Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

probable malware/trojan/virus
Goto page 1, 2  Next
 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
Jel
Junior Member


Joined: 07 Jul 2012
Last Visit: 24 Jul 2012
Posts: 23

PostPosted: Sat Jul 07, 2012 1:05 am    Post subject: probable malware/trojan/virus Reply with quote

First time poster, and a pc novice compared to most of you i am sure, but i can and will follow your instructions:) ...i read the forums instructions and am hoping to have followed them properly. THANK YOU in advance for any assistance. Running windows XP Pro with latest updates (at least MS security essentials tells me i have the latest, but a yr ago had a virus that faked the updates that was hiding in my bios software that was preventing MS updates via network). Tried downloading MS security scanner...but get error not a valid win32 application. wouldn't download a java update yesterday...just hung mid stream. Tried other download scans and wasn't able to download. Downloaded to a flash drive on a another pc, but flash drive would load them up on the problem pc. I also tried to trouble shoot of it was a corruption of the user acct, added a new Admin acct, but was unable to download any software to help.

Here is the dds log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Kerry at 1:36:37 on 2012-07-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2451 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\LANScope Agent\awtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\LANScope Agent\awServ.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\LANScope Agent\LockKM.exe
C:\Acer\Empowering Technology\eLock\LockServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
G:\HijackThis l.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://www.aceradvantage.com/stdreg/startpage.jsp?sn=PSV5306016803011EF2702
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [fsm]
mRun: [AdminWorks Tray] "c:\acer\lanscope agent\awtray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NPSStartup]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office xp\office10\OSA.EXE
uPolicies-explorer: NoInstrumentation = 1
IE: E&xport to Microsoft Excel - c:\progra~1\mi01da~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi699f~1\office11\REFIEBAR.DLL
Trusted Zone: accr.biz
Trusted Zone: amazon.com\www
Trusted Zone: aoi.org\mail
Trusted Zone: bizjournals.com\www
Trusted Zone: ebay.com\signin
Trusted Zone: emailroi.com\emailer
Trusted Zone: entirelypets.com\www
Trusted Zone: eroi.com\toolbox
Trusted Zone: eroi.com\www
Trusted Zone: facebook.com\login
Trusted Zone: gotomypc.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: linkedin.com\www
Trusted Zone: live.com\login
Trusted Zone: livingwater.com\www
Trusted Zone: microsoft.com\office
Trusted Zone: myfax.com
Trusted Zone: myfax.com\secure
Trusted Zone: onlinebootstore.com\www
Trusted Zone: onpointcuonline.com\www
Trusted Zone: presentment.com\digitalinsight
Trusted Zone: t-mobile.com\my
Trusted Zone: uplacevet.com\www
Trusted Zone: yahoo.net\us-dc2-order.store
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341641108109
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
TCP: DhcpNameServer = 204.130.255.3 209.63.0.6
TCP: Interfaces\{C34F1CA5-3C00-449D-B9B1-47978CD93FC0} : DhcpNameServer = 204.130.255.3 209.63.0.6
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kerry\application data\mozilla\firefox\profiles\lzbf8ttx.default\
FF - prefs.js: browser.startup.homepage - www.bing.com
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 171064]
R1 MpKslf018623f;MpKslf018623f;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c5a0c642-7544-42a1-a555-4a2c8c3008df}\MpKslf018623f.sys [2012-7-6 29904]
R2 AWService;AdminWorks Agent X6;c:\acer\lanscope agent\awServ.exe [2007-4-26 75032]
R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [2006-6-8 17664]
R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [2006-6-6 90112]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-5-14 233472]
R2 LockServ;LockServ;c:\acer\empowering technology\elock\lockserv.exe -p --> c:\acer\empowering technology\elock\LockServ.exe -p [?]
R2 netlimiter;netlimiter;c:\windows\system32\drivers\NetLimiter.sys [2006-10-3 18072]
R2 netlock;netlock;c:\windows\system32\drivers\NetLock.sys [2007-5-30 14616]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-2-9 793048]
R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2009-2-22 2944]
R3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [2009-2-22 3168]
R3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [2009-2-22 39552]
R3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2009-2-22 60416]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-5-14 36608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Acer ODDSpeedControl;Acer ODDSpeedControl;c:\acer\empowering technology\eacoustics\oddspeedctl\speedcontrol.exe [2005-2-15 81920]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-9-14 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-9-14 3072]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-3 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-07 07:24:06 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c5a0c642-7544-42a1-a555-4a2c8c3008df}\offreg.dll
2012-07-07 06:04:40 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c5a0c642-7544-42a1-a555-4a2c8c3008df}\MpKslf018623f.sys
2012-07-07 05:51:59 -------- d-----w- c:\windows\system32\CatRoot2
2012-07-07 03:16:40 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c5a0c642-7544-42a1-a555-4a2c8c3008df}\mpengine.dll
2012-07-05 20:40:51 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-13 04:38:02 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
==================== Find3M ====================
.
2012-06-13 17:20:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 17:20:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-05 05:34:43 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-05 05:34:43 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-05 00:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-18 20:02:11 91823688 ----a-w- c:\program files\Kies_2.3.1.12044_18.exe
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-12-02 18:53:48 4734424 ----a-w- c:\program files\rminstall.exe
2010-04-19 22:41:15 38808920 ----a-w- c:\program files\MS FileFormatConverters.exe
2010-04-19 22:38:28 1761856 ----a-w- c:\program files\MS older Office converter OCONVPCK.EXE
2009-05-28 22:14:15 7526856 ----a-w- c:\program files\Firefox Setup 3.0.10.exe
.
============= FINISH: 1:37:08.64 ===============

and here is the attach log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/25/2008 10:14:44 AM
System Uptime: 7/6/2012 11:03:54 PM (2 hours ago)
.
Motherboard: Acer | | F690GVM
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2194/199mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 38.186 GiB free.
D: is FIXED (FAT32) - 72 GiB total, 71.812 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 112 GiB total, 62.611 GiB free.
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\3&61AAA01&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\3&61AAA01&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP1: 7/6/2012 10:20:13 PM - System Checkpoint
RP2: 7/6/2012 10:22:28 PM - Restore Point before Corrupt Patch Registry keys
RP3: 7/6/2012 10:51:46 PM - Installed Microsoft Fix it 50528
.
==== Installed Programs ======================
.
.
Able2Extract v6.0
Acer eAcoustics Management
Acer eDataSecurity Management
Acer eDataSecurity Management 2.0.4093
Acer eLock Management
Acer Empowering Technology
Acer ePerformance Management
Acer eProtection
Acer eSettings Management
Acer LANScope Agent
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
ATI Display Driver
Bing Bar
BlueSoleil
Brother Internet Fax 2.02
Brother Internet Fax Driver
Brother Network Printer Driver Wizard
Business Contact Manager for Outlook 2007 SP2
commercial
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
EASEUS Partition Master 4.0 Professional
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
LightScribe 1.4.136.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Outlook 2003
Microsoft Office Small Business Connectivity Components
Microsoft Office XP Media Content
Microsoft Office XP Standard for Students and Teachers
Microsoft Security Client
Microsoft Security Essentials
Microsoft SQL Server 2005
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MS Access 97 Runtime Edition
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Nikon Message Center
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
OCA Client history tool install
OGA Notifier 2.0.0048.0
Olympus Digital Wave Player
OpenOffice.org 3.1
PaperPort 8.0 SE
PC Connectivity Solution
PC Tools Registry Mechanic 11.0
PDFCreator
PictureProject
PowerDVD
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Samsung New PC Studio
SAMSUNG SYMBIAN USB Download Driver
SAMSUNG USB Driver for Mobile Phones
SamsungConnectivityCableDriver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Software Informer 1.0 BETA
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinPatrol
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
7/6/2012 9:52:46 PM, error: EventLog [6004] - A driver packet received from the I/O subsystem was invalid. The data is the packet.
7/6/2012 8:06:56 PM, error: Service Control Manager [7000] - The BrSplService service failed to start due to the following error: The system cannot find the file specified.
7/6/2012 12:19:25 AM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
7/2/2012 4:50:37 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:JS/Obfuscator.BS&threatid=2147647414 Name: VirTool:JS/Obfuscator.BS ID: 2147647414 Severity: Severe Category: Tool Path: containerfile:_F:\easy tec bu\MyBackup 1\C\Documents and Settings\Kerry\Local Settings\Application Data\Mozilla\Firefox\Profiles\7r4ftf03.default\Cache\193F1746d01;file:_F:\easy tec bu\MyBackup 1\C\Documents and Settings\Kerry\Local Settings\Application Data\Mozilla\Firefox\Profiles\7r4ftf03.default\Cache\193F1746d01->(SCRIPT0000) Detection Origin: Local machine Detection Type: Heuristics Detection Source: User User: ACER-AD993BA82B\Kerry Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x80070052 Error description: The directory or file cannot be created. Signature Version: AV: 1.129.857.0, AS: 1.129.857.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8502.0, NIS: 0.0.0.0
7/2/2012 10:56:21 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:JS/Obfuscator.BS&threatid=2147647414 Name: VirTool:JS/Obfuscator.BS ID: 2147647414 Severity: Severe Category: Tool Path: containerfile:_F:\easy tec bu\MyBackup 1\C\Documents and Settings\Kerry\Local Settings\Application Data\Mozilla\Firefox\Profiles\7r4ftf03.default\Cache\193F1746d01;file:_F:\easy tec bu\MyBackup 1\C\Documents and Settings\Kerry\Local Settings\Application Data\Mozilla\Firefox\Profiles\7r4ftf03.default\Cache\193F1746d01->(SCRIPT0000) Detection Origin: Local machine Detection Type: Heuristics Detection Source: User User: ACER-AD993BA82B\Kerry Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x80070052 Error description: The directory or file cannot be created. Signature Version: AV: 1.129.881.0, AS: 1.129.881.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8502.0, NIS: 0.0.0.0
.
==== End Of File ===========================
Thank you again for your help, Jel
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 31 Oct 2014
Posts: 4685
Location: Land Of The Leprechauns

PostPosted: Sun Jul 08, 2012 8:08 am    Post subject: Reply with quote

Hi and welcome to Spyware Warrior Forum
Quick question, is this computer used for business purposes? i need to know so i can give you appropriate instructions.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Jel
Junior Member


Joined: 07 Jul 2012
Last Visit: 24 Jul 2012
Posts: 23

PostPosted: Sun Jul 08, 2012 5:40 pm    Post subject: Response to your Question Reply with quote

Cypher, I have business pc's on the same network, however, this one is my personal use pc. thank you in advance for your assistance, Jel
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 31 Oct 2014
Posts: 4685
Location: Land Of The Leprechauns

PostPosted: Mon Jul 09, 2012 1:10 am    Post subject: Reply with quote

Hi Jel,
Quote:
thank you in advance for your assistance,

You're welcome, my name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Note: If you haven't done so already, please read this topic Things to know before you post where the conditions for receiving help here are explained.
Quote:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Please download Malwarebytes' Anti-Malware and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

Please download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.


Logs/Information to Post in your Next Reply
  • Malwarebytes log.
  • OTL.txt and Extra.txt contents.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Jel
Junior Member


Joined: 07 Jul 2012
Last Visit: 24 Jul 2012
Posts: 23

PostPosted: Mon Jul 09, 2012 10:30 pm    Post subject: completed MW-Bytes run and OTL Run Reply with quote

Note: i was unable to download MWbytes or OTL directly to my pc that is having problems, had to
download on another PC in my network and save across the network to the C: of the pc that is not working.
both times the download started, progressed over half way and then stalled.

I was able to download update,
and run malware-bytes, however after it was done (no problems found)
there was no "show results" button per your instructions:
When the scan is complete, click OK, then Show Results to view the results.
Check all items except items in the C:\System Volume Information folder... and click Remove Selected.

But here is the log:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.10.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kerry :: ACER-AD993BA82B [administrator]

Protection: Enabled

7/9/2012 10:53:29 PM
mbam-log-2012-07-09 (22-53-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219052
Time elapsed: 6 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Here is OTL.txt :
OTL logfile created on: 7/9/2012 11:20:34 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Kerry\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 67.20% Memory free
5.09 Gb Paging File | 4.19 Gb Available in Paging File | 82.33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.36 Gb Total Space | 38.08 Gb Free Space | 53.37% Space Free | Partition Type: NTFS
Drive D: | 71.82 Gb Total Space | 71.81 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: ACER-AD993BA82B | User Name: Kerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/09 23:18:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kerry\My Documents\OTL.exe
PRC - [2012/06/17 19:59:30 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/12/12 15:07:00 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/08/03 09:22:58 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/08/31 17:32:08 | 000,054,800 | ---- | M] (OSA Technologies Inc., An Avocent Company) -- C:\Acer\LANScope Agent\lockkm.exe
PRC - [2007/05/22 10:59:58 | 001,459,992 | ---- | M] (OSA Technologies Inc., An Avocent Company) -- C:\Acer\LANScope Agent\awtray.exe
PRC - [2007/04/26 09:51:50 | 000,075,032 | ---- | M] (OSA Technologies Inc., An Avocent Company) -- C:\Acer\LANScope Agent\awServ.exe
PRC - [2006/09/14 12:06:48 | 000,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2006/06/28 17:01:32 | 000,520,192 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe
PRC - [2001/08/17 23:36:38 | 000,032,256 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\BrmfRsmg.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/07 12:34:59 | 009,459,912 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012/06/17 19:59:29 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/13 03:17:17 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/13 03:14:08 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/06/13 03:14:07 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/13 03:14:07 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/06/13 03:14:02 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/06/13 03:14:02 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/13 03:14:01 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/06/13 03:14:01 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2012/06/13 03:14:00 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/06/13 03:13:58 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2012/06/13 03:13:54 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/05/11 03:11:19 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 03:11:09 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/01/18 17:31:08 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2012/01/18 17:31:07 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2012/01/18 17:31:07 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2012/01/18 17:31:06 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2012/01/18 17:31:04 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2012/01/18 17:31:04 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2012/01/18 17:31:04 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2012/01/18 17:31:04 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2012/01/18 17:31:04 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2012/01/18 17:31:03 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2012/01/18 17:31:03 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2012/01/18 17:31:03 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2012/01/18 17:31:02 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2012/01/12 04:06:03 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_bba6ad12\mscorlib.dll
MOD - [2012/01/12 04:05:47 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_f60469e9\system.dll
MOD - [2012/01/12 04:05:40 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/11/03 08:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2007/07/20 23:13:28 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2007/07/20 23:13:28 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2006/07/31 17:09:46 | 006,394,880 | ---- | M] () -- C:\WINDOWS\system32\TMSD7.bpl
MOD - [2006/06/28 17:01:32 | 000,520,192 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe
MOD - [2006/01/02 13:54:48 | 000,028,672 | ---- | M] () -- C:\Acer\LANScope Agent\NetLimiter.dll
MOD - [2005/09/08 17:18:30 | 000,950,272 | ---- | M] () -- C:\WINDOWS\system32\SUIPackD7.bpl
MOD - [2005/07/05 11:12:42 | 001,013,248 | ---- | M] () -- C:\WINDOWS\system32\indy70.bpl
MOD - [2001/11/29 02:02:00 | 000,040,844 | ---- | M] () -- C:\WINDOWS\system32\bfp_mon.dll
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)
SRV - [2012/07/07 12:35:01 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/17 19:59:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/12/12 15:07:00 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/08/03 09:22:58 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/04/26 09:51:50 | 000,075,032 | ---- | M] (OSA Technologies Inc., An Avocent Company) [Auto | Running] -- C:\Acer\LANScope Agent\awServ.exe -- (AWService)
SRV - [2006/09/14 12:06:48 | 000,028,672 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006/06/28 17:01:32 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eLock\LockServ.exe -- (LockServ)
SRV - [2005/02/15 09:02:00 | 000,081,920 | ---- | M] (TODO: <公司名稱>) [On_Demand | Stopped] -- C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe -- (Acer ODDSpeedControl)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ssm_mdm.sys -- (ssm_mdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ssm_mdfl.sys -- (ssm_mdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/12/20 22:55:02 | 000,104,448 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2009/08/03 09:22:58 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/04/22 14:28:08 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2009/04/22 14:28:06 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2008/04/13 11:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007/12/06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/08/27 10:14:20 | 000,026,768 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2007/07/18 12:26:04 | 004,547,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/14 14:58:56 | 002,301,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/06/12 19:29:38 | 000,015,640 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2007/05/30 15:30:02 | 000,014,616 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NetLock.sys -- (netlock)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/03/30 14:44:20 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007/03/30 14:44:20 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
DRV - [2007/03/30 14:44:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2006/11/08 21:13:06 | 000,010,944 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2006/10/03 11:03:14 | 000,018,072 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NetLimiter.sys -- (netlimiter)
DRV - [2006/06/08 17:54:24 | 000,017,664 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)
DRV - [2006/06/06 18:36:30 | 000,090,112 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)
DRV - [2005/05/31 15:40:20 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005/05/31 09:42:28 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/04/30 14:50:20 | 000,011,860 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005/04/30 14:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005/04/30 14:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005/03/25 17:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004/10/19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2003/12/15 18:22:00 | 000,038,448 | ---- | M] (OLYMPUS OPTICAL CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)
DRV - [2001/08/17 14:12:24 | 000,003,168 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrParImg.sys -- (brparimg)
DRV - [2001/08/17 14:12:18 | 000,039,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrParwdm.sys -- (BrParWdm)
DRV - [2001/08/17 14:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..\SearchScopes,DefaultScope = {CCA10DC7-4E01-4509-8998-E76210E1F504}
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = http://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..\SearchScopes\{5EBFBAFC-FD10-4A70-8BFC-57A332550B45}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000TEUS&apn_uid=22BB8E53-DC77-49DE-93ED-6F07A0F853F9&apn_sauid=10A2B49A-292A-4761-B528-6EE651D231C5&
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..\SearchScopes\{724F6D2B-76C6-4C4B-95C3-5E74B3314C9D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=OSDSRC
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..\SearchScopes\{7FEC4549-C6C2-4D9C-AF4C-BE06407C0D5A}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..\SearchScopes\{CCA10DC7-4E01-4509-8998-E76210E1F504}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.bing.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/02/11 16:44:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 19:59:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/04 22:34:58 | 000,000,000 | ---D | M]

[2009/05/28 15:15:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kerry\Application Data\Mozilla\Extensions
[2012/05/22 16:42:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kerry\Application Data\Mozilla\Firefox\Profiles\lzbf8ttx.default\extensions
[2010/05/26 13:52:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kerry\Application Data\Mozilla\Firefox\Profiles\lzbf8ttx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/15 12:53:44 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Kerry\Application Data\Mozilla\Firefox\Profiles\lzbf8ttx.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012/05/22 16:42:49 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Kerry\Application Data\Mozilla\Firefox\Profiles\lzbf8ttx.default\extensions\LogMeInClient@logmein.com
[2012/02/10 11:10:05 | 000,001,928 | ---- | M] () -- C:\Documents and Settings\Kerry\Application Data\Mozilla\Firefox\Profiles\lzbf8ttx.default\searchplugins\bing-.xml
[2012/07/07 12:38:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/07 12:38:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/03/27 14:08:05 | 000,138,614 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\KERRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LZBF8TTX.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012/07/07 12:38:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/06/17 19:59:31 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/08 21:34:30 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 12:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 12:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/02/11 23:03:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/11 23:03:06 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/03 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [AdminWorks Tray] C:\Acer\LANScope Agent\awtray.exe (OSA Technologies Inc., An Avocent Company)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008..\Run: [fsm] File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office XP\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office XP\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office 2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: accr.biz ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: amazon.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: aoi.org ([mail] http in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: aoi.org ([mail] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: bizjournals.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: ebay.com ([signin] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: emailroi.com ([emailer] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: entirelypets.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: eroi.com ([toolbox] http in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: eroi.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: eroi.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: facebook.com ([login] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: gotomypc.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: gotomypc.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: linkedin.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: live.com ([login] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: livingwater.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: myfax.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: myfax.com ([secure] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: onlinebootstore.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: onpointcuonline.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: presentment.com ([digitalinsight] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: t-mobile.com ([my] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: uplacevet.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: yahoo.net ([us-dc2-order.store] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341641108109 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.130.255.3 209.63.0.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C34F1CA5-3C00-449D-B9B1-47978CD93FC0}: DhcpNameServer = 204.130.255.3 209.63.0.6
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Kerry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kerry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/20 22:49:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/09 23:18:13 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kerry\My Documents\OTL.exe
[2012/07/09 22:47:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kerry\Application Data\Malwarebytes
[2012/07/09 22:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/09 22:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/07/09 22:46:46 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/09 22:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/09 22:43:44 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kerry\My Documents\mbam-setup-1.61.0.1400.exe
[2012/07/07 12:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/07 12:38:21 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/07/07 12:38:21 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/07/07 12:38:21 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/07/07 12:38:21 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/07/07 12:37:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/07/07 01:36:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kerry\Start Menu\Programs\Administrative Tools
[2012/07/06 23:03:13 | 000,171,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jit.dll
[2012/07/06 23:03:13 | 000,139,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javaee.dll
[2012/07/06 23:03:13 | 000,046,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\setdebug.exe
[2012/07/06 23:03:12 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dx3j.dll
[2012/07/06 23:03:07 | 000,286,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vmhelper.dll
[2012/07/06 23:03:07 | 000,171,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wjview.exe
[2012/07/06 23:03:07 | 000,021,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjdbc10.dll
[2012/07/06 23:03:06 | 000,172,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jview.exe
[2012/07/06 23:03:06 | 000,154,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msawt.dll
[2012/07/06 23:03:06 | 000,015,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jdbgmgr.exe
[2012/07/06 23:03:05 | 000,404,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javart.dll
[2012/07/06 23:03:05 | 000,187,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javacypt.dll
[2012/07/06 23:03:05 | 000,063,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javaprxy.dll
[2012/07/06 23:03:04 | 000,049,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clspack.exe
[2012/07/06 22:51:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2012/06/19 13:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kerry\My Documents\CMTA Billing
[2012/06/12 21:38:02 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/05/18 13:03:20 | 091,823,688 | ---- | C] (Samsung Electronics Co., Ltd. ) -- C:\Program Files\Kies_2.3.1.12044_18.exe
[2011/12/02 11:53:31 | 004,734,424 | ---- | C] (PC Tools) -- C:\Program Files\rminstall.exe
[2010/04/19 15:41:08 | 038,808,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MS FileFormatConverters.exe
[2010/04/19 15:37:54 | 001,761,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MS older Office converter OCONVPCK.EXE
[2009/05/28 14:48:42 | 007,526,856 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.0.10.exe
[2008/08/22 11:40:23 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Kerry\gotomypc_437.exe
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/09 23:25:02 | 000,000,516 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2012/07/09 23:18:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kerry\My Documents\OTL.exe
[2012/07/09 23:13:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/09 22:46:55 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/09 22:43:50 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kerry\My Documents\mbam-setup-1.61.0.1400.exe
[2012/07/09 12:54:33 | 000,002,643 | ---- | M] () -- C:\Documents and Settings\Kerry\Desktop\Microsoft Office Document Scanning.lnk
[2012/07/08 21:22:11 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/08 21:12:37 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2732453282-3087202739-1963643056-1008.job
[2012/07/08 21:12:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/08 21:12:35 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2732453282-3087202739-1963643056-1011.job
[2012/07/08 21:12:35 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2732453282-3087202739-1963643056-1010.job
[2012/07/08 21:12:23 | 000,000,386 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2012/07/08 21:12:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/08 21:11:59 | 3489,124,352 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/07 12:38:00 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/07/07 12:37:59 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/07/07 12:37:59 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/07/07 12:37:59 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/07/07 12:37:59 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/07/07 12:37:59 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/07/07 12:36:29 | 000,584,554 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/07 12:36:29 | 000,118,658 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/07 12:35:01 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/07/07 12:35:00 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/06/26 21:18:44 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Kerry\Desktop\Microsoft Word.lnk
[2012/06/13 03:30:32 | 000,368,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/13 03:14:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/09 22:46:55 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/07 12:34:41 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/06 23:03:13 | 000,007,315 | ---- | C] () -- C:\WINDOWS\System32\javasup.vxd
[2012/07/06 23:03:13 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2012/07/06 23:03:08 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedon.reg
[2012/07/06 23:03:07 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedoff.reg
[2012/07/06 21:47:41 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2732453282-3087202739-1963643056-1011.job
[2012/07/06 21:23:53 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2732453282-3087202739-1963643056-1010.job
[2012/06/05 03:16:40 | 000,500,400 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2732453282-3087202739-1963643056-1008-0.dat
[2012/06/05 03:16:38 | 000,367,174 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/05/18 13:37:56 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2012/05/18 13:37:56 | 000,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2012/05/11 03:28:46 | 007,408,160 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/02/20 23:29:22 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Internet Services
[2012/02/20 23:29:22 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Kerry\Application Data\InkjetPrinter
[2012/02/20 23:29:22 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2012/02/20 23:29:22 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Jingles
[2012/02/14 23:15:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/09 00:25:29 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2012/01/04 07:37:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kerry\Cache.db
[2011/05/16 14:31:44 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2011/03/02 07:57:40 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/03/02 07:57:40 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/03/02 07:57:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/03/02 07:57:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010/05/14 12:50:15 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Kerry\Application Data\$_hpcst$.hpc
[2009/02/13 23:53:22 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Kerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/03 14:14:48 | 000,002,415 | ---- | C] () -- C:\Documents and Settings\Kerry\config.xml
[2008/11/03 14:14:30 | 000,185,094 | ---- | C] () -- C:\Program Files\OWANotify20060513.zip
[2008/10/18 22:57:45 | 000,027,244 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuInstall.LiveUpdate
[2008/07/27 01:27:11 | 000,014,290 | ---- | C] () -- C:\Program Files\settings.dat
[2008/07/25 10:19:12 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Kerry\Local Settings\Application Data\fusioncache.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

and here is
Extras.txt :
OTL Extras logfile created on: 7/9/2012 11:20:34 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Kerry\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 67.20% Memory free
5.09 Gb Paging File | 4.19 Gb Available in Paging File | 82.33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.36 Gb Total Space | 38.08 Gb Free Space | 53.37% Space Free | Partition Type: NTFS
Drive D: | 71.82 Gb Total Space | 71.81 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: ACER-AD993BA82B | User Name: Kerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office XP\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office XP\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 4

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9999:UDP" = 9999:UDP:*:Enabled:LANScope UDP Port
"2804:TCP" = 2804:TCP:*:Enabled:LANScope TCP Port
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Documents and Settings\Kerry\Local Settings\Temp\7zS28.tmp\SymNRT.exe" = C:\Documents and Settings\Kerry\Local Settings\Temp\7zS28.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{163D5967-BA25-4D4F-9EC6-8410888C117F}" = Acer LANScope Agent
"{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{38C65D12-79E3-49C0-B211-DE3BE0A7AB39}" = commercial
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7057702F-6D71-4F30-8000-9E72BC771887}" = Acer ePerformance Management
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{900CAA2A-65CF-44F0-BF32-F1D26C7EC297}" = Brother Network Printer Driver Wizard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90E00409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = BlueSoleil
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7EC4EE3-ED7D-4DCD-86DC-29ACF0B122E9}" = Acer eAcoustics Management
"{C9BB218C-2D4B-4FF4-97E2-2C7E3D1B2679}" = Acer eProtection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"
Back to top
View user's profile Send private message
Jel
Junior Member


Joined: 07 Jul 2012
Last Visit: 24 Jul 2012
Posts: 23

PostPosted: Mon Jul 09, 2012 10:59 pm    Post subject: earlier post continued...it wouldn't let me edit first post Reply with quote

"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Able2Extract v6.0" = Able2Extract v6.0
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Display Driver" = ATI Display Driver
"Brother Internet Fax Driver" = Brother Internet Fax Driver
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"EASEUS Partition Master Professional Edition_is1" = EASEUS Partition Master 4.0 Professional
"HijackThis" = HijackThis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{163D5967-BA25-4D4F-9EC6-8410888C117F}" = Acer LANScope Agent
"InstallShield_{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management 2.0.4093
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Internet Fax" = Brother Internet Fax 2.02
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MS Access 97 Runtime Edition" = MS Access 97 Runtime Edition
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OcaHistoryUpd" = OCA Client history tool install
"RealPlayer 12.0" = RealPlayer
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"Software Informer_is1" = Software Informer 1.0 BETA
"TurboTax 2010" = TurboTax 2010
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/7/2012 2:32:48 AM | Computer Name = ACER-AD993BA82B | Source = Microsoft Office 11 | ID = 1000
Description =

Error - 7/7/2012 2:32:55 AM | Computer Name = ACER-AD993BA82B | Source = Microsoft Office 11 | ID = 1000
Description =

Error - 7/7/2012 2:33:07 AM | Computer Name = ACER-AD993BA82B | Source = Microsoft Office 11 | ID = 1000
Description =

Error - 7/7/2012 3:07:06 PM | Computer Name = ACER-AD993BA82B | Source = Windows Search Service | ID = 3038
Description = The gatherer is unable to read the registry DocIdMapFile. Context:
Application, SystemIndex Catalog Details: The system cannot find the file specified.
(0x80070002)

Error - 7/7/2012 3:07:28 PM | Computer Name = ACER-AD993BA82B | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The registry value cannot be read because the configuration
is invalid. Recreate the content index configuration by removing the content index.
(0x80040d03)

Error - 7/7/2012 3:07:28 PM | Computer Name = ACER-AD993BA82B | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
registry value cannot be read because the configuration is invalid. Recreate the
content index configuration by removing the content index. (0x80040d03)

Error - 7/7/2012 3:33:39 PM | Computer Name = ACER-AD993BA82B | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/7/2012 3:33:39 PM | Computer Name = ACER-AD993BA82B | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/9/2012 5:13:02 AM | Computer Name = ACER-AD993BA82B | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262,
faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.

Error - 7/9/2012 2:07:02 PM | Computer Name = ACER-AD993BA82B | Source = Application Error | ID = 1001
Description = Fault bucket -1264370443.

[ System Events ]
Error - 7/9/2012 12:13:44 AM | Computer Name = ACER-AD993BA82B | Source = Service Control Manager | ID = 7000
Description = The BrSplService service failed to start due to the following error:
%%2

Error - 7/9/2012 3:58:08 PM | Computer Name = ACER-AD993BA82B | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 7/9/2012 3:58:05 PM | Computer Name = ACER-AD993BA82B | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 7/9/2012 3:58:02 PM | Computer Name = ACER-AD993BA82B | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 7/9/2012 3:58:00 PM | Computer Name = ACER-AD993BA82B | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 7/9/2012 3:57:55 PM | Computer Name = ACER-AD993BA82B | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 7/9/2012 3:57:31 PM | Computer Name = ACER-AD993BA82B | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 7/9/2012 9:52:20 PM | Computer Name = ACER-AD993BA82B | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 7/9/2012 9:52:16 PM | Computer Name = ACER-AD993BA82B | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 7/9/2012 9:52:07 PM | Computer Name = ACER-AD993BA82B | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.


< End of report >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Thank you again for your help:) Jel
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 31 Oct 2014
Posts: 4685
Location: Land Of The Leprechauns

PostPosted: Tue Jul 10, 2012 7:01 am    Post subject: Reply with quote

Hi Jel,
Quote:
Note: i was unable to download MWbytes or OTL directly to my pc that is having problems, had to
download on another PC in my network and save across the network to the C: of the pc that is not working.

That's fine, you could also use a flash drive to transfer the tools to the problem computer.
Most of the tools we use need to be saved to your desktop so they function properly, if you have trouble saving them to your desktop please let me know.
Quote:
C:\Documents and Settings\Kerry\My Documents\OTL.exe

OTL.exe is saved to your My Documents folder, please move it so it's directly on your desktop.
There is nothing in the logs so far that would explain the problems you are having.
We will need to dig a little deeper.
Quote:
Coupon Printer for Windows

If you don't use this remove it via Add/remove programs.

Next.

We need to run an OTL Fix
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the textbox. Do not include the word Code
    Code:

    :processes
    killallprocesses

    :otl
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..\SearchScopes,DefaultScope = {CCA10DC7-4E01-4509-8998-E76210E1F504}
    IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..\SearchScopes\{5EBFBAFC-FD10-4A70-8BFC-57A332550B45}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000TEUS&apn_uid=22BB8E53-DC77-49DE-93ED-6F07A0F853F9&apn_sauid=10A2B49A-292A-4761-B528-6EE651D231C5&
    FF - prefs.js..extensions.enabledItems: 6
    FF - prefs.js..extensions.enabledItems: 2
    FF - prefs.js..extensions.enabledItems: 44
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O4 - HKLM..\Run: [NPSStartup] File not found
    O4 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008..\Run: [fsm] File not found
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: accr.biz ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: amazon.com ([www] http in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: aoi.org ([mail] http in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: aoi.org ([mail] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: bizjournals.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: ebay.com ([signin] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: emailroi.com ([emailer] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: entirelypets.com ([www] http in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: eroi.com ([toolbox] http in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: eroi.com ([www] http in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: eroi.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: facebook.com ([login] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: gotomypc.com ([www] * in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: gotomypc.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: linkedin.com ([www] http in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: live.com ([login] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: livingwater.com ([www] http in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: myfax.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: myfax.com ([secure] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: onlinebootstore.com ([www] http in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: onpointcuonline.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: presentment.com ([digitalinsight] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: t-mobile.com ([my] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: uplacevet.com ([www] http in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: yahoo.net ([us-dc2-order.store] http in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2012/07/08 21:12:23 | 000,000,386 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
    [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    @Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

    :files
    ipconfig /flushdns /c

    :commands
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top.
  • Click .
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

Please download TDSSKiller.exe and save it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


Logs/Information to Post in your Next Reply
  • OTL Fix log.
  • TDSSKiller log.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Jel
Junior Member


Joined: 07 Jul 2012
Last Visit: 24 Jul 2012
Posts: 23

PostPosted: Tue Jul 10, 2012 11:20 am    Post subject: deleted coupon printer thru Control panal Reply with quote

And Ran fxi per your instructions:
We need to run an OTL Fix

Double-click OTL.exe to start the program.

Copy and Paste the following code into the textbox. Do not include the word Code

it started and then has been hung up for 20 min or so...with the bottom progress note of killing processes....do not interupt...at teh top of window bar it says OTL by Old Timer version (not responding)

i'll wait to her from you before i do anything else.

PS: it has been hung up over an hour now...doing nothing

went ahead and rebooted, and tried OTL Run fix again and it just stalled again.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 31 Oct 2014
Posts: 4685
Location: Land Of The Leprechauns

PostPosted: Wed Jul 11, 2012 1:19 am    Post subject: Reply with quote

Hi Jel,
Sorry you had problems running OTL, this happens sometimes.
Please run another scan for me and post the resulting log.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, one Notepad files will open.
    • OTL.txt <-- Will be opened
  • Please post the contents of this Notepad files in your next reply.

Also go ahead and run TDSSKiller and post that log please.
You might have to split the logs up into separate posts to fit them in.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Jel
Junior Member


Joined: 07 Jul 2012
Last Visit: 24 Jul 2012
Posts: 23

PostPosted: Wed Jul 11, 2012 10:38 am    Post subject: follow up Reply with quote

thank you again for your assistance, Cypher:)

TDSSKILLER LOG:
11:30:20.0609 3960 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
11:30:21.0468 3960 ============================================================
11:30:21.0468 3960 Current date / time: 2012/07/11 11:30:21.0468
11:30:21.0468 3960 SystemInfo:
11:30:21.0468 3960
11:30:21.0468 3960 OS Version: 5.1.2600 ServicePack: 3.0
11:30:21.0468 3960 Product type: Workstation
11:30:21.0468 3960 ComputerName: ACER-AD993BA82B
11:30:21.0468 3960 UserName: Kerry
11:30:21.0468 3960 Windows directory: C:\WINDOWS
11:30:21.0468 3960 System windows directory: C:\WINDOWS
11:30:21.0468 3960 Processor architecture: Intel x86
11:30:21.0468 3960 Number of processors: 2
11:30:21.0468 3960 Page size: 0x1000
11:30:21.0468 3960 Boot type: Normal boot
11:30:21.0468 3960 ============================================================
11:30:22.0828 3960 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:30:22.0828 3960 Drive \Device\Harddisk1\DR4 - Size: 0xF2000000 (3.78 Gb), SectorSize: 0x200, Cylinders: 0x1ED, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:30:22.0828 3960 ============================================================
11:30:22.0828 3960 \Device\Harddisk0\DR0:
11:30:22.0828 3960 MBR partitions:
11:30:22.0828 3960 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xBB47FC, BlocksNum 0x8EB68A3
11:30:22.0828 3960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x9A6B09F, BlocksNum 0x8FADA22
11:30:22.0828 3960 \Device\Harddisk1\DR4:
11:30:22.0843 3960 MBR partitions:
11:30:22.0843 3960 \Device\Harddisk1\DR4\Partition0: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x78FFE0
11:30:22.0843 3960 ============================================================
11:30:22.0875 3960 C: <-> \Device\Harddisk0\DR0\Partition0
11:30:22.0875 3960 D: <-> \Device\Harddisk0\DR0\Partition1
11:30:22.0875 3960 ============================================================
11:30:22.0875 3960 Initialize success
11:30:22.0875 3960 ============================================================
11:31:13.0578 2608 ============================================================
11:31:13.0578 2608 Scan started
11:31:13.0578 2608 Mode: Manual;
11:31:13.0578 2608 ============================================================
11:31:13.0921 2608 Abiosdsk - ok
11:31:13.0921 2608 abp480n5 - ok
11:31:13.0984 2608 Acer ODDSpeedControl (b8c591c0320114e79178a8f861892bb1) C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe
11:31:13.0984 2608 Acer ODDSpeedControl - ok
11:31:14.0015 2608 AcerMemUsageCheckService (f84d9e48327cb401799f913379f6e9aa) C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
11:31:14.0031 2608 AcerMemUsageCheckService - ok
11:31:14.0078 2608 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:31:14.0078 2608 ACPI - ok
11:31:14.0093 2608 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:31:14.0093 2608 ACPIEC - ok
11:31:14.0171 2608 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:31:14.0171 2608 AdobeFlashPlayerUpdateSvc - ok
11:31:14.0171 2608 adpu160m - ok
11:31:14.0203 2608 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:31:14.0203 2608 aec - ok
11:31:14.0234 2608 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:31:14.0234 2608 AFD - ok
11:31:14.0234 2608 Aha154x - ok
11:31:14.0250 2608 aic78u2 - ok
11:31:14.0250 2608 aic78xx - ok
11:31:14.0281 2608 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
11:31:14.0281 2608 Alerter - ok
11:31:14.0296 2608 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
11:31:14.0296 2608 ALG - ok
11:31:14.0296 2608 AliIde - ok
11:31:14.0343 2608 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
11:31:14.0343 2608 AmdPPM - ok
11:31:14.0343 2608 amsint - ok
11:31:14.0375 2608 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
11:31:14.0375 2608 AppMgmt - ok
11:31:14.0390 2608 asc - ok
11:31:14.0390 2608 asc3350p - ok
11:31:14.0390 2608 asc3550 - ok
11:31:14.0468 2608 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:31:14.0468 2608 aspnet_state - ok
11:31:14.0500 2608 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:31:14.0500 2608 AsyncMac - ok
11:31:14.0515 2608 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:31:14.0515 2608 atapi - ok
11:31:14.0531 2608 Atdisk - ok
11:31:14.0578 2608 Ati HotKey Poller (1ce690d5c4baf51b6cfb3ec9cb1a74f5) C:\WINDOWS\system32\Ati2evxx.exe
11:31:14.0578 2608 Ati HotKey Poller - ok
11:31:14.0671 2608 ati2mtag (cd5c874245435c9ce7e347e28cf3c6b5) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:31:14.0687 2608 ati2mtag - ok
11:31:14.0828 2608 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:31:14.0828 2608 Atmarpc - ok
11:31:14.0875 2608 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
11:31:14.0875 2608 AudioSrv - ok
11:31:14.0906 2608 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:31:14.0906 2608 audstub - ok
11:31:14.0984 2608 AWService (1134512c54aaf46e3c529ec30e8cb036) C:\Acer\LANScope Agent\awServ.exe
11:31:14.0984 2608 AWService - ok
11:31:15.0093 2608 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
11:31:15.0093 2608 BBSvc - ok
11:31:15.0156 2608 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
11:31:15.0156 2608 BcmSqlStartupSvc - ok
11:31:15.0187 2608 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:31:15.0187 2608 Beep - ok
11:31:15.0234 2608 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
11:31:15.0234 2608 BITS - ok
11:31:15.0265 2608 BlueletAudio (04e84c8049ee93614a2ff6d676d1e247) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
11:31:15.0265 2608 BlueletAudio - ok
11:31:15.0281 2608 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
11:31:15.0281 2608 brfilt - ok
11:31:15.0296 2608 Brother XP spl Service - ok
11:31:15.0328 2608 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
11:31:15.0328 2608 Browser - ok
11:31:15.0343 2608 brparimg (e05d9eda91c1b2c4c4f6f5a6d5b14b58) C:\WINDOWS\system32\DRIVERS\BrParImg.sys
11:31:15.0343 2608 brparimg - ok
11:31:15.0375 2608 BrParWdm (108d5c678411ac5b53d51756177d50a4) C:\WINDOWS\system32\Drivers\BrParwdm.sys
11:31:15.0375 2608 BrParWdm - ok
11:31:15.0390 2608 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
11:31:15.0390 2608 BrSerWDM - ok
11:31:15.0406 2608 BT (d1813668a0117ae05bc0b81c874f91d4) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
11:31:15.0406 2608 BT - ok
11:31:15.0421 2608 Btcsrusb (7304acc25455746912de37d7ded387ed) C:\WINDOWS\system32\Drivers\btcusb.sys
11:31:15.0421 2608 Btcsrusb - ok
11:31:15.0421 2608 BTHidEnum (161969d2dd1d39cd2f1edbc60c61fa99) C:\WINDOWS\system32\DRIVERS\vbtenum.sys
11:31:15.0437 2608 BTHidEnum - ok
11:31:15.0453 2608 BTHidMgr (a9164c2a39bd917b9f42ae087560ac3d) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
11:31:15.0453 2608 BTHidMgr - ok
11:31:15.0468 2608 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:31:15.0468 2608 cbidf2k - ok
11:31:15.0484 2608 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:31:15.0484 2608 CCDECODE - ok
11:31:15.0484 2608 cd20xrnt - ok
11:31:15.0500 2608 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:31:15.0500 2608 Cdaudio - ok
11:31:15.0531 2608 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:31:15.0531 2608 Cdfs - ok
11:31:15.0546 2608 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:31:15.0546 2608 Cdrom - ok
11:31:15.0546 2608 Changer - ok
11:31:15.0578 2608 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
11:31:15.0578 2608 CiSvc - ok
11:31:15.0609 2608 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
11:31:15.0609 2608 ClipSrv - ok
11:31:15.0703 2608 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:31:15.0703 2608 clr_optimization_v2.0.50727_32 - ok
11:31:15.0750 2608 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:31:15.0750 2608 clr_optimization_v4.0.30319_32 - ok
11:31:15.0765 2608 CmdIde - ok
11:31:15.0765 2608 COMSysApp - ok
11:31:15.0781 2608 Cpqarray - ok
11:31:15.0828 2608 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
11:31:15.0828 2608 CryptSvc - ok
11:31:15.0828 2608 dac2w2k - ok
11:31:15.0828 2608 dac960nt - ok
11:31:15.0875 2608 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:31:15.0875 2608 DcomLaunch - ok
11:31:15.0890 2608 dgderdrv - ok
11:31:15.0921 2608 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
11:31:15.0921 2608 Dhcp - ok
11:31:15.0937 2608 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:31:15.0937 2608 Disk - ok
11:31:15.0937 2608 dmadmin - ok
11:31:16.0000 2608 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:31:16.0000 2608 dmboot - ok
11:31:16.0015 2608 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:31:16.0015 2608 dmio - ok
11:31:16.0031 2608 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:31:16.0031 2608 dmload - ok
11:31:16.0046 2608 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
11:31:16.0046 2608 dmserver - ok
11:31:16.0093 2608 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:31:16.0093 2608 DMusic - ok
11:31:16.0125 2608 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
11:31:16.0125 2608 Dnscache - ok
11:31:16.0156 2608 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
11:31:16.0156 2608 Dot3svc - ok
11:31:16.0156 2608 dpti2o - ok
11:31:16.0187 2608 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:31:16.0187 2608 drmkaud - ok
11:31:16.0203 2608 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
11:31:16.0203 2608 EapHost - ok
11:31:16.0234 2608 eLock2BurnerLockDriver (70f3d2751ba8877ee06becfc59bd77f1) C:\WINDOWS\system32\eLock2BurnerLockDriver.sys
11:31:16.0234 2608 eLock2BurnerLockDriver - ok
11:31:16.0234 2608 eLock2FSCTLDriver (8a24dcb29abc693f1d3085a69239e84b) C:\WINDOWS\system32\eLock2FSCTLDriver.sys
11:31:16.0250 2608 eLock2FSCTLDriver - ok
11:31:16.0281 2608 epmntdrv (57cc1bf06c159dfbb989f5783c0e6a50) C:\WINDOWS\system32\epmntdrv.sys
11:31:16.0281 2608 epmntdrv - ok
11:31:16.0312 2608 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
11:31:16.0312 2608 ERSvc - ok
11:31:16.0312 2608 EuGdiDrv (5f779f5edab787f2d090c71a9051f365) C:\WINDOWS\system32\EuGdiDrv.sys
11:31:16.0312 2608 EuGdiDrv - ok
11:31:16.0359 2608 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:31:16.0359 2608 Eventlog - ok
11:31:16.0406 2608 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
11:31:16.0406 2608 EventSystem - ok
11:31:16.0421 2608 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:31:16.0421 2608 Fastfat - ok
11:31:16.0453 2608 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:31:16.0453 2608 FastUserSwitchingCompatibility - ok
11:31:16.0515 2608 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
11:31:16.0515 2608 Fax - ok
11:31:16.0531 2608 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:31:16.0531 2608 Fdc - ok
11:31:16.0531 2608 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:31:16.0531 2608 Fips - ok
11:31:16.0546 2608 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:31:16.0546 2608 Flpydisk - ok
11:31:16.0578 2608 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:31:16.0578 2608 FltMgr - ok
11:31:16.0671 2608 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:31:16.0671 2608 FontCache3.0.0.0 - ok
11:31:16.0718 2608 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
11:31:16.0718 2608 FsUsbExDisk - ok
11:31:16.0734 2608 FsUsbExService (d3f9205cc4cb07553f2f9472c767ea87) C:\WINDOWS\system32\FsUsbExService.Exe
11:31:16.0734 2608 FsUsbExService - ok
11:31:16.0765 2608 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:31:16.0765 2608 Fs_Rec - ok
11:31:16.0765 2608 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:31:16.0765 2608 Ftdisk - ok
11:31:16.0812 2608 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:31:16.0812 2608 Gpc - ok
11:31:16.0859 2608 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:31:16.0859 2608 HDAudBus - ok
11:31:16.0906 2608 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:31:16.0921 2608 helpsvc - ok
11:31:16.0937 2608 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
11:31:16.0953 2608 HidServ - ok
11:31:16.0953 2608 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:31:16.0953 2608 hidusb - ok
11:31:17.0000 2608 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
11:31:17.0000 2608 hkmsvc - ok
11:31:17.0000 2608 hpn - ok
11:31:17.0046 2608 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:31:17.0046 2608 HTTP - ok
11:31:17.0062 2608 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
11:31:17.0062 2608 HTTPFilter - ok
11:31:17.0062 2608 i2omgmt - ok
11:31:17.0062 2608 i2omp - ok
11:31:17.0093 2608 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:31:17.0093 2608 i8042prt - ok
11:31:17.0171 2608 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
11:31:17.0171 2608 IDriverT - ok
11:31:17.0265 2608 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:31:17.0281 2608 idsvc - ok
11:31:17.0312 2608 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:31:17.0312 2608 Imapi - ok
11:31:17.0343 2608 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
11:31:17.0359 2608 ImapiService - ok
11:31:17.0359 2608 ini910u - ok
11:31:17.0406 2608 int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\WINDOWS\system32\drivers\int15.sys
11:31:17.0406 2608 int15 - ok
11:31:17.0593 2608 IntcAzAudAddService (c4006af18682fca0d8a011a0a21070f8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:31:17.0625 2608 IntcAzAudAddService - ok
11:31:17.0718 2608 IntelIde - ok
11:31:17.0812 2608 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
11:31:17.0812 2608 IntuitUpdateService - ok
11:31:17.0828 2608 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:31:17.0828 2608 Ip6Fw - ok
11:31:17.0843 2608 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:31:17.0843 2608 IpFilterDriver - ok
11:31:17.0875 2608 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:31:17.0875 2608 IpInIp - ok
11:31:17.0906 2608 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:31:17.0906 2608 IpNat - ok
11:31:17.0921 2608 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:31:17.0921 2608 IPSec - ok
11:31:17.0937 2608 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:31:17.0937 2608 IRENUM - ok
11:31:17.0968 2608 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:31:17.0968 2608 isapnp - ok
11:31:18.0062 2608 JavaQuickStarterService (de5d05fd449798ef88cc34ad4b1e7f85) C:\Program Files\Java\jre6\bin\jqs.exe
11:31:18.0062 2608 JavaQuickStarterService - ok
11:31:18.0078 2608 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:31:18.0078 2608 Kbdclass - ok
11:31:18.0078 2608 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:31:18.0093 2608 kbdhid - ok
11:31:18.0125 2608 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:31:18.0125 2608 kmixer - ok
11:31:18.0156 2608 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:31:18.0156 2608 KSecDD - ok
11:31:18.0171 2608 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
11:31:18.0187 2608 lanmanserver - ok
11:31:18.0218 2608 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
11:31:18.0218 2608 lanmanworkstation - ok
11:31:18.0234 2608 lbrtfdc - ok
11:31:18.0312 2608 LightScribeService (559c9b7800fac92fc515cd0003d7c631) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
11:31:18.0312 2608 LightScribeService - ok
11:31:18.0343 2608 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
11:31:18.0343 2608 LmHosts - ok
11:31:18.0359 2608 LockServ - ok
11:31:18.0390 2608 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
11:31:18.0390 2608 MBAMProtector - ok
11:31:18.0437 2608 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:31:18.0437 2608 MBAMService - ok
11:31:18.0515 2608 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
11:31:18.0515 2608 MDM - ok
11:31:18.0546 2608 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
11:31:18.0546 2608 Messenger - ok
11:31:18.0578 2608 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
11:31:18.0578 2608 mf - ok
11:31:18.0593 2608 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:31:18.0593 2608 mnmdd - ok
11:31:18.0625 2608 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
11:31:18.0625 2608 mnmsrvc - ok
11:31:18.0640 2608 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:31:18.0640 2608 Modem - ok
11:31:18.0640 2608 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:31:18.0640 2608 Mouclass - ok
11:31:18.0671 2608 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:31:18.0671 2608 mouhid - ok
11:31:18.0687 2608 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:31:18.0687 2608 MountMgr - ok
11:31:18.0734 2608 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:31:18.0734 2608 MozillaMaintenance - ok
11:31:18.0765 2608 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:31:18.0781 2608 MpFilter - ok
11:31:18.0906 2608 MpKsl13e10d98 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C508BC9A-2D7B-40B8-8D71-D48DADAE5E13}\MpKsl13e10d98.sys
11:31:18.0906 2608 MpKsl13e10d98 - ok
11:31:18.0921 2608 mraid35x - ok
11:31:18.0953 2608 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:31:18.0953 2608 MRxDAV - ok
11:31:19.0000 2608 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:31:19.0015 2608 MRxSmb - ok
11:31:19.0031 2608 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
11:31:19.0031 2608 MSDTC - ok
11:31:19.0062 2608 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:31:19.0062 2608 Msfs - ok
11:31:19.0062 2608 MSIServer - ok
11:31:19.0078 2608 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:31:19.0078 2608 MSKSSRV - ok
11:31:19.0125 2608 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
11:31:19.0125 2608 MsMpSvc - ok
11:31:19.0140 2608 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:31:19.0140 2608 MSPCLOCK - ok
11:31:19.0156 2608 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:31:19.0156 2608 MSPQM - ok
11:31:19.0187 2608 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:31:19.0187 2608 mssmbios - ok
11:31:19.0234 2608 MSSQL$MSSMLBIZ - ok
11:31:19.0281 2608 MSSQLServerADHelper (adaf062116b4e6d96e44d26486a87af6) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
11:31:19.0281 2608 MSSQLServerADHelper - ok
11:31:19.0312 2608 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:31:19.0312 2608 MSTEE - ok
11:31:19.0343 2608 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:31:19.0343 2608 Mup - ok
11:31:19.0375 2608 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:31:19.0375 2608 NABTSFEC - ok
11:31:19.0421 2608 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
11:31:19.0437 2608 napagent - ok
11:31:19.0453 2608 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:31:19.0453 2608 NDIS - ok
11:31:19.0468 2608 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:31:19.0468 2608 NdisIP - ok
11:31:19.0500 2608 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:31:19.0500 2608 NdisTapi - ok
11:31:19.0546 2608 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:31:19.0546 2608 Ndisuio - ok
11:31:19.0546 2608 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:31:19.0546 2608 NdisWan - ok
11:31:19.0578 2608 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:31:19.0593 2608 NDProxy - ok
11:31:19.0593 2608 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:31:19.0593 2608 NetBIOS - ok
11:31:19.0609 2608 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:31:19.0609 2608 NetBT - ok
11:31:19.0640 2608 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:31:19.0640 2608 NetDDE - ok
11:31:19.0640 2608 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:31:19.0640 2608 NetDDEdsdm - ok
11:31:19.0671 2608 netlimiter (d494f43bc88d43f5ae4223dca86fde0f) C:\WINDOWS\system32\drivers\netlimiter.sys
11:31:19.0671 2608 netlimiter - ok
11:31:19.0687 2608 netlock (edea4e28290ca075f79bff1eca7a61f4) C:\WINDOWS\system32\drivers\netlock.sys
11:31:19.0687 2608 netlock - ok
11:31:19.0718 2608 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:31:19.0718 2608 Netlogon - ok
11:31:19.0734 2608 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
11:31:19.0750 2608 Netman - ok
11:31:19.0828 2608 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:31:19.0828 2608 NetTcpPortSharing - ok
11:31:19.0875 2608 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
11:31:19.0875 2608 Nla - ok
11:31:19.0921 2608 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:31:19.0921 2608 Npfs - ok
11:31:19.0937 2608 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:31:19.0953 2608 Ntfs - ok
11:31:19.0984 2608 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
11:31:19.0984 2608 NTIDrvr - ok
11:31:20.0031 2608 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:31:20.0031 2608 NtLmSsp - ok
11:31:20.0062 2608 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
11:31:20.0062 2608 NtmsSvc - ok
11:31:20.0093 2608 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:31:20.0093 2608 Null - ok
11:31:20.0109 2608 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:31:20.0109 2608 NwlnkFlt - ok
11:31:20.0125 2608 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:31:20.0125 2608 NwlnkFwd - ok
11:31:20.0156 2608 OsaFsLoc (635495e3258dfb252b5feee59fa2d5a3) C:\WINDOWS\system32\drivers\OsaFsLoc.sys
11:31:20.0156 2608 OsaFsLoc - ok
11:31:20.0156 2608 osaio (18e841bac9b822fac99d828ee95f0df3) C:\WINDOWS\system32\drivers\osaio.sys
11:31:20.0156 2608 osaio - ok
11:31:20.0171 2608 osanbm (dda8baa7e1b99c6cbd9dcb7621fb727e) C:\WINDOWS\system32\drivers\osanbm.sys
11:31:20.0171 2608 osanbm - ok
11:31:20.0250 2608 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:31:20.0250 2608 ose - ok
11:31:20.0296 2608 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:31:20.0296 2608 Parport - ok
11:31:20.0296 2608 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:31:20.0296 2608 PartMgr - ok
11:31:20.0328 2608 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:31:20.0328 2608 ParVdm - ok
11:31:20.0343 2608 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
11:31:20.0343 2608 pccsmcfd - ok
11:31:20.0359 2608 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:31:20.0359 2608 PCI - ok
11:31:20.0359 2608 PCIDump - ok
11:31:20.0359 2608 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:31:20.0359 2608 PCIIde - ok
11:31:20.0390 2608 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:31:20.0390 2608 Pcmcia - ok
11:31:20.0468 2608 PCToolsSSDMonitorSvc (a0937771070bf59468b4939dd0ae59fd) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
11:31:20.0484 2608 PCToolsSSDMonitorSvc - ok
11:31:20.0484 2608 PDCOMP - ok
11:31:20.0484 2608 PDFRAME - ok
11:31:20.0500 2608 PDRELI - ok
11:31:20.0500 2608 PDRFRAME - ok
11:31:20.0500 2608 perc2 - ok
11:31:20.0515 2608 perc2hib - ok
11:31:20.0562 2608 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:31:20.0562 2608 PlugPlay - ok
11:31:20.0593 2608 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:31:20.0593 2608 PolicyAgent - ok
11:31:20.0609 2608 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:31:20.0609 2608 PptpMiniport - ok
11:31:20.0625 2608 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
11:31:20.0625 2608 Processor - ok
11:31:20.0625 2608 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:31:20.0625 2608 ProtectedStorage - ok
11:31:20.0640 2608 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:31:20.0640 2608 PSched - ok
11:31:20.0671 2608 psdfilter (85e295efc530743bbd6165a63b3daaed) C:\WINDOWS\system32\Drivers\psdfilter.sys
11:31:20.0671 2608 psdfilter - ok
11:31:20.0671 2608 psdvdisk (5edb31248c84bf524a72b9b97011d91c) C:\WINDOWS\system32\Drivers\psdvdisk.sys
11:31:20.0671 2608 psdvdisk - ok
11:31:20.0687 2608 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:31:20.0687 2608 Ptilink - ok
11:31:20.0703 2608 ql1080 - ok
11:31:20.0703 2608 Ql10wnt - ok
11:31:20.0703 2608 ql12160 - ok
11:31:20.0718 2608 ql1240 - ok
11:31:20.0718 2608 ql1280 - ok
11:31:20.0734 2608 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:31:20.0734 2608 RasAcd - ok
11:31:20.0765 2608 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
11:31:20.0765 2608 RasAuto - ok
11:31:20.0781 2608 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:31:20.0781 2608 Rasl2tp - ok
11:31:20.0828 2608 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
11:31:20.0843 2608 RasMan - ok
11:31:20.0843 2608 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:31:20.0843 2608 RasPppoe - ok
11:31:20.0843 2608 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:31:20.0843 2608 Raspti - ok
11:31:20.0875 2608 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:31:20.0875 2608 Rdbss - ok
11:31:20.0890 2608 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:31:20.0890 2608 RDPCDD - ok
11:31:20.0921 2608 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:31:20.0937 2608 rdpdr - ok
11:31:20.0968 2608 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
11:31:20.0968 2608 RDPWD - ok
11:31:20.0984 2608 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
11:31:20.0984 2608 RDSessMgr - ok
11:31:21.0000 2608 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:31:21.0000 2608 redbook - ok
11:31:21.0046 2608 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
11:31:21.0046 2608 RemoteAccess - ok
11:31:21.0062 2608 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
11:31:21.0078 2608 RemoteRegistry - ok
11:31:21.0140 2608 RichVideo (2af094b1ce4725e4551f38fda2348637) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
11:31:21.0140 2608 RichVideo - ok
11:31:21.0187 2608 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
11:31:21.0187 2608 ROOTMODEM - ok
11:31:21.0203 2608 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
11:31:21.0203 2608 RpcLocator - ok
11:31:21.0250 2608 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:31:21.0250 2608 RpcSs - ok
11:31:21.0281 2608 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
11:31:21.0296 2608 RSVP - ok
11:31:21.0328 2608 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:31:21.0328 2608 SamSs - ok
11:31:21.0343 2608 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
11:31:21.0343 2608 SCardSvr - ok
11:31:21.0375 2608 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
11:31:21.0375 2608 Schedule - ok
11:31:21.0453 2608 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
11:31:21.0453 2608 SeaPort - ok
11:31:21.0515 2608 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:31:21.0515 2608 Secdrv - ok
11:31:21.0546 2608 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
11:31:21.0546 2608 seclogon - ok
11:31:21.0546 2608 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
11:31:21.0562 2608 SENS - ok
11:31:21.0562 2608 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:31:21.0562 2608 serenum - ok
11:31:21.0578 2608 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:31:21.0578 2608 Serial - ok
11:31:21.0640 2608 ServiceLayer (9d38320bb32230349379df5ddbbf7fce) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
11:31:21.0640 2608 ServiceLayer - ok
11:31:21.0687 2608 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:31:21.0687 2608 Sfloppy - ok
11:31:21.0734 2608 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
11:31:21.0734 2608 SharedAccess - ok
11:31:21.0765 2608 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:31:21.0781 2608 ShellHWDetection - ok
11:31:21.0781 2608 Simbad - ok
11:31:21.0812 2608 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:31:21.0812 2608 SLIP - ok
11:31:21.0828 2608 Sparrow - ok
11:31:21.0859 2608 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:31:21.0859 2608 splitter - ok
11:31:21.0890 2608 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:31:21.0890 2608 Spooler - ok
11:31:21.0953 2608 SQLBrowser (5673e79bbb62a4c35b10d821ff1b4aca) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
11:31:21.0953 2608 SQLBrowser - ok
11:31:21.0984 2608 SQLWriter (54902536aad0e9b99bc65f89c0caf93f) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
11:31:21.0984 2608 SQLWriter - ok
11:31:22.0031 2608 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:31:22.0031 2608 sr - ok
11:31:22.0078 2608 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
11:31:22.0078 2608 srservice - ok
11:31:22.0109 2608 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:31:22.0109 2608 Srv - ok
11:31:22.0125 2608 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
11:31:22.0125 2608 SSDPSRV - ok
11:31:22.0156 2608 ssm_bus (9ece19a1a4f4896597c3bb840fbfa721) C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
11:31:22.0156 2608 ssm_bus - ok
11:31:22.0156 2608 ssm_mdfl - ok
11:31:22.0171 2608 ssm_mdm - ok
11:31:22.0203 2608 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
11:31:22.0203 2608 stisvc - ok
11:31:22.0234 2608 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:31:22.0234 2608 streamip - ok
11:31:22.0265 2608 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:31:22.0265 2608 swenum - ok
11:31:22.0281 2608 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:31:22.0281 2608 swmidi - ok
11:31:22.0281 2608 SwPrv - ok
11:31:22.0296 2608 symc810 - ok
11:31:22.0296 2608 symc8xx - ok
11:31:22.0312 2608 sym_hi - ok
11:31:22.0312 2608 sym_u3 - ok
11:31:22.0328 2608 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:31:22.0328 2608 sysaudio - ok
11:31:22.0343 2608 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
11:31:22.0343 2608 SysmonLog - ok
11:31:22.0375 2608 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
11:31:22.0375 2608 TapiSrv - ok
11:31:22.0421 2608 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:31:22.0437 2608 Tcpip - ok
11:31:22.0453 2608 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:31:22.0453 2608 TDPIPE - ok
11:31:22.0468 2608 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:31:22.0468 2608 TDTCP - ok
11:31:22.0484 2608 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:31:22.0484 2608 TermDD - ok
11:31:22.0515 2608 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
11:31:22.0515 2608 TermService - ok
11:31:22.0546 2608 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:31:22.0562 2608 Themes - ok
11:31:22.0593 2608 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
11:31:22.0593 2608 TlntSvr - ok
11:31:22.0593 2608 TosIde - ok
11:31:22.0625 2608 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
11:31:22.0625 2608 TrkWks - ok
11:31:22.0671 2608 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\WINDOWS\system32\drivers\tvicport.sys
11:31:22.0671 2608 tvicport - ok
11:31:22.0671 2608 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
11:31:22.0671 2608 UBHelper - ok
11:31:22.0703 2608 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:31:22.0703 2608 Udfs - ok
11:31:22.0703 2608 ultra - ok
11:31:22.0750 2608 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:31:22.0750 2608 Update - ok
11:31:22.0765 2608 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
11:31:22.0781 2608 upnphost - ok
11:31:22.0796 2608 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
11:31:22.0796 2608 UPS - ok
11:31:22.0828 2608 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:31:22.0828 2608 usbccgp - ok
11:31:22.0828 2608 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:31:22.0843 2608 usbehci - ok
11:31:22.0843 2608 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:31:22.0843 2608 usbhub - ok
11:31:22.0875 2608 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:31:22.0890 2608 usbohci - ok
11:31:22.0890 2608 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:31:22.0890 2608 USBSTOR - ok
11:31:22.0921 2608 VComm (9ebee4a060c5364a31aeaa04eac2af1e) C:\WINDOWS\system32\DRIVERS\VComm.sys
11:31:22.0921 2608 VComm - ok
11:31:22.0937 2608 VcommMgr (630bbdbf5490f8f57abe650da63661a0) C:\WINDOWS\system32\Drivers\VcommMgr.sys
11:31:22.0953 2608 VcommMgr - ok
11:31:22.0953 2608 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:31:22.0953 2608 VgaSave - ok
11:31:22.0953 2608 ViaIde - ok
11:31:22.0984 2608 VNUSB (c48e230878ea1946f0c4026a9d8e9a61) C:\WINDOWS\system32\DRIVERS\VNUSB.sys
11:31:22.0984 2608 VNUSB - ok
11:31:23.0000 2608 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:31:23.0000 2608 VolSnap - ok
11:31:23.0046 2608 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
11:31:23.0062 2608 VSS - ok
11:31:23.0078 2608 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
11:31:23.0093 2608 W32Time - ok
11:31:23.0109 2608 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:31:23.0109 2608 Wanarp - ok
11:31:23.0109 2608 WDICA - ok
11:31:23.0125 2608 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:31:23.0125 2608 wdmaud - ok
11:31:23.0140 2608 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
11:31:23.0140 2608 WebClient - ok
11:31:23.0218 2608 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:31:23.0218 2608 winmgmt - ok
11:31:23.0281 2608 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
11:31:23.0296 2608 WinRM - ok
11:31:23.0437 2608 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:31:23.0437 2608 wlidsvc - ok
11:31:23.0562 2608 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
11:31:23.0562 2608 WmdmPmSN - ok
11:31:23.0609 2608 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
11:31:23.0609 2608 Wmi - ok
11:31:23.0687 2608 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:31:23.0687 2608 WmiApSrv - ok
11:31:23.0828 2608 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
11:31:23.0843 2608 WMPNetworkSvc - ok
11:31:23.0968 2608 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:31:23.0968 2608 WPFFontCache_v0400 - ok
11:31:24.0046 2608 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
11:31:24.0046 2608 wscsvc - ok
11:31:24.0062 2608 WSearch - ok
11:31:24.0125 2608 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:31:24.0125 2608 WSTCODEC - ok
11:31:24.0140 2608 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
11:31:24.0140 2608 wuauserv - ok
11:31:24.0171 2608 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:31:24.0171 2608 WudfPf - ok
11:31:24.0187 2608 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:31:24.0187 2608 WudfRd - ok
11:31:24.0203 2608 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:31:24.0203 2608 WudfSvc - ok
11:31:24.0265 2608 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
11:31:24.0265 2608 WZCSVC - ok
11:31:24.0281 2608 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
11:31:24.0296 2608 xmlprov - ok
11:31:24.0328 2608 yukonwxp (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
11:31:24.0328 2608 yukonwxp - ok
11:31:24.0359 2608 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\WINDOWS\system32\drivers\zntport.sys
11:31:24.0359 2608 zntport - ok
11:31:24.0390 2608 MBR (0x1B8) (99852d5c3a78447c3d6d82b6155fe848) \Device\Harddisk0\DR0
11:31:27.0375 2608 \Device\Harddisk0\DR0 - ok
11:31:27.0375 2608 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
11:31:30.0359 2608 \Device\Harddisk1\DR4 - ok
11:31:30.0359 2608 Boot (0x1200) (de9f0bdd3767f2d146cfb3d684c7bd62) \Device\Harddisk0\DR0\Partition0
11:31:30.0359 2608 \Device\Harddisk0\DR0\Partition0 - ok
11:31:30.0375 2608 Boot (0x1200) (ac700a8f94ef672bf189e54dc7050ae8) \Device\Harddisk0\DR0\Partition1
11:31:30.0375 2608 \Device\Harddisk0\DR0\Partition1 - ok
11:31:30.0375 2608 Boot (0x1200) (601bd34c806fcb31e1e05756e87f276b) \Device\Harddisk1\DR4\Partition0
11:31:30.0375 2608 \Device\Harddisk1\DR4\Partition0 - ok
11:31:30.0375 2608 ============================================================
11:31:30.0375 2608 Scan finished
11:31:30.0375 2608 ============================================================
11:31:30.0390 3320 Detected object count: 0
11:31:30.0390 3320 Actual detected object count: 0
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
OTL Log:
OTL logfile created on: 7/11/2012 10:07:00 AM - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Kerry\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 80.54% Memory free
5.09 Gb Paging File | 4.56 Gb Available in Paging File | 89.53% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.36 Gb Total Space | 38.12 Gb Free Space | 53.42% Space Free | Partition Type: NTFS
Drive D: | 71.82 Gb Total Space | 71.81 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: ACER-AD993BA82B | User Name: Kerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/09 23:18:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kerry\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/12/12 15:07:00 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011/05/15 12:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP studios\WinPatrol\WinPatrol.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/08/03 09:22:58 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/08/31 17:32:08 | 000,054,800 | ---- | M] (OSA Technologies Inc., An Avocent Company) -- C:\Acer\LANScope Agent\lockkm.exe
PRC - [2007/05/22 10:59:58 | 001,459,992 | ---- | M] (OSA Technologies Inc., An Avocent Company) -- C:\Acer\LANScope Agent\awtray.exe
PRC - [2007/04/26 09:51:50 | 000,075,032 | ---- | M] (OSA Technologies Inc., An Avocent Company) -- C:\Acer\LANScope Agent\awServ.exe
PRC - [2006/09/14 12:06:48 | 000,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2006/06/28 17:01:32 | 000,520,192 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe
PRC - [2001/08/17 23:36:38 | 000,032,256 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\BrmfRsmg.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 03:17:17 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/13 03:14:08 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/06/13 03:14:07 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/13 03:14:07 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/06/13 03:14:02 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/06/13 03:14:02 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/13 03:14:01 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/06/13 03:14:01 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2012/06/13 03:14:00 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/06/13 03:13:58 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2012/06/13 03:13:54 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/05/11 03:11:19 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 03:11:09 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/01/18 17:31:08 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2012/01/18 17:31:07 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2012/01/18 17:31:07 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2012/01/18 17:31:06 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2012/01/18 17:31:04 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2012/01/18 17:31:04 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2012/01/18 17:31:04 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2012/01/18 17:31:04 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2012/01/18 17:31:04 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2012/01/18 17:31:03 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2012/01/18 17:31:03 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2012/01/18 17:31:03 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2012/01/18 17:31:02 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2012/01/12 04:06:03 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_bba6ad12\mscorlib.dll
MOD - [2012/01/12 04:05:47 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_f60469e9\system.dll
MOD - [2012/01/12 04:05:40 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/04/14 18:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP studios\WinPatrol\sqlite3.dll
MOD - [2007/07/20 23:13:28 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2007/07/20 23:13:28 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2006/07/31 17:09:46 | 006,394,880 | ---- | M] () -- C:\WINDOWS\system32\TMSD7.bpl
MOD - [2006/06/28 17:01:32 | 000,520,192 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe
MOD - [2006/01/02 13:54:48 | 000,028,672 | ---- | M] () -- C:\Acer\LANScope Agent\NetLimiter.dll
MOD - [2005/09/08 17:18:30 | 000,950,272 | ---- | M] () -- C:\WINDOWS\system32\SUIPackD7.bpl
MOD - [2005/07/05 11:12:42 | 001,013,248 | ---- | M] () -- C:\WINDOWS\system32\indy70.bpl
MOD - [2001/11/29 02:02:00 | 000,040,844 | ---- | M] () -- C:\WINDOWS\system32\bfp_mon.dll
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)
SRV - [2012/07/07 12:35:01 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/17 19:59:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/12/12 15:07:00 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/08/03 09:22:58 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/04/26 09:51:50 | 000,075,032 | ---- | M] (OSA Technologies Inc., An Avocent Company) [Auto | Running] -- C:\Acer\LANScope Agent\awServ.exe -- (AWService)
SRV - [2006/09/14 12:06:48 | 000,028,672 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006/06/28 17:01:32 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eLock\LockServ.exe -- (LockServ)
SRV - [2005/02/15 09:02:00 | 000,081,920 | ---- | M] (TODO: <公司名稱>) [On_Demand | Stopped] -- C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe -- (Acer ODDSpeedControl)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ssm_mdm.sys -- (ssm_mdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ssm_mdfl.sys -- (ssm_mdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/10 23:25:24 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C508BC9A-2D7B-40B8-8D71-D48DADAE5E13}\MpKsl13e10d98.sys -- (MpKsl13e10d98)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/12/20 22:55:02 | 000,104,448 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2009/08/03 09:22:58 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/04/22 14:28:08 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2009/04/22 14:28:06 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2008/04/13 11:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007/12/06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/08/27 10:14:20 | 000,026,768 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2007/07/18 12:26:04 | 004,547,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/14 14:58:56 | 002,301,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/06/12 19:29:38 | 000,015,640 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2007/05/30 15:30:02 | 000,014,616 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NetLock.sys -- (netlock)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/03/30 14:44:20 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007/03/30 14:44:20 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
DRV - [2007/03/30 14:44:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2006/11/08 21:13:06 | 000,010,944 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2006/10/03 11:03:14 | 000,018,072 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NetLimiter.sys -- (netlimiter)
DRV - [2006/06/08 17:54:24 | 000,017,664 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)
DRV - [2006/06/06 18:36:30 | 000,090,112 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)
DRV - [2005/05/31 15:40:20 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005/05/31 09:42:28 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/04/30 14:50:20 | 000,011,860 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005/04/30 14:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005/04/30 14:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005/03/25 17:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004/10/19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2003/12/15 18:22:00 | 000,038,448 | ---- | M] (OLYMPUS OPTICAL CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)
DRV - [2001/08/17 14:12:24 | 000,003,168 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrParImg.sys -- (brparimg)
DRV - [2001/08/17 14:12:18 | 000,039,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrParwdm.sys -- (BrParWdm)
DRV - [2001/08/17 14:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "U
Back to top
View user's profile Send private message
Jel
Junior Member


Joined: 07 Jul 2012
Last Visit: 24 Jul 2012
Posts: 23

PostPosted: Wed Jul 11, 2012 11:10 am    Post subject: here is the portion that didn't post earlier:) Reply with quote

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..\SearchScopes,DefaultScope = {CCA10DC7-4E01-4509-8998-E76210E1F504}
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = http://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..\SearchScopes\{5EBFBAFC-FD10-4A70-8BFC-57A332550B45}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000TEUS&apn_uid=22BB8E53-DC77-49DE-93ED-6F07A0F853F9&apn_sauid=10A2B49A-292A-4761-B528-6EE651D231C5&
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..\SearchScopes\{724F6D2B-76C6-4C4B-95C3-5E74B3314C9D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=OSDSRC
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..\SearchScopes\{7FEC4549-C6C2-4D9C-AF4C-BE06407C0D5A}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..\SearchScopes\{CCA10DC7-4E01-4509-8998-E76210E1F504}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.bing.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/02/11 16:44:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/10 11:40:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/10 11:40:28 | 000,000,000 | ---D | M]

[2009/05/28 15:15:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kerry\Application Data\Mozilla\Extensions
[2012/05/22 16:42:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kerry\Application Data\Mozilla\Firefox\Profiles\lzbf8ttx.default\extensions
[2010/05/26 13:52:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kerry\Application Data\Mozilla\Firefox\Profiles\lzbf8ttx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/15 12:53:44 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Kerry\Application Data\Mozilla\Firefox\Profiles\lzbf8ttx.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012/05/22 16:42:49 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Kerry\Application Data\Mozilla\Firefox\Profiles\lzbf8ttx.default\extensions\LogMeInClient@logmein.com
[2012/02/10 11:10:05 | 000,001,928 | ---- | M] () -- C:\Documents and Settings\Kerry\Application Data\Mozilla\Firefox\Profiles\lzbf8ttx.default\searchplugins\bing-.xml
[2012/07/07 12:38:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/07 12:38:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/03/27 14:08:05 | 000,138,614 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\KERRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LZBF8TTX.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012/07/07 12:38:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/06/17 19:59:31 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/08 21:34:30 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2012/02/11 23:03:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/11 23:03:06 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/03 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [AdminWorks Tray] C:\Acer\LANScope Agent\awtray.exe (OSA Technologies Inc., An Avocent Company)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008..\Run: [fsm] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office XP\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office XP\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office 2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: accr.biz ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: amazon.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: aoi.org ([mail] http in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: aoi.org ([mail] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: bizjournals.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: ebay.com ([signin] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: emailroi.com ([emailer] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: entirelypets.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: eroi.com ([toolbox] http in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: eroi.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: eroi.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: facebook.com ([login] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: gotomypc.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: gotomypc.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: linkedin.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: live.com ([login] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: livingwater.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: myfax.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: myfax.com ([secure] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: onlinebootstore.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: onpointcuonline.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: presentment.com ([digitalinsight] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: t-mobile.com ([my] https in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: uplacevet.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: yahoo.net ([us-dc2-order.store] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341641108109 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.130.255.3 209.63.0.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C34F1CA5-3C00-449D-B9B1-47978CD93FC0}: DhcpNameServer = 204.130.255.3 209.63.0.6
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Kerry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kerry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/20 22:49:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/10 12:03:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/09 23:18:13 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kerry\Desktop\OTL.exe
[2012/07/09 22:47:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kerry\Application Data\Malwarebytes
[2012/07/09 22:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/09 22:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/07/09 22:46:46 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/09 22:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/09 22:43:44 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kerry\My Documents\mbam-setup-1.61.0.1400.exe
[2012/07/07 12:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/07 12:38:21 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/07/07 12:38:21 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/07/07 12:38:21 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/07/07 12:38:21 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/07/07 12:37:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/07/07 01:36:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kerry\Start Menu\Programs\Administrative Tools
[2012/07/06 23:03:13 | 000,171,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jit.dll
[2012/07/06 23:03:13 | 000,139,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javaee.dll
[2012/07/06 23:03:13 | 000,046,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\setdebug.exe
[2012/07/06 23:03:12 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dx3j.dll
[2012/07/06 23:03:07 | 000,286,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vmhelper.dll
[2012/07/06 23:03:07 | 000,171,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wjview.exe
[2012/07/06 23:03:07 | 000,021,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjdbc10.dll
[2012/07/06 23:03:06 | 000,172,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jview.exe
[2012/07/06 23:03:06 | 000,154,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msawt.dll
[2012/07/06 23:03:06 | 000,015,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jdbgmgr.exe
[2012/07/06 23:03:05 | 000,404,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javart.dll
[2012/07/06 23:03:05 | 000,187,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javacypt.dll
[2012/07/06 23:03:05 | 000,063,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javaprxy.dll
[2012/07/06 23:03:04 | 000,049,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clspack.exe
[2012/07/06 22:51:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2012/06/19 13:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kerry\My Documents\CMTA Billing
[2012/06/12 21:38:02 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/05/18 13:03:20 | 091,823,688 | ---- | C] (Samsung Electronics Co., Ltd. ) -- C:\Program Files\Kies_2.3.1.12044_18.exe
[2011/12/02 11:53:31 | 004,734,424 | ---- | C] (PC Tools) -- C:\Program Files\rminstall.exe
[2010/04/19 15:41:08 | 038,808,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MS FileFormatConverters.exe
[2010/04/19 15:37:54 | 001,761,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MS older Office converter OCONVPCK.EXE
[2009/05/28 14:48:42 | 007,526,856 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.0.10.exe
[2008/08/22 11:40:23 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Kerry\gotomypc_437.exe
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/11 10:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/11 09:25:01 | 000,000,516 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2012/07/11 00:23:52 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2732453282-3087202739-1963643056-1008.job
[2012/07/11 00:23:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/11 00:23:50 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2732453282-3087202739-1963643056-1010.job
[2012/07/11 00:23:49 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2732453282-3087202739-1963643056-1011.job
[2012/07/10 23:35:13 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/10 23:25:25 | 000,000,386 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2012/07/10 23:25:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/10 23:24:55 | 3489,124,352 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/10 23:24:55 | 000,368,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/10 23:12:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/09 23:18:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kerry\Desktop\OTL.exe
[2012/07/09 22:46:55 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/09 22:43:50 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kerry\My Documents\mbam-setup-1.61.0.1400.exe
[2012/07/09 12:54:33 | 000,002,643 | ---- | M] () -- C:\Documents and Settings\Kerry\Desktop\Microsoft Office Document Scanning.lnk
[2012/07/07 12:38:00 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/07/07 12:37:59 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/07/07 12:37:59 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/07/07 12:37:59 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/07/07 12:37:59 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/07/07 12:37:59 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/07/07 12:36:29 | 000,584,554 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/07 12:36:29 | 000,118,658 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/07 12:35:01 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/07/07 12:35:00 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/06/26 21:18:44 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Kerry\Desktop\Microsoft Word.lnk
[2012/06/13 06:19:59 | 001,866,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2012/06/13 06:19:59 | 001,866,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/09 22:46:55 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/07 12:34:41 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/06 23:03:13 | 000,007,315 | ---- | C] () -- C:\WINDOWS\System32\javasup.vxd
[2012/07/06 23:03:13 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2012/07/06 23:03:08 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedon.reg
[2012/07/06 23:03:07 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedoff.reg
[2012/07/06 21:47:41 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2732453282-3087202739-1963643056-1011.job
[2012/07/06 21:23:53 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2732453282-3087202739-1963643056-1010.job
[2012/06/05 03:16:40 | 000,500,400 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2732453282-3087202739-1963643056-1008-0.dat
[2012/06/05 03:16:38 | 000,367,174 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/05/18 13:37:56 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2012/05/18 13:37:56 | 000,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2012/05/11 03:28:46 | 007,408,160 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/02/20 23:29:22 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Internet Services
[2012/02/20 23:29:22 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Kerry\Application Data\InkjetPrinter
[2012/02/20 23:29:22 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2012/02/20 23:29:22 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Jingles
[2012/02/14 23:15:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/09 00:25:29 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2012/01/04 07:37:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kerry\Cache.db
[2011/05/16 14:31:44 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2011/03/02 07:57:40 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/03/02 07:57:40 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/03/02 07:57:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/03/02 07:57:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010/05/14 12:50:15 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Kerry\Application Data\$_hpcst$.hpc
[2009/02/13 23:53:22 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Kerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/03 14:14:48 | 000,002,415 | ---- | C] () -- C:\Documents and Settings\Kerry\config.xml
[2008/11/03 14:14:30 | 000,185,094 | ---- | C] () -- C:\Program Files\OWANotify20060513.zip
[2008/10/18 22:57:45 | 000,027,244 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuInstall.LiveUpdate
[2008/07/27 01:27:11 | 000,014,290 | ---- | C] () -- C:\Program Files\settings.dat
[2008/07/25 10:19:12 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Kerry\Local Settings\Application Data\fusioncache.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 31 Oct 2014
Posts: 4685
Location: Land Of The Leprechauns

PostPosted: Wed Jul 11, 2012 11:26 am    Post subject: Reply with quote

Hi Jel,
Quote:
thank you again for your assistance, Cypher:)

You're most welcome.
Ok unfortunately the last OTL fix failed because OTL stalled, lets try it again in safe mode.
I need you to run another scan for me also please.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

Next.

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the textbox. Do not include the word Code
    Code:

    :processes
    killallprocesses

    :otl
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..\SearchScopes,DefaultScope = {CCA10DC7-4E01-4509-8998-E76210E1F504}
    IE - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..\SearchScopes\{5EBFBAFC-FD10-4A70-8BFC-57A332550B45}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000TEUS&apn_uid=22BB8E53-DC77-49DE-93ED-6F07A0F853F9&apn_sauid=10A2B49A-292A-4761-B528-6EE651D231C5&
    FF - prefs.js..extensions.enabledItems: 6
    FF - prefs.js..extensions.enabledItems: 2
    FF - prefs.js..extensions.enabledItems: 44
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O4 - HKLM..\Run: [NPSStartup] File not found
    O4 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008..\Run: [fsm] File not found
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: accr.biz ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: amazon.com ([www] http in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: aoi.org ([mail] http in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: aoi.org ([mail] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: bizjournals.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: ebay.com ([signin] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: emailroi.com ([emailer] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: entirelypets.com ([www] http in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: eroi.com ([toolbox] http in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: eroi.com ([www] http in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: eroi.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: facebook.com ([login] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: gotomypc.com ([www] * in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: gotomypc.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: linkedin.com ([www] http in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: live.com ([login] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: livingwater.com ([www] http in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: myfax.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: myfax.com ([secure] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: onlinebootstore.com ([www] http in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: onpointcuonline.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: presentment.com ([digitalinsight] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: t-mobile.com ([my] https in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: uplacevet.com ([www] http in Trusted sites)
    O15 - HKU\S-1-5-21-2732453282-3087202739-1963643056-1008\..Trusted Domains: yahoo.net ([us-dc2-order.store] http in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2012/07/08 21:12:23 | 000,000,386 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
    [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    @Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

    :files
    ipconfig /flushdns /c

    :commands
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]

  • Then click the Run Fix button at the top.
  • Click .
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

Please download aswMBR and save it to your Desktop.
  • Double click aswMBR.exe to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.


Logs/Information to Post in your Next Reply
  • OTL Fix log.
  • aswMBR.txt.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Jel
Junior Member


Joined: 07 Jul 2012
Last Visit: 24 Jul 2012
Posts: 23

PostPosted: Wed Jul 11, 2012 12:18 pm    Post subject: OTL fix log and ASwMBR Reply with quote

OTL fix log:

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\Software\Microsoft\Internet Explorer\SearchScopes\{5EBFBAFC-FD10-4A70-8BFC-57A332550B45}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5EBFBAFC-FD10-4A70-8BFC-57A332550B45}\ not found.
Prefs.js: 6 removed from extensions.enabledItems
Prefs.js: 2 removed from extensions.enabledItems
Prefs.js: 44 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: jqs@sun.com:1.0 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\Software\Microsoft\Windows\CurrentVersion\Run\\fsm deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\accr.biz\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amazon.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aoi.org\mail\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aoi.org\mail\ not found.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bizjournals.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ebay.com\signin\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\emailroi.com\emailer\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\entirelypets.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\eroi.com\toolbox\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\eroi.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\eroi.com\www\ not found.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\facebook.com\login\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gotomypc.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gotomypc.com\www\ not found.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\linkedin.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\live.com\login\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\livingwater.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\office\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\myfax.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\myfax.com\secure\ not found.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\onlinebootstore.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\onpointcuonline.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\presentment.com\digitalinsight\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\t-mobile.com\my\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\uplacevet.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2732453282-3087202739-1963643056-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yahoo.net\us-dc2-order.store\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\BrmfBidi.ini moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET122.tmp deleted successfully.
C:\WINDOWS\System32\SET126.tmp deleted successfully.
C:\WINDOWS\System32\SET12E.tmp deleted successfully.
C:\WINDOWS\System32\SET368.tmp deleted successfully.
C:\WINDOWS\System32\SET36C.tmp deleted successfully.
C:\WINDOWS\System32\SET374.tmp deleted successfully.
C:\WINDOWS\System32\SET385.tmp deleted successfully.
C:\WINDOWS\003104_.tmp deleted successfully.
C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP\WiseCustomCall.dll deleted successfully.
C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP folder deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The request is not supported.

Please contact Microsoft Product Support Services for further help.
Additional information: Unable to query host name.
C:\Documents and Settings\Kerry\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Kerry\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 2342 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Kerry
->Temp folder emptied: 14954850 bytes
->Temporary Internet Files folder emptied: 237902 bytes
->Java cache emptied: 35100774 bytes
->FireFox cache emptied: 85411673 bytes
->Flash cache emptied: 36543 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 16501458 bytes

User: NetworkService
->Temp folder emptied: 2856646 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 59777 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 265662618 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 402.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Unable to stop System Restore Service. Error code 1722. Restore points not cleared.
Unable to start System Restore Service. Error code 10. Restore point not created.

OTL by OldTimer - Version 3.2.53.1 log created on 07112012_125909

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

ansMBR log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-11 13:09:49
-----------------------------
13:09:49.578 OS Version: Windows 5.1.2600 Service Pack 3
13:09:49.578 Number of processors: 2 586 0x6B02
13:09:49.578 ComputerName: ACER-AD993BA82B UserName: Kerry
13:09:49.890 Initialize success
13:10:59.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:10:59.734 Disk 0 Vendor: ST3160815AS 3.AAE Size: 152627MB BusType: 3
13:10:59.750 Disk 0 MBR read successfully
13:10:59.750 Disk 0 MBR scan
13:10:59.750 Disk 0 unknown MBR code
13:10:59.750 Disk 0 Partition 1 00 12 Compaq diag MSWIN4.1 5992 MB offset 63
13:10:59.765 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 73069 MB offset 12273660
13:10:59.781 Disk 0 Partition 3 00 0C FAT32 LBA MSWIN4.1 73563 MB offset 161919135
13:10:59.781 Disk 0 scanning sectors +312576705
13:10:59.843 Disk 0 scanning C:\WINDOWS\system32\drivers
13:11:07.140 Service scanning
13:11:12.718 Service MpKsl5e528431 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C508BC9A-2D7B-40B8-8D71-D48DADAE5E13}\MpKsl5e528431.sys **LOCKED** 32
13:11:18.796 Modules scanning
13:11:22.953 Disk 0 trace - called modules:
13:11:22.968 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:11:22.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae8bab8]
13:11:22.968 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006d[0x8aede258]
13:11:22.968 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aefbd98]
13:11:22.984 Scan finished successfully
13:12:01.328 Disk 0 MBR has been saved successfully to "G:\logs 7-11-12\MBR.dat"
13:12:02.187 The log file has been saved successfully to "G:\logs 7-11-12\aswMBR.txt"

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
thank you
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 31 Oct 2014
Posts: 4685
Location: Land Of The Leprechauns

PostPosted: Thu Jul 12, 2012 12:56 am    Post subject: Reply with quote

Hi Jel,
Good work so far you're doing great.
Can you give me an update on how your computer is performing now please.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Jel
Junior Member


Joined: 07 Jul 2012
Last Visit: 24 Jul 2012
Posts: 23

PostPosted: Thu Jul 12, 2012 1:54 pm    Post subject: Feedback Reply with quote

Hi cypher,

thanks for the encouragement...malware hunting can be daunting task for the inexperienced.

The PC is still hanging on downloads...like the auto update program for flash java or such....but i am able to download files now which is a big improvement.

This morning My email/outlook has started giving me timeout errors, saying i should contact my isp...should i go ahead or wait til we are through with this process?

however i am still not able to "submit" my posts to your site from this pc...i push submit and it just hangs. yet i can post from other pc's ...and i just did a test, couldn't post on this pc through mozilla, but could easily through iexplorer

thank you again for all your assistance:) Jel
Back to top
View user's profile Send private message
Jel
Junior Member


Joined: 07 Jul 2012
Last Visit: 24 Jul 2012
Posts: 23

PostPosted: Thu Jul 12, 2012 2:27 pm    Post subject: spoke to soon Reply with quote

still not downloading consistently in either browser:(
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 31 Oct 2014
Posts: 4685
Location: Land Of The Leprechauns

PostPosted: Fri Jul 13, 2012 1:48 am    Post subject: Reply with quote

Hi Jel,
Quote:
This morning My email/outlook has started giving me timeout errors, saying i should contact my isp...should i go ahead or wait til we are through with this process?

No hold off on that for now, we need to check your computer further to rule out malware as the cause of your problems.
Thank you for sticking with me, certain types of malware can be hard to track down.

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Jel
Junior Member


Joined: 07 Jul 2012
Last Visit: 24 Jul 2012
Posts: 23

PostPosted: Fri Jul 13, 2012 8:55 am    Post subject: Hung up Reply with quote

Hi Cypher,

followed your instructions and i made sure i turned off MS security essentials...saved combofix to the desktop...Ran with all apps shut. it was going along fine until it had to download the recovery console....said it connected to http://download/microsoft.com...started downloading then stopped/hung up now at 9.3%.

i will leave it taht was until i hear from you:)

thanks in advance, kerry
PS: i am guessing since my downloading is iffy, is there a way to download the recovery console on my other machine and doggle over?
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 31 Oct 2014
Posts: 4685
Location: Land Of The Leprechauns

PostPosted: Fri Jul 13, 2012 9:17 am    Post subject: Reply with quote

Hi Jel,
Do you have the XP discs that came with your computer?
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Jel
Junior Member


Joined: 07 Jul 2012
Last Visit: 24 Jul 2012
Posts: 23

PostPosted: Fri Jul 13, 2012 9:58 am    Post subject: recovery disks Reply with quote

Cypher,

my pc didn't come with recovery disks or XP s/w disk...came preloaded. I did however make a set of three recovery CDs and i have those.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 31 Oct 2014
Posts: 4685
Location: Land Of The Leprechauns

PostPosted: Sat Jul 14, 2012 1:05 am    Post subject: Reply with quote

Hi Jel,
See if you can install the recovery console, using the instructions in the link below.
http://support.microsoft.com/kb/307654

If not just post back and let me know.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Jel
Junior Member


Joined: 07 Jul 2012
Last Visit: 24 Jul 2012
Posts: 23

PostPosted: Sat Jul 14, 2012 11:39 pm    Post subject: REcovery console Reply with quote

Hi cypher,

Here is where ia mat...i wasn't clear about the recovery disks that came with the CD....i didn't get an official WinXP disk, but i have boot recovery DVDs x2 that i made for the PC. however i made two separate disks with the xp_rec_cons.iso and tried to boot to the CD Drive first boot and tried numerous times but it wouldn't load via the CD. so i was not successful in getting it to load the rec console to the boot options. I was able to get the Pc to boot to the CD with the recovery dvd i made.

I am sorry to be a pain and not be successful at this point...any other options at this point? it is running smoother but still won't download a fiel completely...tried 3 times on the xp_rec_console...so ended up doggling it over. and i do see an adobe flash update error "can't write to the disk"

thank you agian:)
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 31 Oct 2014
Posts: 4685
Location: Land Of The Leprechauns

PostPosted: Sun Jul 15, 2012 2:09 am    Post subject: Reply with quote

Hi Jel,
Quote:
I am sorry to be a pain and not be successful at this point...any other options at this point? it is running smoother but still won't download a fiel completely

Don't worry you're not being a pain at all, you're doing great so far.
Ok a colleague mentioned something to me that might be causing the problem you are having with downloads.
Before we go any further lets try this, first please turn off Microsoft Security Essentials realtime protection via the settings.
If you don't know how to do that don't go any further and let me know.

Next.

  • Copy all text in the quote box (below)...to Notepad, Do not include the word Quote:
    Quote:
    @echo off
    taskkill /f /im msseces.exe
    sc Stop MsMpSvc
    sc config MsMpSvc start= Disabled
    sc query MsMpSvc >"%userprofile%\desktop\svc_look.txt" 2>&1
    Notepad.exe "%userprofile%\desktop\svc_look.txt"
    Del %0

  • Save the Notepad file on your desktop...as Fix.bat... save type as "All Files"

    Fix.bat<<------------- you should see this on your desktop.
  • Double click on Fix.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • A file should appear on your Desktop. Please post the contents of this file.

Now as a test see if you can download the Malwarebytes' Anti-Malware setup file from the link below.
http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe

Let me know how it goes and we will take it from there.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Jel
Junior Member


Joined: 07 Jul 2012
Last Visit: 24 Jul 2012
Posts: 23

PostPosted: Sun Jul 15, 2012 10:17 pm    Post subject: fix.bat fiel contents Reply with quote

Hi Cypher,

here is the file contents that came up:


SERVICE_NAME: MsMpSvc
TYPE : 10 WIN32_OWN_PROCESS
STATE : 3 STOP_PENDING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x5
WAIT_HINT : 0x7530


Tested the file download...tried three times, and it wouldn't download past the first 400-500 KB or 3-5%. turned MS security essential back on to real time protection and tried again three more times...but still stalled.

Also wanted to mention that the boot recovery cds give the error that the windows XP version doesn't match the recovery disk version...i am running service pack 3, and am assuming the PC original load was service was Service pack 1 or 2.

Thank you again:), Jel
Back to top
View user's profile Send private message
Jel
Junior Member


Joined: 07 Jul 2012
Last Visit: 24 Jul 2012
Posts: 23

PostPosted: Sun Jul 15, 2012 10:23 pm    Post subject: interesting thing to notice Reply with quote

Hi Cypher,

An interesting thing...i tried to post/submit the above response on the sick PC, however it just spins saying "connecting"...but never shows that it posts. but when i went over to a good PC it showed it had already posted....but on the bad PC it shows it is hung on "connecting".

Thank you,
Jel
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 31 Oct 2014
Posts: 4685
Location: Land Of The Leprechauns

PostPosted: Mon Jul 16, 2012 6:37 am    Post subject: Reply with quote

Hi Jel,
Can you tell me how you connect to the internet, do you use a wired or wireless connection?
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Jel
Junior Member


Joined: 07 Jul 2012
Last Visit: 24 Jul 2012
Posts: 23

PostPosted: Mon Jul 16, 2012 9:28 am    Post subject: internet connection Reply with quote

Hi Cypher,

I connect to the internet through a router to a dsl modem...all hard wired. A day before i contacted you my ISP came out and replaced my modem and router...both were old and they wanted to rule them out as a problem.

thanks again, Jel
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 31 Oct 2014
Posts: 4685
Location: Land Of The Leprechauns

PostPosted: Mon Jul 16, 2012 10:38 am    Post subject: Reply with quote

Hi Jel,
Try booting into safe mode with networking, then try downloading the Malwarebytes' Anti-Malware setup file again.

Reboot your computer in Safe Mode with Networking.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode with Networking option is selected.
  • Press Enter. The computer then begins to start in Safe mode with Networking.
  • Login on your usual account.
Let me know the results.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Jel
Junior Member


Joined: 07 Jul 2012
Last Visit: 24 Jul 2012
Posts: 23

PostPosted: Mon Jul 16, 2012 11:07 am    Post subject: safe mode Reply with quote

Hi Cypher,

very interesting trying to get to safe mode option...turned off, waited a minute then restarted hit F-8 repeatedly...the options dos like box flashes up for a second and then it is gone and boot as regular load...tried hitting f-8 three times thinking i was going over the top of the safe dos like box, but it flew up and away again, and boot normally no safe mode.

and this made sense as when i was trying to change to boot disk order to test the Recovery disks as the MS Knowledge base had suggested the other day i couldn't get it to give me the boot dos like screen then it would come up and immediately go away.

hope this is helpful,
Jel
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 31 Oct 2014
Posts: 4685
Location: Land Of The Leprechauns

PostPosted: Tue Jul 17, 2012 1:11 am    Post subject: Reply with quote

Hi Jel,
It looks more and more like the problems you are having are not malware related, Im starting to run out of ideas here as my area of knowledge is in malware removal.
I might have to direct you to a tech forum, where they are more used to dealing with these kind of problems.
Please try the following to see if we can get your computer to boot to Safe Mode with Networking.
If successful try downloading the Malwarebytes' Anti-Malware setup file again.

Download SafebootCreator.exe and save it to your desktop.

Double click to run it.
  • At the prompt that opens, type 1 and press Enter. (Create Safeboot file)
  • A short Read Me.txt will open in Notepad. Read it,and close it to continue.
  • A boot.ini text will open. Go ahead and close it.
Reboot your system.

As your system begins to boot again, you will now have 11 seconds to choose between Normal or Safe Mode boot option. Use your arrow key to highlight Safe Mode with Networking.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Jel
Junior Member


Joined: 07 Jul 2012
Last Visit: 24 Jul 2012
Posts: 23

PostPosted: Tue Jul 17, 2012 9:26 am    Post subject: Elusive Safe mode Reply with quote

Hi Cypher,

I saved Safebootcreator to my desk top and ran it. upon reboot the safe window opens, but only gives me two options: MS Windows XP Professional and Safe Mode MS windows XP professional...no With networking option. Tried the safe mode anyhow but of course couldn't connect to the internet...so couldn't try downloading again.

I recall that a year ago on a different XP machine i had a virus in the boot record removed...is that possble?

I am sorry i wasn't more productive tog et the bottom of this. I know your expertise is malware removal...but do you have any thoughts ideas as to what could be wrong on the software/hardware front?

thank you so very much for your help, I really appreciated your time and expertise, Jel
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 31 Oct 2014
Posts: 4685
Location: Land Of The Leprechauns

PostPosted: Wed Jul 18, 2012 1:03 am    Post subject: Reply with quote

Hi Jel,
Quote:
I saved Safebootcreator to my desk top and ran it. upon reboot the safe window opens, but only gives me two options: MS Windows XP Professional and Safe Mode MS windows XP professional...no With networking option.

Try using F8 again for me please, let me know if you can get to Safe mode with Networking now.

  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode with Networking option is selected.
  • Press Enter. The computer then begins to start in Safe mode with Networking.
  • Login on your usual account.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Jel
Junior Member


Joined: 07 Jul 2012
Last Visit: 24 Jul 2012
Posts: 23

PostPosted: Wed Jul 18, 2012 11:22 am    Post subject: safe mode with networking Reply with quote

Hi Cypher....followed your instructions, and got to the first screen that let me choose MS XP or Safe mode MS XP.....pushed F8 again for advanced menu options...and found Safe Mode with networking...used arrows to select when highlighted pushed enter....takes me back out to the MS XP or safe mode MS XP screen and in blue at the bottom it says Safe mode with networking....but that is not selectable on this screen, arrowed down to safe mode MS XP and safe mode with networking stays at the bottom in blue....but when it boots up it says safe mode but no network connectivity, gave error that network connections service not started, tried to start the network connections in admin tools...but said service not available in safe mode.

I hope this tells you something of value? I tried it several times, used the new admin sign on instead of mine, used my sign in...couldn't get any networking going.

EDIT: had a thought went back in and selected safe mode with networking on the second screen and MS XP on the first screen and voila got networking that way and i was able to download the file...it was slow but steady and didn't hang and went thru to completion thru mozilla browser. However I anted to make sure it was a fluke and the next three times it hung up shortly after starting...also hung on IE browser.

signed your challenge for the month, Jel
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 31 Oct 2014
Posts: 4685
Location: Land Of The Leprechauns

PostPosted: Thu Jul 19, 2012 8:53 am    Post subject: Reply with quote

Hi Jel,
Ok go ahead and run ComboFix for me as instructed earlier, just skip the part about installing the Recovery Console.
Once done post the resulting log please.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Jel
Junior Member


Joined: 07 Jul 2012
Last Visit: 24 Jul 2012
Posts: 23

PostPosted: Thu Jul 19, 2012 11:28 am    Post subject: ComboFix log Reply with quote

Hi Cypher,

combofix ran just fine, it rebooted the pc but try as i might, i cannot find any log file that was created. combofix was saved and run from my desktop. sorry i came up empty handed.

thanks, Jel
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 31 Oct 2014
Posts: 4685
Location: Land Of The Leprechauns

PostPosted: Fri Jul 20, 2012 1:10 am    Post subject: Reply with quote

Hi Jel,
ComboFix should of saved a log on your C drive, to find it do the following.
Go to Start > Computer > C: > ComboFix.txt.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Jel
Junior Member


Joined: 07 Jul 2012
Last Visit: 24 Jul 2012
Posts: 23

PostPosted: Fri Jul 20, 2012 10:32 am    Post subject: combofix.txt Reply with quote

Hi Cypher,

I am discouraged to have to say that i cannot find that file. it did create a ComboFix Folder on my C: and when i open it there is no combofix.txt. i did a search on the entire C: and it wasn't found. I did get a warning from MS Windows after the pc reboot that says encountered a serious error.

The only file created or updated at the time of the combofix run was the Windows/windowsupddate.txt:

2012-07-20 11:20:25:718 1296 bd4 Misc =========== Logging initialized (build: 7.6.7600.256, tz: -0700) ===========
2012-07-20 11:20:25:765 1296 bd4 Misc = Process: C:\WINDOWS\System32\svchost.exe
2012-07-20 11:20:25:765 1296 bd4 Misc = Module: C:\WINDOWS\system32\wuaueng.dll
2012-07-20 11:20:25:718 1296 bd4 Service *************
2012-07-20 11:20:25:765 1296 bd4 Service ** START ** Service: Service startup
2012-07-20 11:20:25:765 1296 bd4 Service *********
2012-07-20 11:20:25:765 1296 bd4 Agent * WU client version 7.6.7600.256
2012-07-20 11:20:25:765 1296 bd4 Agent * Base directory: C:\WINDOWS\SoftwareDistribution
2012-07-20 11:20:25:765 1296 bd4 Agent * Access type: No proxy
2012-07-20 11:20:25:765 1296 bd4 Agent * Network state: Connected
2012-07-20 11:21:14:346 1296 bd4 Agent *********** Agent: Initializing Windows Update Agent ***********
2012-07-20 11:21:14:346 1296 bd4 Agent *********** Agent: Initializing global settings cache ***********
2012-07-20 11:21:14:346 1296 bd4 Agent * WSUS server: <NULL>
2012-07-20 11:21:14:346 1296 bd4 Agent * WSUS status server: <NULL>
2012-07-20 11:21:14:346 1296 bd4 Agent * Target group: (Unassigned Computers)
2012-07-20 11:21:14:346 1296 bd4 Agent * Windows Update access disabled: No
2012-07-20 11:21:14:362 1296 bd4 DnldMgr Download manager restoring 0 downloads
2012-07-20 11:21:14:377 1296 bd4 AU ########### AU: Initializing Automatic Updates ###########
2012-07-20 11:21:14:377 1296 bd4 AU AU setting next sqm report timeout to 2012-07-20 18:21:14
2012-07-20 11:21:14:377 1296 bd4 AU # Approval type: Scheduled (User preference)
2012-07-20 11:21:14:377 1296 bd4 AU # Scheduled install day/time: Every day at 3:00
2012-07-20 11:21:14:377 1296 bd4 AU # Auto-install minor updates: Yes (User preference)
2012-07-20 11:21:14:377 1296 bd4 AU Setting AU scheduled install time to 2012-07-21 10:00:00
2012-07-20 11:21:14:377 1296 bd4 AU Initializing featured updates
2012-07-20 11:21:14:377 1296 bd4 AU Found 0 cached featured updates
2012-07-20 11:21:14:377 1296 bd4 AU AU finished delayed initialization
2012-07-20 11:21:14:674 1296 bd4 Report *********** Report: Initializing static reporting data ***********
2012-07-20 11:21:14:674 1296 bd4 Report * OS Version = 5.1.2600.3.0.65792
2012-07-20 11:21:14:737 1296 bd4 Report * Computer Brand = Acer
2012-07-20 11:21:14:737 1296 bd4 Report * Computer Model = Veriton M410
2012-07-20 11:21:14:737 1296 bd4 Report * Bios Revision = R02-A1
2012-07-20 11:21:14:737 1296 bd4 Report * Bios Name = Phoenix - AwardBIOS v6.00PG
2012-07-20 11:21:14:737 1296 bd4 Report * Bios Release Date = 2007-11-07T00:00:00
2012-07-20 11:21:14:737 1296 bd4 Report * Locale ID = 1033

sorry, Jel (if I could send you print screens I could show you what is there)
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 31 Oct 2014
Posts: 4685
Location: Land Of The Leprechauns

PostPosted: Sat Jul 21, 2012 6:56 am    Post subject: Reply with quote

Hi Jel,
Quote:
I am discouraged to have to say that i cannot find that file. it did create a ComboFix Folder on my C: and when i open it there is no combofix.txt

That is odd, the combofix.txt is always found there.
Does the download problem still exist after running ComboFix?
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Jel
Junior Member


Joined: 07 Jul 2012
Last Visit: 24 Jul 2012
Posts: 23

PostPosted: Mon Jul 23, 2012 11:18 am    Post subject: ComboFix.txt Reply with quote

Hi Cypher,

I had a friend come over to look for the file and he couldn't find it either. When i ran the comboFix it said that their was a newer version available click yes to download....should i try that ? if it will download. The downloads still just start and then hang usually around something less than 1 MB.

Thank you again, Jel
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 31 Oct 2014
Posts: 4685
Location: Land Of The Leprechauns

PostPosted: Tue Jul 24, 2012 1:33 am    Post subject: Reply with quote

Hi Jel,
I think we have done all we can here, as i mentioned earlier, my area of knowledge is in Malware removal.
We have run various scans on your computer, and i can't see anything malware related that would cause the problems you are having.
At this point you have two options, you could reformat your computer using the recovery discs you created, and reinstall windows.
Or i can direct you to a tech forum, where they may be able to advise you further, what do you think you would prefer to do?
Please let me know in your next reply.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group