnrhj.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/4/2010 8:39 PM 136176]
    S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [4/8/2010 2:16 PM 45496]
    S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe --> c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [?]
    S2 WDSC;WD File Management Shadow Engine;"c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe" --> c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [?]
    S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [9/21/2006 9:19 AM 347648]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/4/2010 8:39 PM 136176]
    S3 jnprva;Juniper Networks Virtual Adapter Service;c:\windows\system32\drivers\jnprva.sys [2/16/2010 4:39 PM 12288]
    S3 tpflhlp;tpflhlp;\??\c:\windows\Temp\JNPRBI~1\tpflhlp.sys --> c:\windows\Temp\JNPRBI~1\tpflhlp.sys [?]
    S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [5/5/2010 4:38 AM 22448]
    S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [5/5/2010 4:38 AM 29232]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 3:06 PM 11520]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [5/5/2010 4:41 AM 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRMREG_MULTI_SZ WINRM
    HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPServiceREG_MULTI_SZ HPSLPSVC
    hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
    .
    2011-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-05 02:39]
    .
    2011-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-05 02:39]
    .
    2011-11-09 c:\windows\Tasks\PMTask.job
    - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-06-30 00:20]
    .
    2011-11-09 c:\windows\Tasks\User_Feed_Synchronization-{CD8B90E7-73A6-4B6C-A518-9731ECE6CE9D}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www-int.juniper.net/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
    Trusted Zone: microsoft.com
    FF - ProfilePath - c:\documents and settings\cturner\Application Data\Mozilla\Firefox\Profiles\fk2rldz9.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - prefs.js: network.proxy.type - 1
    .
    .
    ------- File Associations -------
    .
    vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
    vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
    jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    WebBrowser-{4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - (no file)
    HKCU-Run-Privacy Protection - c:\documents and settings\All Users\Application Data\privacy.exe
    SafeBoot-Symantec Antvirus
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-09 10:54
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
    "value"="?\09\02\06\177\00?"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1888)
    c:\windows\system32\odyGina.dll
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\odyEvent.dll
    c:\windows\system32\msi.dll
    .
    - - - - - - - > 'explorer.exe'(3996)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ibmpmsvc.exe
    c:\program files\Juniper Networks\Odyssey Access Client\odClientService.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\CCM\CcmExec.exe
    c:\program files\Juniper Networks\Common Files\dsNcService.exe
    c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\program files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\windows\system32\msiexec.exe
    c:\program files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
    c:\windows\system32\TpShocks.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Lenovo\HOTKEY\TPONSCR.exe
    c:\program files\Lenovo\Zoom\TpScrex.exe
    c:\windows\system32\igfxext.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\WinMagic\SecureDoc-NT\WMPUCmd.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-09 11:01:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-09 17:01
    .
    Pre-Run: 162,624,847,872 bytes free
    Post-Run: 163,043,237,888 bytes free
    .
    - - End Of File - - 296FE87F14CE2754220021FF7AC1FA77
    I specifically asked you not to run any programs unless I ask for them. Please delete ComboFix from your desktop.

    P2P - I see you have P2P software installed on your machine. (Vuze) We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

    I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
    *******************************************
    Please go to Jotti's malware scan
    (If more than one file needs scanned they must be done separately and links posted for each one)

    * Copy the file path in the below Code box:

    Code: [Select]c:\windows\system32\drivers\jrnrhj.sys
    * At the upload site, click once inside the window next to Browse.
    * Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
    * Next click Submit file
    * Your file will possibly be entered into a queue which normally takes less than a minute to clear.
    * This will perform a scan across multiple different virus scanning engines.
    * Important: Wait for all of the scanning engines to complete.
    * Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
    ************************************************************
    Please download ComboFix from BleepingComputer.com

    Alternate link: GeeksToGo.com

    and save it to your Desktop.
    It would be EASIEST to download using Internet Explorer.
    If you want to use Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
    Double click ComboFix.exe & follow the prompts.
    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


    Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

    If you have problems with ComboFix usage, see How to use ComboFixSuperDave
    P2p and CpmboFix deleted.

    As for Jotti's site, Not sure I can do that. Remember I have no internet access on the machine with the virus. I take it from the Combofix scan it was a "rootkill virus"

    So given that please advise the next step you want me to follow?

    New download of the combofix then run it or is there an offline version of the Jotti program?
    Thanks. Quote
    So given that please advise the next step you want me to follow?

    New download of the combofix then run it or is there an offline version of the Jotti program?
    Sorry. The MiniToolBox showed that the signal is going through.
    Please download and run ComboFix. Be sure to install the Recovery Console.
    Discussion
    196.

    Solve : new computer virus?

    Answer»

    Please Boot to the System Recovery Options
    If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
    It's possible also that your computer has a pre-installed recovery partition instead - in such a CASE use a method one (by pressing F8 before Windows starts loading)...

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt

    Choose Command Prompt
    You should see X:\SOURCES>...

    Execute the following COMMANDS in bold.
    Press Enter after every one of them.

    bootrec /fixmbr (<--- there is a "space" after "bootrec")

    exit

    Restart computer.

    Post new aswMBR log.
    okay so i tried downloading asw mbr again , wouldn t open up on desktop " not a win32 application". So i put the aswmbr on a stick and ran it from there . everytime i try to download anything to my desktop when I try to run it it says " not a win 32 application" here is the log


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-07 20:17:09
    -----------------------------
    20:17:09.799 OS Version: Windows x64 6.1.7601 Service Pack 1
    20:17:09.799 Number of processors: 2 586 0x100
    20:17:09.814 ComputerName: YOGABORN-HP UserName: Yogaborn
    20:17:13.933 Initialize success
    20:17:36.742 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000072
    20:17:36.758 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 11
    20:17:38.802 Disk 0 MBR read successfully
    20:17:38.802 Disk 0 MBR scan
    20:17:38.817 Disk 0 Windows 7 default MBR code
    20:17:38.817 Service scanning
    20:17:41.422 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    20:17:42.000 Service Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys **LOCKED** 32
    20:17:42.670 Modules scanning
    20:17:42.670 Disk 0 trace - called modules:
    20:17:42.702 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
    20:17:42.717 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002427410]
    20:17:42.733 3 CLASSPNP.SYS[fffff88001b8c43f] -> nt!IofCallDriver -> [0xfffffa800230eac0]
    20:17:42.748 5 amd_xata.sys[fffff88001111900] -> nt!IofCallDriver -> \Device\00000072[0xfffffa8001dfa250]
    20:17:43.294 Scan FINISHED successfully
    20:18:54.087 Disk 0 MBR has been saved successfully to "C:\Users\Yogaborn\Desktop\MBR.dat"
    20:18:54.118 The log file has been saved successfully to "C:\Users\Yogaborn\Desktop\aswMBR.txt"

    hope this helps forgot to say , i did reboot into system recovery options
    choose command propmpt

    got x:\ windows \systems32

    not x:\sources>..
    still ran bootrec/fixmbr

    said operation completed successfully

    aswmbe still would nor run from desk top

    thank you Try a repair install. XPrepairinstallI'm a little confused , I have windows seven on this computer , why do an XP repair?Quote
    I'm a little confused , I have windows seven on this computer , why do an xp repair?
    Sorry. Incorrect link. Please try this link.What if i do not have a windows seven installation dvd ? I don't believe I was given one , the computer was just loaded with windows seven when i bought it .You can create an OS DVD by downloading Windows 7 from this site. You will need an ISO Burner to create the DVD.
    CDBurnerXP works on all operating systems from Microsoft Windows 2000 SP4 onwards.
    Discussion
    197.

    Solve : virus but viral removal tools cant seem to find it?

    Answer»

    do i need to stop windows defender and zone alarm for this? Many thanks Eset didnt offer me to save any file as it found nothing at all and just said close and uninstallHow's the computer running now? Any other issues before we CLEAN up?computer running well no issues now - can i ask what it was? and also say a big thank you for helping me sort it Quote

    can i ask what it was? and also say a big thank you for helping me sort it
    Thank you but I don't want to discuss this in an open forum.
    Let's do some cleanup.

    To uninstall ComboFix

    • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
    • In the field, type in ComboFix /uninstall


    (Note: Make sure there's a space between the word ComboFix and the forward-slash.)

    • Then, press Enter, or click OK.
    • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
    ************************************************
    To remove all of the tools we USED and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    **************************************************
    Clean out your temporary internet files and temp files.

    Download TFC by OldTimer to your desktop.

    Double-click TFC.exe to run it.

    Note: If you are running on Vista, right-click on the file and choose Run As Administrator

    TFC will close all programs when run, so make sure you have saved all your work before you begin.

    * Click the Start button to begin the cleaning process.
    * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
    * Please let TFC run uninterrupted until it is finished.

    Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
    ***************************************************
    Go to Microsoft Windows Update and get all critical updates.

    ----------

    I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, VIRUSES and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

    SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
    * Using SpywareBlaster to protect your computer from Spyware and Malware
    * If you don't know what ActiveX controls are, see here

    Protect yourself against spyware using the Immunize feature in SPYBOT - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

    Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

    Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
    Safe Surfing!have cleaned up and added the extra security you suggest many thanks You're welcome. I will lock this thread. If you need it re-opened, please SEND me a pm.
    Discussion
    198.

    Solve : Malaware or virus on my computer again ;(?

    Answer»

    Please download TDSSKiller from here and save it to your Desktop.

    • Doubleclick TDSSKiller.exe to run the tool
    • Click the Start Scan button (If prompted with a "hidden service warning" do go AHEAD and delete it.)

    • After the scan has finished, click the Close button
    • Click the Report button and copy/paste the contents of it into your next reply
    • Note:It will also create a log in the C:\ directory.
    TDSSKiller log :

    23:31:38.0487 25460TDSS ROOTKIT removing tool 2.6.19.0 Nov 16 2011 12:18:50
    23:31:38.0703 25460============================================================
    23:31:38.0703 25460Current date / time: 2011/11/18 23:31:38.0703
    23:31:38.0703 25460SystemInfo:
    23:31:38.0703 25460
    23:31:38.0703 25460OS Version: 6.0.6002 ServicePack: 2.0
    23:31:38.0703 25460Product type: Workstation
    23:31:38.0703 25460ComputerName: JENZO-PC
    23:31:38.0703 25460UserName: Jenzo
    23:31:38.0703 25460Windows directory: C:\Windows
    23:31:38.0703 25460System windows directory: C:\Windows
    23:31:38.0703 25460Processor architecture: Intel x86
    23:31:38.0703 25460Number of processors: 4
    23:31:38.0703 25460Page size: 0x1000
    23:31:38.0703 25460Boot type: Normal boot
    23:31:38.0703 25460============================================================
    23:31:39.0381 25460Initialize success
    23:31:55.0225 26052============================================================
    23:31:55.0226 26052Scan started
    23:31:55.0226 26052Mode: Manual;
    23:31:55.0226 26052============================================================
    23:31:55.0631 26052ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    23:31:55.0633 26052ACPI - ok
    23:31:55.0686 26052adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    23:31:55.0688 26052adp94xx - ok
    23:31:55.0708 26052adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    23:31:55.0710 26052adpahci - ok
    23:31:55.0732 26052adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    23:31:55.0733 26052adpu160m - ok
    23:31:55.0756 26052adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    23:31:55.0757 26052adpu320 - ok
    23:31:55.0841 26052AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    23:31:55.0843 26052AFD - ok
    23:31:55.0879 26052agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    23:31:55.0879 26052agp440 - ok
    23:31:55.0906 26052aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    23:31:55.0907 26052aic78xx - ok
    23:31:55.0925 26052aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    23:31:55.0925 26052aliide - ok
    23:31:55.0939 26052amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    23:31:55.0940 26052amdagp - ok
    23:31:55.0995 26052amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    23:31:55.0996 26052amdide - ok
    23:31:56.0015 26052AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    23:31:56.0016 26052AmdK7 - ok
    23:31:56.0027 26052AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    23:31:56.0028 26052AmdK8 - ok
    23:31:56.0080 26052arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    23:31:56.0080 26052arc - ok
    23:31:56.0146 26052arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    23:31:56.0147 26052arcsas - ok
    23:31:56.0262 26052AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    23:31:56.0262 26052AsyncMac - ok
    23:31:56.0292 26052atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    23:31:56.0293 26052atapi - ok
    23:31:56.0326 26052avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
    23:31:56.0327 26052avgntflt - ok
    23:31:56.0348 26052avipbb (912d23140cd05980f6cdae790ddafc8d) C:\Windows\system32\DRIVERS\avipbb.sys
    23:31:56.0349 26052avipbb - ok
    23:31:56.0360 26052avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
    23:31:56.0360 26052avkmgr - ok
    23:31:56.0441 26052Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    23:31:56.0442 26052Beep - ok
    23:31:56.0460 26052blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    23:31:56.0461 26052blbdrive - ok
    23:31:56.0487 26052bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    23:31:56.0488 26052bowser - ok
    23:31:56.0511 26052BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    23:31:56.0512 26052BrFiltLo - ok
    23:31:56.0521 26052BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    23:31:56.0522 26052BrFiltUp - ok
    23:31:56.0543 26052Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    23:31:56.0543 26052Brserid - ok
    23:31:56.0558 26052BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    23:31:56.0559 26052BrSerWdm - ok
    23:31:56.0619 26052BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    23:31:56.0620 26052BrUsbMdm - ok
    23:31:56.0642 26052BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    23:31:56.0642 26052BrUsbSer - ok
    23:31:56.0662 26052BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    23:31:56.0663 26052BTHMODEM - ok
    23:31:56.0743 26052catchme - ok
    23:31:56.0819 26052cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    23:31:56.0820 26052cdfs - ok
    23:31:56.0848 26052cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    23:31:56.0849 26052cdrom - ok
    23:31:56.0870 26052circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    23:31:56.0871 26052circlass - ok
    23:31:56.0891 26052CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    23:31:56.0893 26052CLFS - ok
    23:31:56.0942 26052cmdGuard (0a2e8cde40d6fd252f4a66558d6cd18d) C:\Windows\system32\DRIVERS\cmdguard.sys
    23:31:56.0944 26052cmdGuard - ok
    23:31:56.0996 26052cmdHlp (beb0da2bf48a8f7ad3c49e893936466c) C:\Windows\system32\DRIVERS\cmdhlp.sys
    23:31:56.0997 26052cmdHlp - ok
    23:31:57.0016 26052cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    23:31:57.0016 26052cmdide - ok
    23:31:57.0049 26052Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
    23:31:57.0050 26052Compbatt - ok
    23:31:57.0065 26052crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    23:31:57.0065 26052crcdisk - ok
    23:31:57.0082 26052Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    23:31:57.0083 26052Crusoe - ok
    23:31:57.0113 26052DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    23:31:57.0114 26052DfsC - ok
    23:31:57.0193 26052disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    23:31:57.0193 26052disk - ok
    23:31:57.0233 26052drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    23:31:57.0234 26052drmkaud - ok
    23:31:57.0267 26052DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    23:31:57.0271 26052DXGKrnl - ok
    23:31:57.0290 26052E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    23:31:57.0291 26052E1G60 - ok
    23:31:57.0334 26052Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    23:31:57.0336 26052Ecache - ok
    23:31:57.0406 26052elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    23:31:57.0408 26052elxstor - ok
    23:31:57.0432 26052ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    23:31:57.0432 26052ErrDev - ok
    23:31:57.0477 26052exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    23:31:57.0478 26052exfat - ok
    23:31:57.0515 26052fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    23:31:57.0516 26052fastfat - ok
    23:31:57.0587 26052fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    23:31:57.0587 26052fdc - ok
    23:31:57.0607 26052FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    23:31:57.0608 26052FileInfo - ok
    23:31:57.0628 26052Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    23:31:57.0629 26052Filetrace - ok
    23:31:57.0653 26052flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    23:31:57.0654 26052flpydisk - ok
    23:31:57.0676 26052FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    23:31:57.0677 26052FltMgr - ok
    23:31:57.0720 26052fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
    23:31:57.0721 26052fssfltr - ok
    23:31:57.0784 26052Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    23:31:57.0785 26052Fs_Rec - ok
    23:31:57.0793 26052FXDrv32 - ok
    23:31:57.0814 26052gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    23:31:57.0815 26052gagp30kx - ok
    23:31:57.0845 26052HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    23:31:57.0847 26052HdAudAddService - ok
    23:31:57.0888 26052HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    23:31:57.0891 26052HDAudBus - ok
    23:31:57.0956 26052HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    23:31:57.0957 26052HidBth - ok
    23:31:57.0977 26052HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    23:31:57.0977 26052HidIr - ok
    23:31:58.0035 26052HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    23:31:58.0036 26052HidUsb - ok
    23:31:58.0052 26052HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    23:31:58.0052 26052HpCISSs - ok
    23:31:58.0104 26052HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys
    23:31:58.0105 26052HTCAND32 - ok
    23:31:58.0172 26052htcnprot (52395a94c127c0266d1c0f3cce8a4345) C:\Windows\system32\DRIVERS\htcnprot.sys
    23:31:58.0173 26052htcnprot - ok
    23:31:58.0244 26052HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    23:31:58.0247 26052HTTP - ok
    23:31:58.0267 26052i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    23:31:58.0268 26052i2omp - ok
    23:31:58.0299 26052i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    23:31:58.0300 26052i8042prt - ok
    23:31:58.0317 26052iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    23:31:58.0319 26052iaStorV - ok
    23:31:58.0336 26052iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    23:31:58.0337 26052iirsp - ok
    23:31:58.0369 26052inspect (2c03538258729852d55f9f2b8906a8b9) C:\Windows\system32\DRIVERS\inspect.sys
    23:31:58.0370 26052inspect - ok
    23:31:58.0488 26052IntcAzAudAddService (8832e6be80edfd3afcf9241aa982ad3c) C:\Windows\system32\drivers\RTKVHDA.sys
    23:31:58.0500 26052IntcAzAudAddService - ok
    23:31:58.0521 26052intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    23:31:58.0522 26052intelide - ok
    23:31:58.0540 26052intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    23:31:58.0541 26052intelppm - ok
    23:31:58.0565 26052IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    23:31:58.0565 26052IpFilterDriver - ok
    23:31:58.0621 26052IpInIp - ok
    23:31:58.0643 26052IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    23:31:58.0643 26052IPMIDRV - ok
    23:31:58.0659 26052IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    23:31:58.0660 26052IPNAT - ok
    23:31:58.0685 26052irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
    23:31:58.0686 26052irda - ok
    23:31:58.0702 26052IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    23:31:58.0703 26052IRENUM - ok
    23:31:58.0721 26052irsir (5896b5ff6332ab2be1582523e9656a67) C:\Windows\system32\DRIVERS\irsir.sys
    23:31:58.0721 26052irsir - ok
    23:31:58.0740 26052isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    23:31:58.0740 26052isapnp - ok
    23:31:58.0761 26052iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    23:31:58.0762 26052iScsiPrt - ok
    23:31:58.0818 26052iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    23:31:58.0819 26052iteatapi - ok
    23:31:58.0830 26052iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    23:31:58.0831 26052iteraid - ok
    23:31:58.0848 26052kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    23:31:58.0849 26052kbdclass - ok
    23:31:58.0870 26052kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
    23:31:58.0871 26052kbdhid - ok
    23:31:58.0907 26052KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    23:31:58.0910 26052KSecDD - ok
    23:31:58.0930 26052lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    23:31:58.0931 26052lltdio - ok
    23:31:58.0958 26052LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    23:31:58.0959 26052LSI_FC - ok
    23:31:59.0021 26052LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    23:31:59.0022 26052LSI_SAS - ok
    23:31:59.0040 26052LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    23:31:59.0041 26052LSI_SCSI - ok
    23:31:59.0050 26052luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    23:31:59.0051 26052luafv - ok
    23:31:59.0079 26052MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
    23:31:59.0079 26052MBAMProtector - ok
    23:31:59.0113 26052megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    23:31:59.0114 26052megasas - ok
    23:31:59.0134 26052MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    23:31:59.0137 26052MegaSR - ok
    23:31:59.0206 26052Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    23:31:59.0206 26052Modem - ok
    23:31:59.0235 26052monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    23:31:59.0235 26052monitor - ok
    23:31:59.0246 26052mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    23:31:59.0247 26052mouclass - ok
    23:31:59.0263 26052mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
    23:31:59.0263 26052mouhid - ok
    23:31:59.0278 26052MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    23:31:59.0279 26052MountMgr - ok
    23:31:59.0295 26052mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    23:31:59.0296 26052mpio - ok
    23:31:59.0311 26052mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    23:31:59.0312 26052mpsdrv - ok
    23:31:59.0378 26052Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    23:31:59.0378 26052Mraid35x - ok
    23:31:59.0396 26052MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    23:31:59.0397 26052MRxDAV - ok
    23:31:59.0412 26052mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    23:31:59.0413 26052mrxsmb - ok
    23:31:59.0471 26052mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    23:31:59.0473 26052mrxsmb10 - ok
    23:31:59.0493 26052mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    23:31:59.0494 26052mrxsmb20 - ok
    23:31:59.0512 26052msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
    23:31:59.0512 26052msahci - ok
    23:31:59.0523 26052msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    23:31:59.0524 26052msdsm - ok
    23:31:59.0547 26052Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    23:31:59.0547 26052Msfs - ok
    23:31:59.0614 26052msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    23:31:59.0615 26052msisadrv - ok
    23:31:59.0650 26052MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    23:31:59.0651 26052MSKSSRV - ok
    23:31:59.0669 26052MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    23:31:59.0670 26052MSPCLOCK - ok
    23:31:59.0695 26052MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    23:31:59.0696 26052MSPQM - ok
    23:31:59.0720 26052MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    23:31:59.0723 26052MsRPC - ok
    23:31:59.0738 26052mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    23:31:59.0739 26052mssmbios - ok
    23:31:59.0801 26052MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    23:31:59.0802 26052MSTEE - ok
    23:31:59.0820 26052Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    23:31:59.0821 26052Mup - ok
    23:31:59.0854 26052NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    23:31:59.0855 26052NativeWifiP - ok
    23:31:59.0882 26052NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    23:31:59.0890 26052NDIS - ok
    23:31:59.0914 26052NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    23:31:59.0915 26052NdisTapi - ok
    23:31:59.0932 26052Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    23:31:59.0933 26052Ndisuio - ok
    23:31:59.0961 26052NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    23:31:59.0963 26052NdisWan - ok
    23:31:59.0981 26052NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    23:31:59.0982 26052NDProxy - ok
    23:31:59.0995 26052NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    23:31:59.0996 26052NetBIOS - ok
    23:32:00.0024 26052netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    23:32:00.0026 26052netbt - ok
    23:32:00.0090 26052nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    23:32:00.0091 26052nfrd960 - ok
    23:32:00.0109 26052Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    23:32:00.0110 26052Npfs - ok
    23:32:00.0135 26052nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    23:32:00.0136 26052nsiproxy - ok
    23:32:00.0166 26052Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    23:32:00.0172 26052Ntfs - ok
    23:32:00.0185 26052ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    23:32:00.0186 26052ntrigdigi - ok
    23:32:00.0194 26052Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    23:32:00.0195 26052Null - ok
    23:32:00.0386 26052nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    23:32:00.0550 26052nvlddmkm - ok
    23:32:00.0612 26052nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    23:32:00.0613 26052nvraid - ok
    23:32:00.0632 26052nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    23:32:00.0633 26052nvstor - ok
    23:32:00.0658 26052nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    23:32:00.0659 26052nv_agp - ok
    23:32:00.0666 26052NwlnkFlt - ok
    23:32:00.0675 26052NwlnkFwd - ok
    23:32:00.0690 26052ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    23:32:00.0691 26052ohci1394 - ok
    23:32:00.0723 26052Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
    23:32:00.0724 26052Parport - ok
    23:32:00.0754 26052partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    23:32:00.0755 26052partmgr - ok
    23:32:00.0816 26052Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
    23:32:00.0817 26052Parvdm - ok
    23:32:00.0847 26052pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    23:32:00.0848 26052pci - ok
    23:32:00.0860 26052pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    23:32:00.0862 26052pciide - ok
    23:32:00.0882 26052pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    23:32:00.0883 26052pcmcia - ok
    23:32:00.0913 26052PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    23:32:00.0919 26052PEAUTH - ok
    23:32:00.0983 26052pgfilter (2cf226173b467ab48f89d77e89936951) C:\Program Files\PeerGuardian2\pgfilter.sys
    23:32:00.0984 26052pgfilter - ok
    23:32:01.0074 26052PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    23:32:01.0075 26052PptpMiniport - ok
    23:32:01.0095 26052Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    23:32:01.0096 26052Processor - ok
    23:32:01.0128 26052PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    23:32:01.0130 26052PSched - ok
    23:32:01.0191 26052ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    23:32:01.0198 26052ql2300 - ok
    23:32:01.0232 26052ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    23:32:01.0233 26052ql40xx - ok
    23:32:01.0328 26052QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    23:32:01.0329 26052QWAVEdrv - ok
    23:32:01.0347 26052RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    23:32:01.0348 26052RasAcd - ok
    23:32:01.0360 26052Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    23:32:01.0361 26052Rasl2tp - ok
    23:32:01.0385 26052RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    23:32:01.0386 26052RasPppoe - ok
    23:32:01.0400 26052RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    23:32:01.0401 26052RasSstp - ok
    23:32:01.0417 26052rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    23:32:01.0419 26052rdbss - ok
    23:32:01.0433 26052RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    23:32:01.0434 26052RDPCDD - ok
    23:32:01.0513 26052rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    23:32:01.0514 26052rdpdr - ok
    23:32:01.0522 26052RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    23:32:01.0523 26052RDPENCDD - ok
    23:32:01.0547 26052RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    23:32:01.0548 26052RDPWD - ok
    23:32:01.0578 26052Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
    23:32:01.0579 26052Revoflt - ok
    23:32:01.0597 26052rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    23:32:01.0598 26052rspndr - ok
    23:32:01.0648 26052RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
    23:32:01.0649 26052RTL8169 - ok
    23:32:01.0713 26052SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    23:32:01.0714 26052SASDIFSV - ok
    23:32:01.0727 26052SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    23:32:01.0729 26052SASKUTIL - ok
    23:32:01.0797 26052sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    23:32:01.0798 26052sbp2port - ok
    23:32:01.0851 26052SDHookDriver (47dd7bb6b72a5f49e01f53597bcaeac7) C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys
    23:32:01.0851 26052SDHookDriver - ok
    23:32:01.0891 26052secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    23:32:01.0892 26052secdrv - ok
    23:32:01.0908 26052Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
    23:32:01.0909 26052Serenum - ok
    23:32:01.0925 26052Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
    23:32:01.0926 26052Serial - ok
    23:32:01.0940 26052sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    23:32:01.0941 26052sermouse - ok
    23:32:02.0017 26052sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    23:32:02.0018 26052sffdisk - ok
    23:32:02.0033 26052sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    23:32:02.0034 26052sffp_mmc - ok
    23:32:02.0055 26052sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    23:32:02.0056 26052sffp_sd - ok
    23:32:02.0071 26052sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    23:32:02.0073 26052sfloppy - ok
    23:32:02.0099 26052sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    23:32:02.0100 26052sisagp - ok
    23:32:02.0111 26052SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    23:32:02.0112 26052SiSRaid2 - ok
    23:32:02.0131 26052SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    23:32:02.0132 26052SiSRaid4 - ok
    23:32:02.0160 26052Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    23:32:02.0161 26052Smb - ok
    23:32:02.0246 26052spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    23:32:02.0247 26052spldr - ok
    23:32:02.0274 26052srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    23:32:02.0276 26052srv - ok
    23:32:02.0307 26052srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    23:32:02.0308 26052srv2 - ok
    23:32:02.0319 26052srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    23:32:02.0321 26052srvnet - ok
    23:32:02.0363 26052ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
    23:32:02.0363 26052ssmdrv - ok
    23:32:02.0450 26052swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    23:32:02.0451 26052swenum - ok
    23:32:02.0465 26052Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    23:32:02.0466 26052Symc8xx - ok
    23:32:02.0477 26052Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    23:32:02.0478 26052Sym_hi - ok
    23:32:02.0505 26052Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    23:32:02.0506 26052Sym_u3 - ok
    23:32:02.0589 26052SysProtDrv.sys (7d5b6655442dbcf5e3b86a134ab90584) C:\Users\Jenzo\Desktop\SysProt\SysProt\SysProtDrv.sys
    23:32:02.0590 26052SysProtDrv.sys - ok
    23:32:02.0669 26052Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
    23:32:02.0674 26052Tcpip - ok
    23:32:02.0697 26052Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
    23:32:02.0702 26052Tcpip6 - ok
    23:32:02.0729 26052tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    23:32:02.0729 26052tcpipreg - ok
    23:32:02.0763 26052TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    23:32:02.0764 26052TDPIPE - ok
    23:32:02.0779 26052TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    23:32:02.0780 26052TDTCP - ok
    23:32:02.0842 26052tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    23:32:02.0843 26052tdx - ok
    23:32:02.0874 26052TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    23:32:02.0875 26052TermDD - ok
    23:32:02.0910 26052tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    23:32:02.0911 26052tssecsrv - ok
    23:32:02.0934 26052tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    23:32:02.0935 26052tunmp - ok
    23:32:02.0968 26052tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
    23:32:02.0969 26052tunnel - ok
    23:32:03.0010 26052uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    23:32:03.0011 26052uagp35 - ok
    23:32:03.0037 26052udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    23:32:03.0038 26052udfs - ok
    23:32:03.0063 26052uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    23:32:03.0064 26052uliagpkx - ok
    23:32:03.0091 26052uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    23:32:03.0092 26052uliahci - ok
    23:32:03.0103 26052UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    23:32:03.0104 26052UlSata - ok
    23:32:03.0117 26052ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    23:32:03.0118 26052ulsata2 - ok
    23:32:03.0151 26052umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    23:32:03.0151 26052umbus - ok
    23:32:03.0202 26052USBAAPL - ok
    23:32:03.0254 26052usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    23:32:03.0254 26052usbccgp - ok
    23:32:03.0271 26052usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    23:32:03.0272 26052usbcir - ok
    23:32:03.0315 26052usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    23:32:03.0316 26052usbehci - ok
    23:32:03.0335 26052usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    23:32:03.0336 26052usbhub - ok
    23:32:03.0362 26052usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    23:32:03.0363 26052usbohci - ok
    23:32:03.0406 26052usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    23:32:03.0408 26052usbprint - ok
    23:32:03.0420 26052USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    23:32:03.0421 26052USBSTOR - ok
    23:32:03.0430 26052usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    23:32:03.0431 26052usbuhci - ok
    23:32:03.0448 26052vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    23:32:03.0449 26052vga - ok
    23:32:03.0470 26052VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    23:32:03.0471 26052VgaSave - ok
    23:32:03.0490 26052viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    23:32:03.0491 26052viaagp - ok
    23:32:03.0505 26052ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    23:32:03.0506 26052ViaC7 - ok
    23:32:03.0526 26052viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    23:32:03.0528 26052viaide - ok
    23:32:03.0535 26052volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    23:32:03.0536 26052volmgr - ok
    23:32:03.0568 26052volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    23:32:03.0570 26052volmgrx - ok
    23:32:03.0620 26052volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    23:32:03.0622 26052volsnap - ok
    23:32:03.0644 26052vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    23:32:03.0645 26052vsmraid - ok
    23:32:03.0688 26052WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    23:32:03.0689 26052WacomPen - ok
    23:32:03.0738 26052Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    23:32:03.0739 26052Wanarp - ok
    23:32:03.0748 26052Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    23:32:03.0749 26052Wanarpv6 - ok
    23:32:03.0769 26052Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    23:32:03.0770 26052Wd - ok
    23:32:03.0828 26052Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    23:32:03.0831 26052Wdf01000 - ok
    23:32:03.0895 26052WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
    23:32:03.0896 26052WinUSB - ok
    23:32:03.0931 26052WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
    23:32:03.0933 26052WmiAcpi - ok
    23:32:03.0972 26052WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    23:32:03.0972 26052WpdUsb - ok
    23:32:03.0993 26052ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    23:32:03.0995 26052ws2ifsl - ok
    23:32:04.0042 26052WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    23:32:04.0043 26052WUDFRd - ok
    23:32:04.0103 26052xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
    23:32:04.0106 26052xnacc - ok
    23:32:04.0178 26052xusb21 (a640c90b007762939507c28a021be3b3) C:\Windows\system32\DRIVERS\xusb21.sys
    23:32:04.0179 26052xusb21 - ok
    23:32:04.0197 26052MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    23:32:04.0205 26052\Device\Harddisk0\DR0 - ok
    23:32:04.0209 26052Boot (0x1200) (d4ecd9e2925b6ab0a2e63e0f956db722) \Device\Harddisk0\DR0\Partition0
    23:32:04.0210 26052\Device\Harddisk0\DR0\Partition0 - ok
    23:32:04.0211 26052============================================================
    23:32:04.0211 26052Scan finished
    23:32:04.0211 26052============================================================
    23:32:04.0222 26036Detected object count: 0
    23:32:04.0222 26036Actual detected object count: 0
    Sorry SuperDave for all the time that you have tried to work out what was wrong . But i have RESTORED my computer wiped it CLEAN because it started to not even let me start new games that just got from shop, was getting slower & slower but kept saying nothing on the scans. So Thought that would that you help others that have stuff SHOWING up on their scan least you know what is there with mine you could not even tell what was making it go funy . NORMALLY you helped me so many times before with mine & sisters computer got them working but don't want to waste more of your time.

    Thanks for all the time & help you gave me ( think i have ever scanning tool on my desktop at the end )

    So now going to get all the anti virus & malaware that you use then hopefuly you will not see for for awhile

    ONCE AGAIN THANKS FOR EVERYTHING SuperDave & your Friend that looked over some of the scans
    ALL BEST FOR FURTURE & NEW YEAR Quote
    ONCE AGAIN THANKS FOR EVERYTHING SuperDave & your Friend that looked over some of the scans
    ALL BEST FOR FURTURE & NEW YEAR
    You're welcome. It's too bad you had to resort to wiping your drive. This one was a real puzzler. I will lock this thread. If you need it re-opened, please send me a pm.
    Discussion
    199.

    Solve : Avira antivir removal?

    Answer»

    Rooter.exe (v1.0.2) by Eric_71
    .
    SeDebugPrivilege granted successfully ...
    .
    Windows XP Home Edition (5.1.2600) Service Pack 3
    [32_bits] - x86 Family 15 Model 4 Stepping 1, GenuineIntel
    .
    [wscsvc] (Security Center) RUNNING (state:4)
    [SharedAccess] RUNNING (state:4)
    Windows Firewall -> Enabled
    .
    Internet Explorer 7.0.5730.11
    Mozilla Firefox 8.0 (en-GB)
    .
    C:\ [Fixed-NTFS] .. ( Total:71 Go - Free:46 Go )
    D:\ [CD_Rom]
    .
    Scan : 18:59.16
    Path : C:\Documents and Settings\rab\Desktop\Rooter.exe
    User : rab ( Administrator -> YES )
    .
    ----------------------\\ Processes
    .
    Locked [System Process] (0)
    ______ System (4)
    ______ \SystemRoot\System32\smss.exe (596)
    ______ \??\C:\WINDOWS\system32\csrss.exe (660)
    ______ \??\C:\WINDOWS\system32\winlogon.exe (684)
    ______ C:\WINDOWS\system32\services.exe (728)
    ______ C:\WINDOWS\system32\lsass.exe (740)
    ______ C:\WINDOWS\system32\svchost.exe (908)
    ______ C:\WINDOWS\system32\svchost.exe (984)
    ______ C:\Program Files\Windows Defender\MsMpEng.exe (1096)
    ______ C:\WINDOWS\System32\svchost.exe (1140)
    ______ C:\WINDOWS\system32\svchost.exe (1180)
    ______ C:\WINDOWS\system32\svchost.exe (1332)
    ______ C:\WINDOWS\system32\svchost.exe (1576)
    ______ C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1696)
    ______ C:\WINDOWS\system32\spoolsv.exe (440)
    ______ C:\WINDOWS\system32\svchost.exe (1796)
    ______ C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (1504)
    ______ C:\WINDOWS\system32\svchost.exe (996)
    ______ C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe (140)
    ______ C:\WINDOWS\system32\svchost.exe (652)
    ______ C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe (1168)
    ______ C:\Program Files\Canon\CAL\CALMAIN.exe (1452)
    ______ C:\WINDOWS\System32\alg.exe (2984)
    ______ C:\WINDOWS\system32\hkcmd.exe (1344)
    ______ C:\WINDOWS\system32\igfxpers.exe (1824)
    ______ C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (1552)
    ______ C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe (1400)
    ______ C:\WINDOWS\system32\rundll32.exe (2124)
    ______ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (2056)
    ______ C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe (2260)
    ______ C:\Program Files\AVAST Software\Avast\avastUI.exe (2288)
    ______ C:\WINDOWS\explorer.exe (1256)
    ______ C:\Program Files\Mozilla Firefox\firefox.exe (2220)
    ______ C:\Program Files\Mozilla Firefox\plugin-container.exe (2908)
    ______ C:\Documents and Settings\rab\Desktop\Rooter.exe (3236)
    .
    ----------------------\\ Device\Harddisk0\
    .
    \Device\Harddisk0 [Sectors : 63 x 512 Bytes]
    .
    \Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:41094144)
    \Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:41126400 | Length:76988620800)
    \Device\Harddisk0\Partition3 (Start_Offset:77037972480 | Length:2952875520)
    .
    ----------------------\\ Scheduled Tasks
    .
    C:\WINDOWS\Tasks\desktop.ini
    C:\WINDOWS\Tasks\MP Scheduled Scan.job
    C:\WINDOWS\Tasks\SA.DAT
    .
    ----------------------\\ Registry
    .
    .
    ----------------------\\ Files & Folders
    .
    ----------------------\\ Scan completed at 18:59.33
    .
    C:\Rooter$\Rooter_1.txt - (15/11/2011 | 18:59.33)Results of screen317's Security Check version 0.99.26
    Windows XP Service Pack 3 x86
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    avast! Free Antivirus
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    CCleaner (remove only)
    Java 2 Runtime Environment, SE v1.4.2_03
    Adobe Flash Player 11.1.102.55
    Mozilla Firefox (8.0.)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Windows Defender MSMpEng.exe
    Windows Defender MsMpEng.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastUI.exe
    ``````````End of Log```````````` I'd like to scan your machine with ESET OnlineScan

    •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
    •Click the button.
    •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
    •Check
    •Click the button.
    •Accept any security warnings from your browser.
    •Check
    •Push the Start button.
    •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    •When the scan completes, push
    •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this REPORT in your next reply.
    •Push the button.
    •Push
    A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
    Downloaded ESETSMARTINS onto desktop, carried out online scan, after about an HOUR and a half at end of scan it came up with ,
    no threats found
    no infected files

    but no list of found threats or export to text file just an advert type thing regarding spyware......should i try again.........ThanksQuote
    should i try again.........Thanks
    No. How's the computer working?Loaded up ok , no notifacations regarding AVG or ANTIVIR
    seems to be working ok. cheers.. ; Ok. Let's do some cleanup.

    To uninstall ComboFix

    • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
    • In the field, type in ComboFix /uninstall


    (Note: Make sure there's a space between the word ComboFix and the forward-slash.)

    • Then, press Enter, or click OK.
    • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
    ***********************************************
    Clean out your temporary internet files and temp files.

    Download TFC by OldTimer to your desktop.

    Double-click TFC.exe to run it.

    Note: If you are running on Vista, right-click on the file and choose Run As Administrator

    TFC will close all programs when run, so make sure you have saved all your work before you begin.

    * Click the Start button to begin the cleaning process.
    * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
    * Please let TFC run uninterrupted until it is finished.

    Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
    ***************************************************
    Go to Microsoft Windows Update and get all critical updates.
    ----------
    I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

    SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
    * Using SpywareBlaster to protect your computer from Spyware and Malware
    * If you don't know what ActiveX CONTROLS are, see here

    Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: USE Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

    Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

    Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
    Safe Surfing!Cheers................... Very well. I will lock this thread. If you need it re-opened, please send me a pm.
    Discussion
    200.

    Solve : I'm having severe issues with Vundo, Iexplorer constantly running?

    Answer»

    The results of this last log

    C:\Documents and Settings\David L\Desktop\loaristrojanremover.exea variant of Win32/1AntiVirus applicationdeleted - quarantined
    C:\Documents and Settings\David L\My Documents\New Folder\setup-ltr1236.exea variant of Win32/1AntiVirus applicationdeleted - quarantined
    C:\Documents and Settings\David L\My Documents\New Folder\setup-ltr1239.exea variant of Win32/1AntiVirus applicationdeleted - quarantined
    C:\Program Files\Loaris\Trojan Remover\ltr12.exea variant of Win32/1AntiVirus applicationcleaned by deleting - quarantined
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1724\A0247188.exea variant of Win32/1AntiVirus applicationcleaned by deleting - quarantined
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1766\A0252201.exea variant of Win32/1AntiVirus applicationcleaned by deleting - quarantined
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1775\A0253547.exea variant of Win32/1AntiVirus applicationcleaned by deleting - quarantined
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1775\A0253565.exea variant of Win32/1AntiVirus applicationdeleted - quarantined
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1806\A0265195.exea variant of Win32/InstallCore.D applicationcleaned by deleting - quarantined
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1811\A0270486.exeWin32/Adware.OpenInstall applicationcleaned by deleting - quarantined
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1815\A0273502.exeWin32/RegistryBooster applicationdeleted - quarantined
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1827\A0277747.exea variant of Win32/Adware.OpenInstall applicationcleaned by deleting - quarantined
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1839\A0283627.sysprobably a variant of Win32/Agent.JMJMETP trojancleaned by deleting - quarantined
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1843\A0283667.exea variant of Win32/1AntiVirus applicationdeleted - quarantined
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1843\A0283668.exea variant of Win32/1AntiVirus applicationcleaned by deleting - quarantined
    and it's still doing the same thing These issues? I'm having severe issues with Vundo, Iexplorer constantly running in background, searches in yahoo & google being hijackedcorrect...that was the original message. INTERNET explorer just continually shows up in the windows task manager even though I cancel it several times....and sends several files, cookies, ETC in my internet explorer which I continually have to clean out with the Piriform CCleaner program. Also, when I look up anything on yahoo or google re-directs me to a find answers.com search. That's been the issue this whole time.Please download aswMBR.exe ( 511KB ) to your desktop.

    Double click the aswMBR.exe to run it



    Click the "Scan" button to start scan

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



    On completion of the scan click save log, save it to your desktop and post in your next reply
    This program will not run on my computer. Similar to the tdsskiller.exe not working the other day.Let's try this one.

    Download the MBR Rootkit Detector to your desktop.

    * Doubleclick mbr.exe and follow prompts.
    * A black DOS window will quickly appear then disappear.
    * When mbr.exe is finished it will create a log on your desktop.
    * Copy and paste contents of that log file to your next reply.Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD1600JB-75GVC0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK


    this is all that came up with the MBRPlease download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

    Link 1
    Link 2
    Link 3

    •Double-click on MBRCheck.exe to run it.

    •It will open a black window...please do not fix anything (if it gives you an option).

    •When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

    •A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
    •Please copy and paste the contents of that log in your next reply.MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version:Windows XP Home Edition
    Windows Information:Service Pack 3 (build 2600)
    Logical Drives Mask:0x0000001c

    Kernel Drivers (TOTAL 147):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806EE000 \WINDOWS\system32\hal.dll
    0xF8D37000 \WINDOWS\system32\KDCOM.DLL
    0xF8C47000 \WINDOWS\system32\BOOTVID.dll
    0xF87E8000 ACPI.sys
    0xF8D39000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF87D7000 pci.sys
    0xF8837000 isapnp.sys
    0xF8DFF000 pciide.sys
    0xF8AB7000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF8D3B000 intelide.sys
    0xF8847000 MountMgr.sys
    0xF87B8000 ftdisk.sys
    0xF8ABF000 PartMgr.sys
    0xF8857000 VolSnap.sys
    0xF87A0000 atapi.sys
    0xF8867000 disk.sys
    0xF8877000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF8780000 fltmgr.sys
    0xF876E000 sr.sys
    0xF8887000 Lbd.sys
    0xF8758000 DRVMCDB.SYS
    0xF8897000 PxHelp20.sys
    0xF8741000 KSecDD.sys
    0xF872E000 WudfPf.sys
    0xF86A1000 Ntfs.sys
    0xF8674000 NDIS.sys
    0xF865A000 Mup.sys
    0xF8947000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF8536000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xF8522000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF8B57000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF84FE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF8B5F000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF84ED000 \SystemRoot\system32\DRIVERS\GA311ND5.SYS
    0xF84B9000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
    0xF8496000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF8397000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
    0xF82F0000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    0xF8B67000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF8957000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF8D33000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF82DC000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF8967000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF8D65000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
    0xF8977000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF8987000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF8997000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xF829C000 \SystemRoot\system32\drivers\smwdm.sys
    0xF8278000 \SystemRoot\system32\drivers\portcls.sys
    0xF89A7000 \SystemRoot\system32\drivers\drmk.sys
    0xF81C5000 \SystemRoot\system32\drivers\senfilt.sys
    0xF8EF0000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF89B7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF8625000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF81AE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF89C7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF89E7000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF8B6F000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF819D000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF89F7000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF8B77000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF8B7F000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF8A07000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF8B87000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF8B8F000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF8D69000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF8117000 \SystemRoot\system32\DRIVERS\update.sys
    0xF8611000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF33F0000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF3480000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF8D41000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF6D51000 \SystemRoot\system32\drivers\MODEMCSA.sys
    0xF4E39000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xB279D000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0xF27A6000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xF8A97000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xF508B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF8DC3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF8A27000 \SystemRoot\system32\DRIVERS\DcCam.sys
    0xB0586000 \SystemRoot\system32\DRIVERS\EXPORTIT.SYS
    0xF2F60000 \SystemRoot\System32\Drivers\Null.SYS
    0xF8DC5000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF8B9F000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
    0xF8BAF000 \SystemRoot\System32\drivers\vga.sys
    0xF8DC7000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF8DC9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF8BA7000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF8BB7000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB27C4000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB0553000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB04FA000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB04D2000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xF4E35000 \SystemRoot\System32\drivers\ws2ifsl.sys
    0xB01E2000 \SystemRoot\System32\drivers\afd.sys
    0xF8AA7000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF88B7000 \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys
    0xB01C0000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    0xF8BBF000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0xB0195000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB0125000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xAEBFE000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB9695E6-93B9-4CF1-B4CB-B5B97E79BDEF}\MpKsl7db636b9.sys
    0xAE392000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xAF3F5000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xAFEE5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xAF3E5000 \SystemRoot\System32\Drivers\Fips.SYS
    0xAFEDD000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xAF3B5000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xAE37A000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF33C5000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xAF9D8000 \SystemRoot\System32\drivers\Dxapi.sys
    0xAEBE6000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF2368000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF020000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF040000 \SystemRoot\System32\ialmdev5.DLL
    0xBF070000 \SystemRoot\System32\ialmdd5.DLL
    0xF8055000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
    0xF8045000 \SystemRoot\system32\drivers\dcfs2k.sys
    0xF8F74000 \SystemRoot\System32\DLA\DLADResN.SYS
    0xAE364000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
    0xF8D13000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
    0xB27FE000 \SystemRoot\System32\DLA\DLAPoolM.SYS
    0xAEBDE000 \SystemRoot\System32\DLA\DLABOIOM.SYS
    0xAE34C000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
    0xAE336000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
    0xB0204000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xAD19A000 \SystemRoot\system32\drivers\wdmaud.sys
    0xAEC2E000 \SystemRoot\system32\drivers\sysaudio.sys
    0xACDAF000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF8DAD000 \SystemRoot\System32\Drivers\ASCTRM.SYS
    0xF8DB1000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
    0xACE1C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xACC8F000 \SystemRoot\system32\DRIVERS\srv.sys
    0xAC5BE000 \SystemRoot\System32\Drivers\HTTP.sys
    0xACA57000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0xF8BF7000 \??\C:\DOCUME~1\DAVIDL~1\LOCALS~1\Temp\mbr.sys
    0xAC45E000 \SystemRoot\system32\DRIVERS\szkg.sys
    0xF7CF6000 \SystemRoot\system32\drivers\szkgfs.sys
    0xAA868000 \SystemRoot\system32\drivers\kmixer.sys
    0xF8D8B000 \SystemRoot\system32\DRIVERS\LANPkt.sys
    0xAF9E4000 \SystemRoot\System32\Drivers\Diag69xp.sys
    0xF8D99000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
    0xB0E4E000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{53FC6F7F-B052-49DB-BCC0-4F869AECA196}\MpKslb065ec8d.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 49):
    0 System Idle Process
    4 System
    576 C:\WINDOWS\system32\smss.exe
    648 csrss.exe
    672 C:\WINDOWS\system32\winlogon.exe
    716 C:\WINDOWS\system32\services.exe
    728 C:\WINDOWS\system32\lsass.exe
    900 C:\WINDOWS\system32\svchost.exe
    976 svchost.exe
    1072 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    1108 C:\WINDOWS\system32\svchost.exe
    1148 C:\WINDOWS\system32\svchost.exe
    1432 svchost.exe
    1612 svchost.exe
    1964 C:\WINDOWS\system32\spoolsv.exe
    1324 svchost.exe
    1388 C:\Program Files\SUPERAntiSpyware\SASCore.exe
    1416 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    1500 C:\WINDOWS\system32\svchost.exe
    1740 C:\Program Files\Java\jre7\bin\jqs.exe
    2092 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    2124 C:\WINDOWS\system32\svchost.exe
    2860 alg.exe
    3736 C:\WINDOWS\system32\hkcmd.exe
    3756 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    3816 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    3840 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    3856 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    3896 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    3984 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    4012 C:\Program Files\Microsoft Security Client\msseces.exe
    4052 C:\Program Files\DellSupport\DSAgnt.exe
    220 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    2644 C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
    2632 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    1020 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    3272 C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe
    3532 C:\WINDOWS\system32\dwwin.exe
    2136 C:\WINDOWS\system32\LEXPPS.EXE
    216 C:\WINDOWS\system32\LEXBCES.EXE
    3424 C:\WINDOWS\system32\wuauclt.exe
    140 C:\WINDOWS\system32\taskmgr.exe
    424 C:\Program Files\Mozilla Firefox\firefox.exe
    3300 C:\Program Files\Mozilla Firefox\plugin-container.exe
    2224 C:\Program Files\Mozilla Firefox\plugin-container.exe
    2232 C:\WINDOWS\system32\svchost.exe
    1336 C:\WINDOWS\explorer.exe
    3052 C:\Program Files\CCleaner\CCleaner.exe
    3912 C:\Documents and Settings\David L\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001b`27f4c800 (NTFS)

    PhysicalDrive0 Model Number: WDCWD1600JB-75GVC0, Rev: 08.02D08

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 MBR Code Faked!
    SHA1: B4B6B1E93E76CCFDFCAE6EA604FEB4717943141 3


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!Please give TDSSKiller another try. But you will have to rename it as in the following:

    •If TDSSKiller does not run, try renaming it.

    •To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.This might have actually fixed my problem. SINCE i've rebooted my computer after using the tdsskiller I haven't had iexplore come up in my task manager, and it appears my redirecting problem might be fixed also. Thanks. If I end up having anymore issues i'll get back with you. Quote

    If I end up having anymore issues i'll get back with you.

    We may as well do some cleanup now.

    To uninstall ComboFix

    • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
    • In the field, type in ComboFix /uninstall


    (Note: Make sure there's a space between the word ComboFix and the forward-slash.)

    • Then, press Enter, or click OK.
    • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
    ************************************************
    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    ***************************************************
    Clean out your temporary internet files and temp files.

    Download TFC by OldTimer to your desktop.

    Double-click TFC.exe to run it.

    Note: If you are running on Vista, right-click on the file and choose Run As Administrator

    TFC will close all programs when run, so make sure you have saved all your work before you begin.

    * Click the Start button to begin the cleaning process.
    * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
    * Please let TFC run uninterrupted until it is finished.

    Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
    ****************************************************
    Looking over your log it seems you don't have any evidence of a third party firewall.

    Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

    Remember only install ONE firewall

    1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
    2) Online Armor
    3) Agnitum Outpost
    4) PC Tools Firewall Plus

    If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
    *******************************************************
    Go to Microsoft Windows Update and get all critical updates.

    ----------

    I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity THEFT, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

    SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
    * Using SpywareBlaster to protect your computer from Spyware and Malware
    * If you don't know what ActiveX controls are, see here

    Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

    Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

    Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
    Safe Surfing!Thanks for everything. So, do I need to download a firewall since I've got the Microsoft Security Essentials now? Do you recommend me getting something else?Quote
    Thanks for everything. So, do I need to download a firewall since I've got the Microsoft Security Essentials now? Do you recommend me getting something else?
    If you want to protect your personal and financial information, a third-party firewall would give you that added protection. I'm running MSE and Comodo firewall. You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.
    Discussion