Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Believe My Laptop Been Hijacked

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
CGlancy57
Newbie


Joined: 16 Jan 2012
Last Visit: 22 Jan 2012
Posts: 7

PostPosted: Mon Jan 16, 2012 5:58 pm    Post subject: Believe My Laptop Been Hijacked Reply with quote

IE and Firefox both redirect search requests and open unrequested pages. Could you please review my Hijackthis log and tell me what files to delete? Warmest Regards, Chris

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:30:16 PM, on 1/16/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Documents and Settings\Chris\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.internet-home-page.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060928
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (file missing)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.4.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161558398265
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://68.45.238.185/activex/AxisCamControl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: NecUsb3Sevice - Invalid registry found
O20 - Winlogon Notify: USB3Nw32 - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1c9a95cc13d9054) (gupdate1c9a95cc13d9054) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 16916 bytes


Last edited by CGlancy57 on Tue Jan 17, 2012 6:44 pm; edited 1 time in total
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Nov 2014
Posts: 4730
Location: Land Of The Leprechauns

PostPosted: Tue Jan 17, 2012 8:42 am    Post subject: Reply with quote

Hi and welcome to Spyware Warrior Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Note: If you haven't done so already, please read this topic Things to know before you post where the conditions for receiving help here are explained.
Quote:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Please download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Next.

Please download TDSSKiller.exe and save it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


Logs/Information to Post in your Next Reply
  • OTL.txt and Extra.txt contents.
  • TDSSKiller log.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
CGlancy57
Newbie


Joined: 16 Jan 2012
Last Visit: 22 Jan 2012
Posts: 7

PostPosted: Tue Jan 17, 2012 6:30 pm    Post subject: Requested Files From OTL and TDSSKiller Reply with quote

OTL logfile created on: 1/17/2012 7:58:23 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Chris\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 22.48 Mb Available Physical Memory | 2.20% Memory free
2.40 Gb Paging File | 1.29 Gb Available in Paging File | 53.81% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79.17 Gb Total Space | 32.89 Gb Free Space | 41.54% Space Free | Partition Type: NTFS
Drive D: | 26.32 Gb Total Space | 16.56 Gb Free Space | 62.91% Space Free | Partition Type: NTFS

Computer Name: CMGNOTEBOOK | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/17 19:50:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\My Documents\Downloads\OTL.exe
PRC - [2011/12/21 02:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/28 14:49:59 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2009/08/12 18:37:44 | 000,337,160 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/08/12 18:37:42 | 000,648,456 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2009/08/12 18:37:42 | 000,488,768 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2009/08/12 18:37:08 | 000,611,592 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe
PRC - [2009/08/12 18:37:06 | 001,398,024 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2009/08/12 18:37:06 | 000,703,008 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2009/08/12 18:36:56 | 000,210,184 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\SfFnUp.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/18 22:14:32 | 000,253,952 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe
PRC - [2008/08/14 16:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 16:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 16:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2008/07/26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
PRC - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/09 10:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2007/03/02 16:56:52 | 000,077,824 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/06/29 12:13:32 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/24 16:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/01/02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/07 18:54:35 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_26c3451e\mscorlib.dll
MOD - [2012/01/07 18:54:29 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_b58eaaf0\system.drawing.dll
MOD - [2012/01/07 18:54:16 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_a755732f\system.xml.dll
MOD - [2012/01/07 18:54:10 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_744c016d\system.windows.forms.dll
MOD - [2012/01/07 18:53:55 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_f8e40787\system.dll
MOD - [2012/01/07 18:53:25 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/01/07 18:53:23 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012/01/07 18:53:19 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011/12/21 02:24:51 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/01 08:11:22 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/06/01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2009/08/12 18:37:44 | 000,337,160 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
MOD - [2009/08/12 18:37:42 | 000,648,456 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
MOD - [2009/08/12 18:37:42 | 000,509,192 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmPfwCtl.dll
MOD - [2009/08/12 18:37:42 | 000,488,768 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
MOD - [2009/08/12 18:37:08 | 000,611,592 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe
MOD - [2009/08/12 18:37:06 | 001,398,024 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
MOD - [2009/08/12 18:37:06 | 000,703,008 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
MOD - [2009/08/12 18:36:56 | 000,210,184 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\SfFnUp.exe
MOD - [2009/05/12 19:35:57 | 000,161,032 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfPack.dll
MOD - [2009/05/12 19:35:33 | 000,231,176 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\PATCHW32.DLL
MOD - [2009/05/12 19:35:33 | 000,017,672 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\NetBSrvr.dll
MOD - [2008/09/18 22:14:34 | 000,364,544 | ---- | M] () -- C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\pxl_m17n_tool.dll
MOD - [2008/08/14 16:22:36 | 000,112,912 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\LAppRes.DLL
MOD - [2008/08/14 16:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
MOD - [2008/08/14 16:13:30 | 000,149,264 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LComMgr\LogiVOIPDevicePlugin.dll
MOD - [2008/08/14 16:13:08 | 000,165,136 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LComMgr\LogiCordless4001.dll
MOD - [2008/08/14 16:13:08 | 000,138,000 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LComMgr\LogiCordless.dll
MOD - [2008/08/14 16:12:10 | 000,167,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\EFVal.dll
MOD - [2008/08/14 16:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
MOD - [2008/08/14 16:11:48 | 000,345,872 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LComMgr\DevMngr.dll
MOD - [2008/07/26 07:24:04 | 000,068,120 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LVCOMSER\LVCSPS.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/11/01 19:48:12 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2006/11/01 19:48:02 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2006/06/29 12:13:50 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2005/10/13 13:53:36 | 000,090,223 | ---- | M] () -- C:\Program Files\Dell\QuickSet\preflibcl.dll
MOD - [2005/08/16 21:02:54 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2005/08/16 21:02:54 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2005/08/16 21:02:54 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2005/08/16 21:02:54 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2002/11/26 13:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Ias)
SRV - [2009/08/12 18:37:44 | 000,337,160 | ---- | M] () [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/08/12 18:37:42 | 000,648,456 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2009/08/12 18:37:42 | 000,488,768 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/08/12 18:37:06 | 000,703,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/03 18:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/07/26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/07/12 09:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2011/07/12 09:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2011/07/12 09:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2010/07/19 17:03:10 | 000,059,472 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/19 17:03:00 | 000,051,792 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/19 17:02:54 | 000,163,408 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/08/12 18:38:42 | 000,335,376 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2009/08/12 18:38:42 | 000,066,320 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2008/07/26 07:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 14:19:42 | 000,075,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/10/12 01:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/12 00:56:00 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2006/10/12 22:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/05/23 07:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/04/10 17:10:34 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/03/24 16:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/10/14 08:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 08:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 08:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 09:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/21 20:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/21 20:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/21 20:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/10 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/02/13 09:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060928
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060928


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060928
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060928
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.internet-home-page.com
IE - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=MOZO"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..keyword.URL: "http://www.bing.com/search?form=MOZFLB&pc=MOZO&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.2: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.2: C:\Documents and Settings\Chris\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/31 10:08:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/15 16:25:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/12 22:19:23 | 000,000,000 | ---D | M]

[2011/02/24 17:32:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2012/01/02 17:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\red861s0.default\extensions
[2011/02/24 18:36:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\red861s0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/31 10:07:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\red861s0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2012/01/02 17:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\red861s0.default\extensions\firefoxbingsearch.full@microsoft.com
[2012/01/02 17:42:04 | 000,001,928 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\red861s0.default\searchplugins\bing-.xml
[2012/01/15 16:25:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/10/04 19:23:01 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org
[2011/12/31 10:08:26 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/04/10 19:20:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\google\chrome\application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\google\chrome\application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\google\chrome\application\14.0.835.202\pdf.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.2 (Enabled) = C:\Documents and Settings\Chris\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: Entanglement = C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Poppit = C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/04/05 10:31:44 | 000,431,524 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14855 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()
O4 - HKU\S-1-5-21-503375041-2970300292-1811523095-1006..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKU\S-1-5-21-503375041-2970300292-1811523095-1006..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-503375041-2970300292-1811523095-1006..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" File not found
O4 - HKU\S-1-5-21-503375041-2970300292-1811523095-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.4.lnk = C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2010/12/11 18:45:25 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2010/12/11 18:45:25 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2010/12/11 18:45:25 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2010/12/11 18:45:25 | 000,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161558398265 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://68.45.238.185/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D8CC406-76DD-4A7E-BAD5-E8FFD140C9EA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NecUsb3Sevice: DllName - () - File not found
O20 - Winlogon\Notify\USB3Nw32: DllName - () - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/10/17 19:23:48 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk /p \??\CSmile
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 01:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2012/01/15 16:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/10 21:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2012/01/08 15:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/01/08 15:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/08 15:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/31 16:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/12/31 10:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/12/31 10:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/12/29 18:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/29 17:53:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/29 17:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Chris\My Documents\*.tmp files -> C:\Documents and Settings\Chris\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/17 20:34:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/17 20:32:23 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/17 20:30:35 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B2C9296F-7AB5-4C13-8674-C2EE27AA9B35}.job
[2012/01/17 20:26:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/01/17 20:00:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2012/01/17 19:39:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/17 19:39:07 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-503375041-2970300292-1811523095-1006.job
[2012/01/17 19:38:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/17 19:38:52 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2012/01/17 19:38:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/17 19:38:08 | 1072,103,424 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/16 21:12:28 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-503375041-2970300292-1811523095-1006.job
[2012/01/16 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2012/01/16 19:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2012/01/16 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2012/01/16 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2012/01/16 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2012/01/16 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/01/16 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/01/16 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/01/16 00:41:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/01/15 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2012/01/15 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2012/01/15 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2012/01/15 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2012/01/15 16:47:39 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2012/01/15 16:32:45 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/01/15 16:32:45 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Spybot - Search & Destroy.lnk
[2012/01/15 16:25:28 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/15 16:25:28 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/15 16:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2012/01/15 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2012/01/13 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2012/01/13 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2012/01/12 22:22:00 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/08 15:15:46 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/01/07 18:49:49 | 000,531,072 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/07 18:49:49 | 000,104,214 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/07 16:55:55 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/01/07 16:48:23 | 000,103,733 | ---- | M] () -- C:\WINDOWS\System32\itusbcore.dat
[2012/01/07 16:48:23 | 000,000,197 | ---- | M] () -- C:\WINDOWS\System32\itlsvc.dat
[2012/01/02 09:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/12/31 17:11:42 | 000,316,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/31 12:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/12/31 11:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/12/27 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Chris\My Documents\*.tmp files -> C:\Documents and Settings\Chris\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/15 16:46:50 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2012/01/15 16:32:45 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/01/15 16:32:45 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Spybot - Search & Destroy.lnk
[2012/01/15 16:25:28 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/15 16:25:28 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/15 16:25:28 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/12 22:22:00 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/12 22:22:00 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/08 15:15:46 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/01/07 16:48:23 | 000,103,733 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2012/01/07 16:48:23 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/12/31 10:14:50 | 1072,103,424 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/03 15:52:05 | 000,988,256 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/13 21:07:14 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2010/03/23 21:52:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/10 08:35:51 | 000,038,478 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft Excel.ADR
[2009/09/09 20:35:30 | 000,068,328 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/05/12 19:47:27 | 000,163,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/05/12 19:47:27 | 000,059,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2009/05/12 19:47:27 | 000,051,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2008/12/11 18:28:03 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/07/26 07:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/01/25 15:41:57 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/01/25 15:41:57 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/01/25 15:40:58 | 000,000,810 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/01/25 15:40:58 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/01/25 15:39:50 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2008/01/25 15:39:48 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008/01/25 15:38:16 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/01/25 15:27:26 | 000,000,076 | ---- | C] () -- C:\WINDOWS\Setup Wizard.INI
[2008/01/25 12:38:58 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf07a.dat
[2008/01/25 12:37:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2008/01/19 15:00:26 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/01/19 15:00:26 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\BA86A9BF38.sys
[2008/01/08 13:04:26 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tlknw5.ini
[2007/12/12 13:03:28 | 000,000,211 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/10/12 00:11:58 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/11/16 23:05:25 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006/11/16 23:05:25 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006/11/16 23:05:01 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2006/11/16 23:05:01 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2006/11/16 23:05:00 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2006/10/30 14:05:58 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2006/10/30 12:12:02 | 000,038,474 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Comma Separated Values (Windows).ADR
[2006/10/22 20:20:46 | 000,000,087 | ---- | C] () -- C:\WINDOWS\gbsaver.ini
[2006/10/21 21:48:52 | 000,013,006 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Comma Separated Values (Windows).CAL
[2006/10/16 22:19:03 | 000,007,510 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/10/05 14:47:14 | 000,002,723 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2006/10/05 14:07:10 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2006/10/04 20:31:18 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/10/04 20:15:20 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2006/10/04 11:19:39 | 000,000,105 | ---- | C] () -- C:\WINDOWS\bfcomega.ini
[2006/10/04 10:53:49 | 000,374,784 | ---- | C] () -- C:\WINDOWS\3dg32.dll
[2006/10/04 10:53:47 | 000,000,250 | ---- | C] () -- C:\WINDOWS\3dr.ini
[2006/10/04 10:03:05 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/03 13:15:10 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/10/03 11:44:25 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2006/09/28 14:07:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/28 13:59:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/28 13:51:17 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/09/28 13:49:40 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/28 13:47:25 | 000,006,958 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/28 13:46:01 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/28 13:42:02 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/09/28 13:38:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/09/28 13:38:18 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/09/28 13:38:18 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/09/28 13:13:03 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/09/28 13:12:53 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/09/28 13:12:47 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/09/28 13:11:35 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/09/12 17:24:09 | 000,046,345 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2005/12/15 21:44:17 | 000,159,734 | ---- | C] () -- C:\WINDOWS\Google Pack Screensaver Uninstaller.exe
[2005/12/15 21:33:25 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Cleanup.exe
[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 04:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:27:59 | 000,316,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 04:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 04:18:33 | 000,531,072 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 04:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 04:18:33 | 000,104,214 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 04:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 04:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 04:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 04:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 04:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 04:18:20 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\ipsec.sys
[2005/08/16 04:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 04:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/22 12:37:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/06/25 00:38:06 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll
[2000/02/24 00:03:04 | 000,061,502 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\
Back to top
View user's profile Send private message
CGlancy57
Newbie


Joined: 16 Jan 2012
Last Visit: 22 Jan 2012
Posts: 7

PostPosted: Tue Jan 17, 2012 6:38 pm    Post subject: OTL Extras File Reply with quote

OTL Extras logfile created on: 1/17/2012 7:58:24 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Chris\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 22.48 Mb Available Physical Memory | 2.20% Memory free
2.40 Gb Paging File | 1.29 Gb Available in Paging File | 53.81% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79.17 Gb Total Space | 32.89 Gb Free Space | 41.54% Space Free | Partition Type: NTFS
Drive D: | 26.32 Gb Total Space | 16.56 Gb Free Space | 62.91% Space Free | Partition Type: NTFS

Computer Name: CMGNOTEBOOK | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-503375041-2970300292-1811523095-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\K8JWESV3\Trend Micro Internet Security\TisEzIns.exe" = C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\K8JWESV3\Trend Micro Internet Security\TisEzIns.exe:*:Enabled:Trend Micro Internet Security
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 24
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}" = Microsoft Project 2000
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87DF5956-A327-4304-8338-8E2B0AAB843E}" = BlackBerry Desktop Software 6.0.2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E520B22-546E-4AD3-8958-7D1EB8587AB1}" = Music Transfer Utility Ver.1
"{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}" = ATI Catalyst Control Center
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro Internet Security
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AE6ECFF9-FD33-48A3-B4AC-89263CC393A8}" = ImageMixer 3 SE Ver.4 Video Tools
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CAE4E520-4695-4A96-8661-B62FA5FB669E}" = ImageMixer 3 SE Ver.4 Transfer Utility
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.2
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Business Attorney" = Business Attorney
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CSCLIB" = Canon Camera Support Core Library
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"ESPNMotion" = ESPNMotion
"getPlus(R)_ocx" = getPlus(R)_ocx
"Google Chrome" = Google Chrome
"Google Pack Screensaver" = Google Pack Screensaver
"Google Updater" = Google Updater
"Home Attorney" = Home Attorney
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Picasa 3" = Picasa 3
"Punch! Professional Home Design" = Punch! Professional Home Design
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SearchAssist" = SearchAssist
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-503375041-2970300292-1811523095-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/21/2011 10:05:15 PM | Computer Name = CMGNOTEBOOK | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index metadata cannot be read. (0xc0041801)

Error - 11/21/2011 11:33:00 PM | Computer Name = CMGNOTEBOOK | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 11/26/2011 1:01:01 PM | Computer Name = CMGNOTEBOOK | Source = ESENT | ID = 490
Description = svchost (292) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 11/26/2011 1:01:01 PM | Computer Name = CMGNOTEBOOK | Source = ESENT | ID = 439
Description = Catalog Database (292) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb. Error
-1032.

Error - 11/26/2011 1:01:01 PM | Computer Name = CMGNOTEBOOK | Source = ESENT | ID = 470
Description = Catalog Database (292) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
is partially attached. Attachment stage: 1. Error: -1032.

Error - 12/1/2011 1:55:05 PM | Computer Name = CMGNOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 12/1/2011 1:56:37 PM | Computer Name = CMGNOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00011780.

Error - 12/1/2011 1:56:59 PM | Computer Name = CMGNOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00011780.

Error - 12/1/2011 1:57:15 PM | Computer Name = CMGNOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00011780.

Error - 12/16/2011 4:34:35 PM | Computer Name = CMGNOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application SfCtlCom.exe, version 16.60.0.3021, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 1/17/2012 8:41:39 PM | Computer Name = CMGNOTEBOOK | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/17/2012 8:41:45 PM | Computer Name = CMGNOTEBOOK | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/17/2012 8:41:48 PM | Computer Name = CMGNOTEBOOK | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/17/2012 8:48:23 PM | Computer Name = CMGNOTEBOOK | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/17/2012 8:49:08 PM | Computer Name = CMGNOTEBOOK | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/17/2012 9:00:04 PM | Computer Name = CMGNOTEBOOK | Source = Schedule | ID = 7901
Description = The At21.job command failed to start due to the following error: %%2147942402

Error - 1/17/2012 9:05:58 PM | Computer Name = CMGNOTEBOOK | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/17/2012 9:06:14 PM | Computer Name = CMGNOTEBOOK | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/17/2012 9:17:49 PM | Computer Name = CMGNOTEBOOK | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 1/17/2012 9:28:04 PM | Computer Name = CMGNOTEBOOK | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >
Back to top
View user's profile Send private message
CGlancy57
Newbie


Joined: 16 Jan 2012
Last Visit: 22 Jan 2012
Posts: 7

PostPosted: Tue Jan 17, 2012 6:40 pm    Post subject: OTL Logfile Reply with quote

OTL logfile created on: 1/17/2012 7:58:23 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Chris\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 22.48 Mb Available Physical Memory | 2.20% Memory free
2.40 Gb Paging File | 1.29 Gb Available in Paging File | 53.81% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79.17 Gb Total Space | 32.89 Gb Free Space | 41.54% Space Free | Partition Type: NTFS
Drive D: | 26.32 Gb Total Space | 16.56 Gb Free Space | 62.91% Space Free | Partition Type: NTFS

Computer Name: CMGNOTEBOOK | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/17 19:50:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\My Documents\Downloads\OTL.exe
PRC - [2011/12/21 02:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/28 14:49:59 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2009/08/12 18:37:44 | 000,337,160 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/08/12 18:37:42 | 000,648,456 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2009/08/12 18:37:42 | 000,488,768 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2009/08/12 18:37:08 | 000,611,592 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe
PRC - [2009/08/12 18:37:06 | 001,398,024 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2009/08/12 18:37:06 | 000,703,008 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2009/08/12 18:36:56 | 000,210,184 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\SfFnUp.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/18 22:14:32 | 000,253,952 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe
PRC - [2008/08/14 16:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 16:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 16:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2008/07/26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
PRC - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/09 10:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2007/03/02 16:56:52 | 000,077,824 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/06/29 12:13:32 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/24 16:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/01/02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/07 18:54:35 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_26c3451e\mscorlib.dll
MOD - [2012/01/07 18:54:29 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_b58eaaf0\system.drawing.dll
MOD - [2012/01/07 18:54:16 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_a755732f\system.xml.dll
MOD - [2012/01/07 18:54:10 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_744c016d\system.windows.forms.dll
MOD - [2012/01/07 18:53:55 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_f8e40787\system.dll
MOD - [2012/01/07 18:53:25 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/01/07 18:53:23 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012/01/07 18:53:19 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011/12/21 02:24:51 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/01 08:11:22 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/06/01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2009/08/12 18:37:44 | 000,337,160 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
MOD - [2009/08/12 18:37:42 | 000,648,456 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
MOD - [2009/08/12 18:37:42 | 000,509,192 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmPfwCtl.dll
MOD - [2009/08/12 18:37:42 | 000,488,768 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
MOD - [2009/08/12 18:37:08 | 000,611,592 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe
MOD - [2009/08/12 18:37:06 | 001,398,024 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
MOD - [2009/08/12 18:37:06 | 000,703,008 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
MOD - [2009/08/12 18:36:56 | 000,210,184 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\SfFnUp.exe
MOD - [2009/05/12 19:35:57 | 000,161,032 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfPack.dll
MOD - [2009/05/12 19:35:33 | 000,231,176 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\PATCHW32.DLL
MOD - [2009/05/12 19:35:33 | 000,017,672 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\NetBSrvr.dll
MOD - [2008/09/18 22:14:34 | 000,364,544 | ---- | M] () -- C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\pxl_m17n_tool.dll
MOD - [2008/08/14 16:22:36 | 000,112,912 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\LAppRes.DLL
MOD - [2008/08/14 16:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
MOD - [2008/08/14 16:13:30 | 000,149,264 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LComMgr\LogiVOIPDevicePlugin.dll
MOD - [2008/08/14 16:13:08 | 000,165,136 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LComMgr\LogiCordless4001.dll
MOD - [2008/08/14 16:13:08 | 000,138,000 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LComMgr\LogiCordless.dll
MOD - [2008/08/14 16:12:10 | 000,167,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\EFVal.dll
MOD - [2008/08/14 16:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
MOD - [2008/08/14 16:11:48 | 000,345,872 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LComMgr\DevMngr.dll
MOD - [2008/07/26 07:24:04 | 000,068,120 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LVCOMSER\LVCSPS.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/11/01 19:48:12 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2006/11/01 19:48:02 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2006/06/29 12:13:50 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2005/10/13 13:53:36 | 000,090,223 | ---- | M] () -- C:\Program Files\Dell\QuickSet\preflibcl.dll
MOD - [2005/08/16 21:02:54 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2005/08/16 21:02:54 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2005/08/16 21:02:54 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2005/08/16 21:02:54 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2002/11/26 13:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Ias)
SRV - [2009/08/12 18:37:44 | 000,337,160 | ---- | M] () [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/08/12 18:37:42 | 000,648,456 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2009/08/12 18:37:42 | 000,488,768 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/08/12 18:37:06 | 000,703,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/03 18:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/07/26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/07/12 09:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2011/07/12 09:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2011/07/12 09:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2010/07/19 17:03:10 | 000,059,472 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/19 17:03:00 | 000,051,792 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/19 17:02:54 | 000,163,408 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/08/12 18:38:42 | 000,335,376 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2009/08/12 18:38:42 | 000,066,320 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2008/07/26 07:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 14:19:42 | 000,075,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/10/12 01:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/12 00:56:00 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2006/10/12 22:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/05/23 07:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/04/10 17:10:34 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/03/24 16:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/10/14 08:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 08:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 08:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 09:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/21 20:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/21 20:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/21 20:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/10 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/02/13 09:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060928
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060928


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060928
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060928
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.internet-home-page.com
IE - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=MOZO"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..keyword.URL: "http://www.bing.com/search?form=MOZFLB&pc=MOZO&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.2: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.2: C:\Documents and Settings\Chris\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/31 10:08:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/15 16:25:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/12 22:19:23 | 000,000,000 | ---D | M]

[2011/02/24 17:32:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2012/01/02 17:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\red861s0.default\extensions
[2011/02/24 18:36:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\red861s0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/31 10:07:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\red861s0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2012/01/02 17:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\red861s0.default\extensions\firefoxbingsearch.full@microsoft.com
[2012/01/02 17:42:04 | 000,001,928 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\red861s0.default\searchplugins\bing-.xml
[2012/01/15 16:25:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/10/04 19:23:01 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org
[2011/12/31 10:08:26 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/04/10 19:20:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\google\chrome\application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\google\chrome\application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\google\chrome\application\14.0.835.202\pdf.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.2 (Enabled) = C:\Documents and Settings\Chris\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: Entanglement = C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Poppit = C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/04/05 10:31:44 | 000,431,524 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14855 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()
O4 - HKU\S-1-5-21-503375041-2970300292-1811523095-1006..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKU\S-1-5-21-503375041-2970300292-1811523095-1006..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-503375041-2970300292-1811523095-1006..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" File not found
O4 - HKU\S-1-5-21-503375041-2970300292-1811523095-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.4.lnk = C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-503375041-2970300292-1811523095-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2010/12/11 18:45:25 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2010/12/11 18:45:25 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2010/12/11 18:45:25 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2010/12/11 18:45:25 | 000,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161558398265 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://68.45.238.185/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D8CC406-76DD-4A7E-BAD5-E8FFD140C9EA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NecUsb3Sevice: DllName - () - File not found
O20 - Winlogon\Notify\USB3Nw32: DllName - () - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/10/17 19:23:48 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk /p \??\CSmile
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 01:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2012/01/15 16:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/10 21:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2012/01/08 15:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/01/08 15:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/08 15:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/31 16:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/12/31 10:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/12/31 10:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/12/29 18:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/29 17:53:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/29 17:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Chris\My Documents\*.tmp files -> C:\Documents and Settings\Chris\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/17 20:34:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/17 20:32:23 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/17 20:30:35 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B2C9296F-7AB5-4C13-8674-C2EE27AA9B35}.job
[2012/01/17 20:26:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/01/17 20:00:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2012/01/17 19:39:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/17 19:39:07 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-503375041-2970300292-1811523095-1006.job
[2012/01/17 19:38:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/17 19:38:52 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2012/01/17 19:38:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/17 19:38:08 | 1072,103,424 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/16 21:12:28 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-503375041-2970300292-1811523095-1006.job
[2012/01/16 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2012/01/16 19:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2012/01/16 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2012/01/16 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2012/01/16 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2012/01/16 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/01/16 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/01/16 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/01/16 00:41:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/01/15 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2012/01/15 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2012/01/15 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2012/01/15 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2012/01/15 16:47:39 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2012/01/15 16:32:45 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/01/15 16:32:45 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Spybot - Search & Destroy.lnk
[2012/01/15 16:25:28 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/15 16:25:28 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/15 16:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2012/01/15 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2012/01/13 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2012/01/13 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2012/01/12 22:22:00 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/08 15:15:46 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/01/07 18:49:49 | 000,531,072 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/07 18:49:49 | 000,104,214 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/07 16:55:55 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/01/07 16:48:23 | 000,103,733 | ---- | M] () -- C:\WINDOWS\System32\itusbcore.dat
[2012/01/07 16:48:23 | 000,000,197 | ---- | M] () -- C:\WINDOWS\System32\itlsvc.dat
[2012/01/02 09:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/12/31 17:11:42 | 000,316,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/31 12:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/12/31 11:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/12/27 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Chris\My Documents\*.tmp files -> C:\Documents and Settings\Chris\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/15 16:46:50 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2012/01/15 16:32:45 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/01/15 16:32:45 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Spybot - Search & Destroy.lnk
[2012/01/15 16:25:28 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/15 16:25:28 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/15 16:25:28 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/12 22:22:00 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/12 22:22:00 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/08 15:15:46 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/01/07 16:48:23 | 000,103,733 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2012/01/07 16:48:23 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/12/31 10:14:50 | 1072,103,424 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/03 15:52:05 | 000,988,256 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/13 21:07:14 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2010/03/23 21:52:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/10 08:35:51 | 000,038,478 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft Excel.ADR
[2009/09/09 20:35:30 | 000,068,328 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/05/12 19:47:27 | 000,163,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/05/12 19:47:27 | 000,059,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2009/05/12 19:47:27 | 000,051,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2008/12/11 18:28:03 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/07/26 07:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/01/25 15:41:57 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/01/25 15:41:57 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/01/25 15:40:58 | 000,000,810 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/01/25 15:40:58 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/01/25 15:39:50 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2008/01/25 15:39:48 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008/01/25 15:38:16 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/01/25 15:27:26 | 000,000,076 | ---- | C] () -- C:\WINDOWS\Setup Wizard.INI
[2008/01/25 12:38:58 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf07a.dat
[2008/01/25 12:37:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2008/01/19 15:00:26 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/01/19 15:00:26 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\BA86A9BF38.sys
[2008/01/08 13:04:26 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tlknw5.ini
[2007/12/12 13:03:28 | 000,000,211 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/10/12 00:11:58 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/11/16 23:05:25 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006/11/16 23:05:25 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006/11/16 23:05:01 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2006/11/16 23:05:01 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2006/11/16 23:05:00 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2006/10/30 14:05:58 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2006/10/30 12:12:02 | 000,038,474 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Comma Separated Values (Windows).ADR
[2006/10/22 20:20:46 | 000,000,087 | ---- | C] () -- C:\WINDOWS\gbsaver.ini
[2006/10/21 21:48:52 | 000,013,006 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Comma Separated Values (Windows).CAL
[2006/10/16 22:19:03 | 000,007,510 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/10/05 14:47:14 | 000,002,723 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2006/10/05 14:07:10 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2006/10/04 20:31:18 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/10/04 20:15:20 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2006/10/04 11:19:39 | 000,000,105 | ---- | C] () -- C:\WINDOWS\bfcomega.ini
[2006/10/04 10:53:49 | 000,374,784 | ---- | C] () -- C:\WINDOWS\3dg32.dll
[2006/10/04 10:53:47 | 000,000,250 | ---- | C] () -- C:\WINDOWS\3dr.ini
[2006/10/04 10:03:05 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/03 13:15:10 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/10/03 11:44:25 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2006/09/28 14:07:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/28 13:59:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/28 13:51:17 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/09/28 13:49:40 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/28 13:47:25 | 000,006,958 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/28 13:46:01 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/28 13:42:02 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/09/28 13:38:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/09/28 13:38:18 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/09/28 13:38:18 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/09/28 13:13:03 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/09/28 13:12:53 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/09/28 13:12:47 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/09/28 13:11:35 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/09/12 17:24:09 | 000,046,345 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2005/12/15 21:44:17 | 000,159,734 | ---- | C] () -- C:\WINDOWS\Google Pack Screensaver Uninstaller.exe
[2005/12/15 21:33:25 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Cleanup.exe
[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 04:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:27:59 | 000,316,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 04:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 04:18:33 | 000,531,072 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 04:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 04:18:33 | 000,104,214 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 04:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 04:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 04:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 04:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 04:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 04:18:20 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\ipsec.sys
[2005/08/16 04:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 04:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/22 12:37:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/06/25 00:38:06 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll
[2000/02/24 00:03:04 | 000,061,502 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\
Back to top
View user's profile Send private message
CGlancy57
Newbie


Joined: 16 Jan 2012
Last Visit: 22 Jan 2012
Posts: 7

PostPosted: Tue Jan 17, 2012 6:43 pm    Post subject: TDSSKiller File Reply with quote

21:12:17.0908 0608 TDSS rootkit removing tool 2.7.3.0 Jan 16 2012 18:53:41
21:12:18.0565 0608 ============================================================
21:12:18.0565 0608 Current date / time: 2012/01/17 21:12:18.0565
21:12:18.0565 0608 SystemInfo:
21:12:18.0565 0608
21:12:18.0565 0608 OS Version: 5.1.2600 ServicePack: 3.0
21:12:18.0565 0608 Product type: Workstation
21:12:18.0565 0608 ComputerName: CMGNOTEBOOK
21:12:18.0565 0608 UserName: Chris
21:12:18.0565 0608 Windows directory: C:\WINDOWS
21:12:18.0565 0608 System windows directory: C:\WINDOWS
21:12:18.0565 0608 Processor architecture: Intel x86
21:12:18.0565 0608 Number of processors: 2
21:12:18.0565 0608 Page size: 0x1000
21:12:18.0565 0608 Boot type: Normal boot
21:12:18.0565 0608 ============================================================
21:12:27.0159 0608 Drive \Device\Harddisk0\DR0 - Size: 0x1B98B79400 (110.39 Gb), SectorSize: 0x200, Cylinders: 0x384A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:12:27.0268 0608 Initialize success
21:12:31.0237 0428 ============================================================
21:12:31.0237 0428 Scan started
21:12:31.0237 0428 Mode: Manual;
21:12:31.0237 0428 ============================================================
21:12:32.0081 0428 Abiosdsk - ok
21:12:32.0175 0428 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:12:32.0222 0428 abp480n5 - ok
21:12:32.0284 0428 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:12:32.0347 0428 ACPI - ok
21:12:32.0378 0428 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:12:32.0409 0428 ACPIEC - ok
21:12:32.0472 0428 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:12:32.0503 0428 adpu160m - ok
21:12:32.0565 0428 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:12:32.0597 0428 aec - ok
21:12:32.0659 0428 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:12:32.0690 0428 AFD - ok
21:12:32.0753 0428 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:12:32.0784 0428 agp440 - ok
21:12:32.0878 0428 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:12:32.0909 0428 agpCPQ - ok
21:12:33.0019 0428 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:12:33.0034 0428 Aha154x - ok
21:12:33.0112 0428 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:12:33.0128 0428 aic78u2 - ok
21:12:33.0159 0428 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:12:33.0175 0428 aic78xx - ok
21:12:33.0237 0428 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:12:33.0253 0428 AliIde - ok
21:12:33.0315 0428 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:12:33.0331 0428 alim1541 - ok
21:12:33.0378 0428 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:12:33.0394 0428 amdagp - ok
21:12:33.0456 0428 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:12:33.0472 0428 amsint - ok
21:12:33.0519 0428 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
21:12:33.0534 0428 APPDRV - ok
21:12:33.0628 0428 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:12:33.0644 0428 Arp1394 - ok
21:12:33.0690 0428 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:12:33.0706 0428 asc - ok
21:12:33.0784 0428 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:12:33.0800 0428 asc3350p - ok
21:12:33.0862 0428 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:12:33.0894 0428 asc3550 - ok
21:12:33.0956 0428 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:12:33.0987 0428 AsyncMac - ok
21:12:34.0034 0428 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:12:34.0034 0428 atapi - ok
21:12:34.0065 0428 Atdisk - ok
21:12:34.0206 0428 ati2mtag (2573c08729dd52b7b4f18df1592e0b37) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:12:34.0487 0428 ati2mtag - ok
21:12:34.0534 0428 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:12:34.0581 0428 Atmarpc - ok
21:12:34.0659 0428 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:12:34.0675 0428 audstub - ok
21:12:34.0753 0428 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
21:12:34.0862 0428 BCM43XX - ok
21:12:34.0878 0428 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
21:12:34.0909 0428 bcm4sbxp - ok
21:12:34.0972 0428 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:12:34.0987 0428 Beep - ok
21:12:35.0050 0428 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
21:12:35.0065 0428 BrScnUsb - ok
21:12:35.0175 0428 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\WINDOWS\system32\Drivers\BrSerIf.sys
21:12:35.0222 0428 BrSerIf - ok
21:12:35.0253 0428 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
21:12:35.0269 0428 BrUsbSer - ok
21:12:35.0316 0428 BVRPMPR5 (c834f8816ab652064176b4fbd93a2dc8) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
21:12:35.0378 0428 BVRPMPR5 - ok
21:12:35.0409 0428 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:12:35.0441 0428 cbidf - ok
21:12:35.0456 0428 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:12:35.0456 0428 cbidf2k - ok
21:12:35.0534 0428 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:12:35.0566 0428 CCDECODE - ok
21:12:35.0659 0428 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:12:35.0691 0428 cd20xrnt - ok
21:12:35.0722 0428 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:12:35.0753 0428 Cdaudio - ok
21:12:35.0816 0428 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:12:35.0862 0428 Cdfs - ok
21:12:35.0878 0428 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:12:35.0925 0428 Cdrom - ok
21:12:35.0941 0428 Changer - ok
21:12:36.0003 0428 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:12:36.0034 0428 CmBatt - ok
21:12:36.0097 0428 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:12:36.0112 0428 CmdIde - ok
21:12:36.0128 0428 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:12:36.0144 0428 Compbatt - ok
21:12:36.0175 0428 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:12:36.0191 0428 Cpqarray - ok
21:12:36.0284 0428 cpuz134 - ok
21:12:36.0347 0428 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:12:36.0394 0428 dac2w2k - ok
21:12:36.0503 0428 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:12:36.0519 0428 dac960nt - ok
21:12:36.0566 0428 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:12:36.0581 0428 Disk - ok
21:12:36.0644 0428 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:12:36.0737 0428 dmboot - ok
21:12:36.0753 0428 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:12:36.0784 0428 dmio - ok
21:12:36.0816 0428 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:12:36.0831 0428 dmload - ok
21:12:36.0894 0428 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:12:36.0909 0428 DMusic - ok
21:12:36.0972 0428 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
21:12:37.0003 0428 dot4 - ok
21:12:37.0050 0428 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
21:12:37.0066 0428 Dot4Print - ok
21:12:37.0097 0428 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
21:12:37.0112 0428 Dot4Scan - ok
21:12:37.0144 0428 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
21:12:37.0159 0428 dot4usb - ok
21:12:37.0284 0428 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:12:37.0300 0428 dpti2o - ok
21:12:37.0331 0428 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:12:37.0363 0428 drmkaud - ok
21:12:37.0409 0428 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
21:12:37.0488 0428 drvmcdb - ok
21:12:37.0519 0428 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
21:12:37.0566 0428 drvnddm - ok
21:12:37.0659 0428 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
21:12:37.0675 0428 DSproct - ok
21:12:37.0706 0428 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:12:37.0738 0428 E100B - ok
21:12:37.0816 0428 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:12:37.0847 0428 Fastfat - ok
21:12:37.0925 0428 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:12:37.0956 0428 Fdc - ok
21:12:37.0988 0428 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:12:38.0003 0428 Fips - ok
21:12:38.0097 0428 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:12:38.0128 0428 Flpydisk - ok
21:12:38.0159 0428 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:12:38.0191 0428 FltMgr - ok
21:12:38.0253 0428 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:12:38.0269 0428 Fs_Rec - ok
21:12:38.0331 0428 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:12:38.0363 0428 Ftdisk - ok
21:12:38.0409 0428 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:12:38.0425 0428 GearAspiWDM - ok
21:12:38.0441 0428 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:12:38.0472 0428 Gpc - ok
21:12:38.0503 0428 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:12:38.0550 0428 HDAudBus - ok
21:12:38.0581 0428 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:12:38.0597 0428 HidUsb - ok
21:12:38.0706 0428 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:12:38.0753 0428 hpn - ok
21:12:38.0800 0428 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
21:12:38.0847 0428 HSFHWAZL - ok
21:12:38.0909 0428 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
21:12:39.0097 0428 HSF_DPV - ok
21:12:39.0238 0428 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:12:39.0300 0428 HTTP - ok
21:12:39.0347 0428 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:12:39.0363 0428 i2omgmt - ok
21:12:39.0394 0428 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:12:39.0425 0428 i2omp - ok
21:12:39.0472 0428 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:12:39.0519 0428 i8042prt - ok
21:12:39.0581 0428 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:12:39.0628 0428 Imapi - ok
21:12:39.0691 0428 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:12:39.0722 0428 ini910u - ok
21:12:39.0785 0428 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:12:39.0816 0428 IntelIde - ok
21:12:39.0847 0428 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:12:39.0894 0428 intelppm - ok
21:12:39.0956 0428 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:12:39.0988 0428 Ip6Fw - ok
21:12:40.0097 0428 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:12:40.0144 0428 IpFilterDriver - ok
21:12:40.0253 0428 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:12:40.0316 0428 IpInIp - ok
21:12:40.0425 0428 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:12:40.0472 0428 IpNat - ok
21:12:40.0550 0428 IPSec (e4565fcebc6da27e0ad7600aa87988d4) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:12:40.0581 0428 IPSec ( Rootkit.Win32.ZAccess.h ) - infected
21:12:40.0581 0428 IPSec - detected Rootkit.Win32.ZAccess.h (0)
21:12:40.0613 0428 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:12:40.0628 0428 IRENUM - ok
21:12:40.0706 0428 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:12:40.0753 0428 isapnp - ok
21:12:40.0800 0428 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:12:40.0831 0428 Kbdclass - ok
21:12:40.0863 0428 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:12:40.0863 0428 kmixer - ok
21:12:40.0894 0428 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:12:40.0910 0428 KSecDD - ok
21:12:40.0925 0428 lbrtfdc - ok
21:12:40.0972 0428 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
21:12:41.0003 0428 LVPr2Mon - ok
21:12:41.0081 0428 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
21:12:41.0081 0428 LVUSBSta - ok
21:12:41.0144 0428 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:12:41.0175 0428 mdmxsdk - ok
21:12:41.0206 0428 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
21:12:41.0222 0428 MHNDRV - ok
21:12:41.0300 0428 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:12:41.0316 0428 mnmdd - ok
21:12:41.0394 0428 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:12:41.0394 0428 Modem - ok
21:12:41.0456 0428 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:12:41.0488 0428 Mouclass - ok
21:12:41.0519 0428 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:12:41.0535 0428 mouhid - ok
21:12:41.0581 0428 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:12:41.0628 0428 MountMgr - ok
21:12:41.0660 0428 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:12:41.0707 0428 mraid35x - ok
21:12:41.0707 0428 mrtRate - ok
21:12:41.0722 0428 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:12:41.0753 0428 MRxDAV - ok
21:12:41.0816 0428 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:12:41.0894 0428 MRxSmb - ok
21:12:42.0003 0428 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:12:42.0035 0428 Msfs - ok
21:12:42.0066 0428 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:12:42.0082 0428 MSKSSRV - ok
21:12:42.0097 0428 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:12:42.0113 0428 MSPCLOCK - ok
21:12:42.0160 0428 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:12:42.0175 0428 MSPQM - ok
21:12:42.0253 0428 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:12:42.0269 0428 mssmbios - ok
21:12:42.0347 0428 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:12:42.0378 0428 MSTEE - ok
21:12:42.0410 0428 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:12:42.0441 0428 Mup - ok
21:12:42.0488 0428 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:12:42.0519 0428 NABTSFEC - ok
21:12:42.0566 0428 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:12:42.0597 0428 NDIS - ok
21:12:42.0628 0428 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:12:42.0644 0428 NdisIP - ok
21:12:42.0691 0428 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:12:42.0707 0428 NdisTapi - ok
21:12:42.0800 0428 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:12:42.0816 0428 Ndisuio - ok
21:12:42.0832 0428 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:12:42.0863 0428 NdisWan - ok
21:12:42.0878 0428 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:12:42.0910 0428 NDProxy - ok
21:12:42.0941 0428 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:12:42.0957 0428 NetBIOS - ok
21:12:43.0003 0428 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:12:43.0035 0428 NetBT - ok
21:12:43.0066 0428 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:12:43.0097 0428 NIC1394 - ok
21:12:43.0128 0428 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
21:12:43.0175 0428 nm - ok
21:12:43.0207 0428 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:12:43.0238 0428 Npfs - ok
21:12:43.0332 0428 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:12:43.0410 0428 Ntfs - ok
21:12:43.0472 0428 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
21:12:43.0503 0428 NuidFltr - ok
21:12:43.0550 0428 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:12:43.0582 0428 Null - ok
21:12:43.0707 0428 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:12:43.0957 0428 nv - ok
21:12:44.0066 0428 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:12:44.0082 0428 NwlnkFlt - ok
21:12:44.0144 0428 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:12:44.0160 0428 NwlnkFwd - ok
21:12:44.0207 0428 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
21:12:44.0238 0428 NwlnkIpx - ok
21:12:44.0332 0428 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
21:12:44.0363 0428 NwlnkNb - ok
21:12:44.0425 0428 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
21:12:44.0441 0428 NwlnkSpx - ok
21:12:44.0472 0428 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:12:44.0504 0428 ohci1394 - ok
21:12:44.0550 0428 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
21:12:44.0582 0428 omci - ok
21:12:44.0629 0428 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:12:44.0675 0428 Parport - ok
21:12:44.0691 0428 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:12:44.0707 0428 PartMgr - ok
21:12:44.0738 0428 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:12:44.0769 0428 ParVdm - ok
21:12:44.0785 0428 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:12:44.0832 0428 PCI - ok
21:12:44.0910 0428 PCIDump - ok
21:12:44.0972 0428 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:12:44.0972 0428 PCIIde - ok
21:12:45.0066 0428 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:12:45.0097 0428 Pcmcia - ok
21:12:45.0097 0428 PDCOMP - ok
21:12:45.0113 0428 PDFRAME - ok
21:12:45.0129 0428 PDRELI - ok
21:12:45.0144 0428 PDRFRAME - ok
21:12:45.0160 0428 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:12:45.0191 0428 perc2 - ok
21:12:45.0222 0428 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:12:45.0238 0428 perc2hib - ok
21:12:45.0347 0428 PID_PEPI (a7598e897da639e255ad4188fa398478) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
21:12:45.0660 0428 PID_PEPI - ok
21:12:45.0769 0428 Point32 (f6210e1e4818dfb0d5d90b6bb659b513) C:\WINDOWS\system32\DRIVERS\point32.sys
21:12:45.0785 0428 Point32 - ok
21:12:45.0832 0428 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:12:45.0863 0428 PptpMiniport - ok
21:12:45.0879 0428 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:12:45.0894 0428 PSched - ok
21:12:45.0910 0428 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:12:45.0925 0428 Ptilink - ok
21:12:45.0972 0428 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:12:45.0988 0428 PxHelp20 - ok
21:12:46.0160 0428 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:12:46.0176 0428 ql1080 - ok
21:12:46.0254 0428 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:12:46.0285 0428 Ql10wnt - ok
21:12:46.0332 0428 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:12:46.0363 0428 ql12160 - ok
21:12:46.0410 0428 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:12:46.0457 0428 ql1240 - ok
21:12:46.0488 0428 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:12:46.0504 0428 ql1280 - ok
21:12:46.0551 0428 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:12:46.0566 0428 RasAcd - ok
21:12:46.0597 0428 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:12:46.0613 0428 Rasl2tp - ok
21:12:46.0629 0428 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:12:46.0660 0428 RasPppoe - ok
21:12:46.0660 0428 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:12:46.0691 0428 Raspti - ok
21:12:46.0707 0428 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:12:46.0738 0428 Rdbss - ok
21:12:46.0754 0428 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:12:46.0769 0428 RDPCDD - ok
21:12:46.0816 0428 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:12:46.0863 0428 rdpdr - ok
21:12:46.0957 0428 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:12:46.0972 0428 RDPWD - ok
21:12:47.0051 0428 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:12:47.0082 0428 redbook - ok
21:12:47.0160 0428 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
21:12:47.0176 0428 rimmptsk - ok
21:12:47.0191 0428 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
21:12:47.0207 0428 rimsptsk - ok
21:12:47.0254 0428 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys
21:12:47.0285 0428 RimUsb - ok
21:12:47.0332 0428 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
21:12:47.0347 0428 RimVSerPort - ok
21:12:47.0363 0428 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
21:12:47.0472 0428 rismxdp - ok
21:12:47.0488 0428 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
21:12:47.0504 0428 ROOTMODEM - ok
21:12:47.0613 0428 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:12:47.0644 0428 sdbus - ok
21:12:47.0691 0428 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:12:47.0722 0428 Secdrv - ok
21:12:47.0785 0428 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:12:47.0801 0428 serenum - ok
21:12:47.0832 0428 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:12:47.0879 0428 Serial - ok
21:12:48.0019 0428 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
21:12:48.0051 0428 sffdisk - ok
21:12:48.0082 0428 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
21:12:48.0113 0428 sffp_sd - ok
21:12:48.0176 0428 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:12:48.0207 0428 Sfloppy - ok
21:12:48.0223 0428 Simbad - ok
21:12:48.0285 0428 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:12:48.0316 0428 sisagp - ok
21:12:48.0363 0428 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:12:48.0379 0428 SLIP - ok
21:12:48.0441 0428 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:12:48.0457 0428 Sparrow - ok
21:12:48.0504 0428 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:12:48.0519 0428 splitter - ok
21:12:48.0551 0428 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:12:48.0582 0428 sr - ok
21:12:48.0613 0428 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:12:48.0676 0428 Srv - ok
21:12:48.0707 0428 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
21:12:48.0723 0428 sscdbhk5 - ok
21:12:48.0738 0428 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
21:12:48.0769 0428 ssrtln - ok
21:12:49.0004 0428 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
21:12:50.0066 0428 STHDA - ok
21:12:50.0176 0428 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
21:12:50.0191 0428 StillCam - ok
21:12:50.0269 0428 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:12:50.0285 0428 streamip - ok
21:12:50.0379 0428 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:12:50.0395 0428 swenum - ok
21:12:50.0441 0428 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:12:50.0473 0428 swmidi - ok
21:12:50.0504 0428 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:12:50.0535 0428 symc810 - ok
21:12:50.0566 0428 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:12:50.0598 0428 symc8xx - ok
21:12:50.0613 0428 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:12:50.0645 0428 sym_hi - ok
21:12:50.0738 0428 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:12:50.0770 0428 sym_u3 - ok
21:12:50.0832 0428 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:12:50.0879 0428 SynTP - ok
21:12:50.0910 0428 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:12:50.0941 0428 sysaudio - ok
21:12:51.0004 0428 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:12:51.0066 0428 Tcpip - ok
21:12:51.0176 0428 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
21:12:51.0254 0428 Tcpip6 - ok
21:12:51.0348 0428 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:12:51.0379 0428 TDPIPE - ok
21:12:51.0441 0428 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:12:51.0473 0428 TDTCP - ok
21:12:51.0520 0428 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:12:51.0535 0428 TermDD - ok
21:12:51.0598 0428 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
21:12:51.0629 0428 tfsnboio - ok
21:12:51.0645 0428 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
21:12:51.0676 0428 tfsncofs - ok
21:12:51.0676 0428 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
21:12:51.0723 0428 tfsndrct - ok
21:12:51.0754 0428 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
21:12:51.0770 0428 tfsndres - ok
21:12:51.0785 0428 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
21:12:51.0910 0428 tfsnifs - ok
21:12:51.0926 0428 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
21:12:51.0941 0428 tfsnopio - ok
21:12:51.0957 0428 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
21:12:51.0973 0428 tfsnpool - ok
21:12:51.0988 0428 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
21:12:52.0020 0428 tfsnudf - ok
21:12:52.0035 0428 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
21:12:52.0066 0428 tfsnudfa - ok
21:12:52.0145 0428 tmactmon (ca9e9c2c04a198ed345c1752222a5f3e) C:\WINDOWS\system32\drivers\tmactmon.sys
21:12:52.0191 0428 tmactmon - ok
21:12:52.0301 0428 tmcfw (e5aa5bcb134d3ab03a8b56ddd728c37f) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
21:12:52.0379 0428 tmcfw - ok
21:12:52.0504 0428 tmcomm (a3d20789b3ff0576a29462bef25bcfcc) C:\WINDOWS\system32\drivers\tmcomm.sys
21:12:52.0520 0428 tmcomm - ok
21:12:52.0551 0428 tmevtmgr (21f215e54770c4bf93efaf63f58fe57e) C:\WINDOWS\system32\drivers\tmevtmgr.sys
21:12:52.0582 0428 tmevtmgr - ok
21:12:52.0660 0428 tmpreflt (379c4f99994a56b66e11d1e32bb22a1c) C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
21:12:52.0676 0428 tmpreflt - ok
21:12:52.0723 0428 tmtdi (1cf2f398e08592985a5bd1bbef59d043) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
21:12:52.0738 0428 tmtdi - ok
21:12:52.0801 0428 tmxpflt (717e406972bbc07f8fb2a989416cab73) C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
21:12:52.0879 0428 tmxpflt - ok
21:12:52.0957 0428 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:12:52.0973 0428 TosIde - ok
21:12:53.0020 0428 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
21:12:53.0035 0428 tunmp - ok
21:12:53.0145 0428 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:12:53.0176 0428 Udfs - ok
21:12:53.0223 0428 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:12:53.0254 0428 ultra - ok
21:12:53.0348 0428 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:12:53.0395 0428 Update - ok
21:12:53.0504 0428 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:12:53.0535 0428 USBAAPL - ok
21:12:53.0582 0428 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:12:53.0598 0428 usbaudio - ok
21:12:53.0660 0428 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:12:53.0676 0428 usbccgp - ok
21:12:53.0707 0428 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:12:53.0738 0428 usbehci - ok
21:12:53.0785 0428 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:12:53.0817 0428 usbhub - ok
21:12:53.0848 0428 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:12:53.0879 0428 usbprint - ok
21:12:53.0988 0428 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:12:54.0020 0428 USBSTOR - ok
21:12:54.0035 0428 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:12:54.0067 0428 usbuhci - ok
21:12:54.0098 0428 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:12:54.0113 0428 VgaSave - ok
21:12:54.0176 0428 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:12:54.0207 0428 viaagp - ok
21:12:54.0223 0428 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:12:54.0238 0428 ViaIde - ok
21:12:54.0301 0428 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:12:54.0317 0428 VolSnap - ok
21:12:54.0426 0428 vsapint (642eb152cb980ad9181b2161066be629) C:\WINDOWS\system32\DRIVERS\vsapint.sys
21:12:54.0567 0428 vsapint - ok
21:12:54.0598 0428 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:12:54.0629 0428 Wanarp - ok
21:12:54.0629 0428 wanatw - ok
21:12:54.0723 0428 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:12:54.0785 0428 Wdf01000 - ok
21:12:54.0864 0428 WDICA - ok
21:12:54.0926 0428 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:12:54.0957 0428 wdmaud - ok
21:12:55.0067 0428 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:12:55.0332 0428 winachsf - ok
21:12:55.0504 0428 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:12:55.0520 0428 WSTCODEC - ok
21:12:55.0567 0428 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:12:55.0598 0428 WudfPf - ok
21:12:55.0614 0428 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:12:55.0645 0428 WudfRd - ok
21:12:55.0754 0428 MBR (0x1B8) (dea9e81f0228b68c9adaf84c9b0cf931) \Device\Harddisk0\DR0
21:12:55.0785 0428 \Device\Harddisk0\DR0 - ok
21:12:55.0817 0428 Boot (0x1200) (9a5f38b8d5843bef87083817ff4b260e) \Device\Harddisk0\DR0\Partition0
21:12:55.0832 0428 \Device\Harddisk0\DR0\Partition0 - ok
21:12:55.0848 0428 Boot (0x1200) (8483cb3bd3e24f6ef392bddd6e64a9df) \Device\Harddisk0\DR0\Partition1
21:12:55.0848 0428 \Device\Harddisk0\DR0\Partition1 - ok
21:12:55.0848 0428 ============================================================
21:12:55.0848 0428 Scan finished
21:12:55.0848 0428 ============================================================
21:12:55.0864 5836 Detected object count: 1
21:12:55.0864 5836 Actual detected object count: 1
21:13:52.0679 5836 IPSec ( Rootkit.Win32.ZAccess.h ) - skipped by user
21:13:52.0679 5836 IPSec ( Rootkit.Win32.ZAccess.h ) - User select action: Skip
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Nov 2014
Posts: 4730
Location: Land Of The Leprechauns

PostPosted: Wed Jan 18, 2012 3:17 am    Post subject: Reply with quote

Hi CGlancy57,

It appears that your computer has a nasty Rootkit infection called ZeroAccess, this infection can prove tricky to remove.
A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).


DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

What are rootkits from Wikipedia
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
How to backup your files in Windows XP
How to backup your files in Windows Vista/Windows 7

Should you have any questions please feel free to ask.

Please let us know what you have decided to do in your next post.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
CGlancy57
Newbie


Joined: 16 Jan 2012
Last Visit: 22 Jan 2012
Posts: 7

PostPosted: Wed Jan 18, 2012 6:29 pm    Post subject: Backing my files up Reply with quote

Cypher,

I have disconnected my laptop from the internet, changed my passwords at all my bank accounts and I am backing up all of my personal files.

As you probably know from the files I sent I have a Dell laptop and I believe I can restore the factory setting on my laptop. "Dell™ PC Restore by Symantec™ is a hidden partition on your hard drive that contains an exact copy of your computer's original factory software. With PC Restore, you can restore your computer to the original state it was shipped in to you from Dell and in a fraction of the time a manual reinstallation would require."

I do not have the Windows CD to be able to format the hard drive from scratch so it leaves two options. 1) Run the PC Restore or 2) Have you help me clean it. Do you if the PC Restore function will work? If it does not then I would appreciate your help cleaning my laptop.

Warmest Regards,
Chris
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Nov 2014
Posts: 4730
Location: Land Of The Leprechauns

PostPosted: Thu Jan 19, 2012 2:54 am    Post subject: Reply with quote

Hi Chris,
Quote:
As you probably know from the files I sent I have a Dell laptop and I believe I can restore the factory setting on my laptop.

Yes there should be a recovery partition, and this can be used to return the computer to factory settings.
To access the recovery partition do the following.

1. Turn on the computer.
During the boot process, a blue bar with "www.dell.com" appears at the top of the screen.

2. Immediately upon seeing the blue bar, press <Ctrl><F11>.

If you do not press <Ctrl><F11> in time, let the computer finish restarting, and then restart the computer again.

The decision to reformat is yours, but we can still try to clean the computer if you wish.
I just want to make sure you are aware of all your options.
Please let me know what you decide to do.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
CGlancy57
Newbie


Joined: 16 Jan 2012
Last Visit: 22 Jan 2012
Posts: 7

PostPosted: Sat Jan 21, 2012 5:20 pm    Post subject: Restored Computer to Original Settings Reply with quote

Cypher,

I did run the routine to restore my computer to its origional factory setting. The problem seems to have resolved. Should I do anything else to confirm that the virus has been removed?

Warmest Regards,
Chris
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Nov 2014
Posts: 4730
Location: Land Of The Leprechauns

PostPosted: Sun Jan 22, 2012 2:54 am    Post subject: Reply with quote

Hi Chris,
Now that the computer has been restored to factory setting the infection will be gone.
You are good to go, here are some free programs I recommend that could help you improve your computer's security.

Install Malwarebytes Anti-malware
These are anti-malware applications that can thoroughly remove even the most advanced malware. They include a number of features, including a built in protection monitor that blocks malicious processes before they even start.
You can find information and Download it from HERE


Install SpywareBlaster
Download and install Javacools SpywareBlaster from Here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.


Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here


Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer
You can do that HERE


Read some information HERE On how to prevent Malware


I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
CGlancy57
Newbie


Joined: 16 Jan 2012
Last Visit: 22 Jan 2012
Posts: 7

PostPosted: Sun Jan 22, 2012 11:16 am    Post subject: Thanks you Reply with quote

Cypher,

Many thanks for your assistance and patience helping me through this event.

Warmest Regards,
Chris
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Nov 2014
Posts: 4730
Location: Land Of The Leprechauns

PostPosted: Sun Jan 22, 2012 11:36 am    Post subject: Reply with quote

Hi Chris,
Quote:
Many thanks for your assistance and patience helping me through this event.

You're most welcome, good luck and stay safe.
Quote:
As your issues appear to be resolved, this topic is now closed.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group