Inactive [A] 206.161.121.6 trojan sirefef

Status
Not open for further replies.
E

Ellca1012

Posts: 18   +0
My son inadvertantly let this bug in and no I am unable to remove, I have tried using AVG, Norton 360 as well as malware bytes, all declare my computer clean, but Norton keeps alerting me to a high usage in Win322 and Malware bytes keeps blocking outgoing access to 206.161.121.6 and 78.41.203.118 HELP!! I need to get this bug off my PC any suggestions?
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.06.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Carmen 2 :: ELLIOTT [administrator]
Protection: Enabled
6/7/2012 7:37:13 PM
mbam-log-2012-06-07 (19-37-13).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 247258
Time elapsed: 33 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-07 20:34:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD1600AAJS-75PSA0 rev.05.06H05
Running: rff42hlb[1].exe; Driver: C:\DOCUME~1\CARMEN~1\LOCALS~1\Temp\ugldapog.sys

---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xA920EA00]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 001A3984
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\WINDOWS\System32\svchost.exe[1096] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 001A42DC
.text C:\WINDOWS\System32\svchost.exe[1096] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 001A432B
.text C:\WINDOWS\System32\svchost.exe[1096] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 001A438B
.text C:\WINDOWS\System32\svchost.exe[1096] USER32.dll!IsWindowVisible 7E429E3D 5 Bytes JMP 001A43B2
.text C:\WINDOWS\System32\svchost.exe[1096] USER32.dll!MessageBoxIndirectW 7E4664D5 6 Bytes [33, C0, 40, C2, 04, 00] {XOR EAX, EAX; INC EAX; RET 0x4}
.text C:\WINDOWS\System32\svchost.exe[1096] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 001A4477
.text C:\WINDOWS\System32\svchost.exe[1096] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 001A444D
.text C:\WINDOWS\System32\svchost.exe[1096] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 001A4278
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3332] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00263984
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 868312E2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 868312E2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 868312E2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 868312E2
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- EOF - GMER 1.0.15 ----
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/6/2007 2:06:59 PM
System Uptime: 6/7/2012 7:32:49 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0KW628
Processor: Intel(R) Core(TM)2 Duo CPU E4400 @ 2.00GHz | Microprocessor | 1995/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 132.957 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1214: 3/2/2012 5:43:12 PM - System Checkpoint
RP1215: 3/3/2012 6:42:11 PM - System Checkpoint
RP1216: 3/4/2012 7:42:07 PM - System Checkpoint
RP1217: 3/5/2012 8:42:07 PM - System Checkpoint
RP1218: 3/6/2012 9:42:08 PM - System Checkpoint
RP1219: 3/7/2012 10:42:08 PM - System Checkpoint
RP1220: 3/8/2012 11:42:06 PM - System Checkpoint
RP1221: 3/10/2012 12:42:06 AM - System Checkpoint
RP1222: 3/11/2012 2:42:05 AM - System Checkpoint
RP1223: 3/12/2012 3:42:07 AM - System Checkpoint
RP1224: 3/13/2012 4:42:05 AM - System Checkpoint
RP1225: 3/14/2012 3:00:15 AM - Software Distribution Service 3.0
RP1226: 3/15/2012 3:24:21 AM - System Checkpoint
RP1227: 3/16/2012 4:24:20 AM - System Checkpoint
RP1228: 3/17/2012 5:24:20 AM - System Checkpoint
RP1229: 3/18/2012 6:24:20 AM - System Checkpoint
RP1230: 3/19/2012 7:24:20 AM - System Checkpoint
RP1231: 3/20/2012 8:24:20 AM - System Checkpoint
RP1232: 3/21/2012 9:24:20 AM - System Checkpoint
RP1233: 3/22/2012 10:24:21 AM - System Checkpoint
RP1234: 3/23/2012 10:25:28 AM - System Checkpoint
RP1235: 3/24/2012 10:26:07 AM - System Checkpoint
RP1236: 3/25/2012 10:49:30 AM - System Checkpoint
RP1237: 3/26/2012 11:24:22 AM - System Checkpoint
RP1238: 3/27/2012 12:24:23 PM - System Checkpoint
RP1239: 3/28/2012 12:34:08 PM - System Checkpoint
RP1240: 3/29/2012 12:45:40 PM - System Checkpoint
RP1241: 3/30/2012 1:34:31 PM - System Checkpoint
RP1242: 3/31/2012 2:06:45 PM - System Checkpoint
RP1243: 4/1/2012 2:34:31 PM - System Checkpoint
RP1244: 4/2/2012 4:42:09 PM - System Checkpoint
RP1245: 4/3/2012 6:02:28 PM - System Checkpoint
RP1246: 4/4/2012 6:29:27 PM - System Checkpoint
RP1247: 4/5/2012 7:28:25 PM - System Checkpoint
RP1248: 4/6/2012 8:23:44 PM - System Checkpoint
RP1249: 4/7/2012 8:28:23 PM - System Checkpoint
RP1250: 4/8/2012 9:28:22 PM - System Checkpoint
RP1251: 4/9/2012 10:28:22 PM - System Checkpoint
RP1252: 4/10/2012 11:28:22 PM - System Checkpoint
RP1253: 4/11/2012 3:00:14 AM - Software Distribution Service 3.0
RP1254: 4/12/2012 3:29:50 AM - System Checkpoint
RP1255: 4/13/2012 3:34:21 AM - System Checkpoint
RP1256: 4/14/2012 4:34:21 AM - System Checkpoint
RP1257: 4/15/2012 5:34:21 AM - System Checkpoint
RP1258: 4/16/2012 6:34:21 AM - System Checkpoint
RP1259: 4/17/2012 7:34:21 AM - System Checkpoint
RP1260: 4/18/2012 8:34:21 AM - System Checkpoint
RP1261: 4/19/2012 8:51:35 AM - System Checkpoint
RP1262: 4/20/2012 8:53:08 AM - System Checkpoint
RP1263: 4/21/2012 9:51:24 AM - System Checkpoint
RP1264: 4/22/2012 9:52:29 AM - System Checkpoint
RP1265: 4/23/2012 10:51:24 AM - System Checkpoint
RP1266: 4/24/2012 12:32:13 PM - System Checkpoint
RP1267: 4/25/2012 12:46:42 PM - System Checkpoint
RP1268: 4/26/2012 12:51:25 PM - System Checkpoint
RP1269: 4/27/2012 12:54:47 PM - System Checkpoint
RP1270: 4/28/2012 12:55:48 PM - System Checkpoint
RP1271: 4/29/2012 1:36:57 PM - System Checkpoint
RP1272: 4/30/2012 2:34:53 PM - System Checkpoint
RP1273: 5/1/2012 2:51:27 PM - System Checkpoint
RP1274: 5/2/2012 3:58:45 PM - System Checkpoint
RP1275: 5/3/2012 4:22:11 PM - System Checkpoint
RP1276: 5/4/2012 6:23:38 PM - System Checkpoint
RP1277: 5/5/2012 7:22:10 PM - System Checkpoint
RP1278: 5/6/2012 8:35:09 PM - System Checkpoint
RP1279: 5/7/2012 9:34:10 PM - System Checkpoint
RP1280: 5/8/2012 10:22:09 PM - System Checkpoint
RP1281: 5/9/2012 11:22:09 PM - System Checkpoint
RP1282: 5/10/2012 11:23:15 PM - System Checkpoint
RP1283: 5/11/2012 3:00:15 AM - Software Distribution Service 3.0
RP1284: 5/12/2012 3:32:22 AM - System Checkpoint
RP1285: 5/13/2012 4:32:22 AM - System Checkpoint
RP1286: 5/14/2012 5:32:22 AM - System Checkpoint
RP1287: 5/15/2012 6:10:50 AM - System Checkpoint
RP1288: 5/16/2012 7:10:50 AM - System Checkpoint
RP1289: 5/17/2012 8:10:50 AM - System Checkpoint
RP1290: 5/18/2012 9:10:49 AM - System Checkpoint
RP1291: 5/19/2012 10:10:50 AM - System Checkpoint
RP1292: 5/20/2012 11:10:50 AM - System Checkpoint
RP1293: 5/21/2012 12:10:49 PM - System Checkpoint
RP1294: 5/22/2012 3:00:15 AM - Software Distribution Service 3.0
RP1295: 5/23/2012 3:10:53 AM - System Checkpoint
RP1296: 5/24/2012 4:10:53 AM - System Checkpoint
RP1297: 5/25/2012 4:11:58 AM - System Checkpoint
RP1298: 5/26/2012 5:10:53 AM - System Checkpoint
RP1299: 5/27/2012 6:10:54 AM - System Checkpoint
RP1300: 5/28/2012 7:10:54 AM - System Checkpoint
RP1301: 5/29/2012 5:01:05 PM - System Checkpoint
RP1302: 5/29/2012 8:50:46 PM - Removed AVG 2012
RP1303: 5/29/2012 8:52:17 PM - Removed AVG 2012
RP1304: 5/30/2012 6:58:18 PM - Norton 360 Registry Clean
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader 8.1.4
Adobe Shockwave Player 11.6
AVG PC Tuneup
Broadcom ASF Management Applications
Broadcom Management Programs
Dell ETS Factory Installation
DSmobile 600
DSmobileSCAN II
ERA Software Manager
Frontier High Speed Internet
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Image Plugin
Integration Assistant 3
Intel(R) Graphics Media Accelerator Driver
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
OpenOffice.org Installer 1.0
PowerDVD
Productivity 3 Toolbar
ProQuest Product Licenser
Rhapsody
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
SearchAssist
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923789)
Sonic Activation Module
SpeedyPC Pro
Spinco Download Manager
StarPL
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2598845)
URL Assistant
Vz In Home Agent
WebEx
WebFldrs XP
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
6/7/2012 7:41:15 PM, error: Print [6161] - The document https://www.techspot.com/community/topics/updated-5-step-viruses owned by Carmen 2 failed to print on printer Dell Photo AIO Printer 926. Data type: LEMF. Size of the spool file in bytes: 4883452. Number of bytes printed: 0. Total number of pages in the document: 5. Number of pages printed: 0. Client machine: \\ELLIOTT. Win32 error code returned by the print processor: 0 (0x0).
6/2/2012 8:55:32 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SYMEVENT\0000 disappeared from the system without first being prepared for removal.
6/2/2012 7:39:55 PM, error: Service Control Manager [7000] - The UCS Install NT Service service failed to start due to the following error: The system cannot find the path specified.
6/2/2012 7:39:55 PM, error: Service Control Manager [7000] - The REY PSCVersionService service failed to start due to the following error: The system cannot find the file specified.
6/2/2012 7:39:55 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
6/2/2012 7:38:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/2/2012 7:11:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
6/2/2012 7:08:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_N360 eeCtrl Fips intelppm SRTSPX SymIRON SYMTDI
6/2/2012 7:06:40 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
6/2/2012 4:14:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/2/2012 10:26:25 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
.
==== End Of File ===========================
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Carmen 2 at 20:40:06 on 2012-06-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.278 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NCNETWORKSDM\bin\sprtcmd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Rey\Bin\Ucsinsvc.exe
C:\Program Files\NCNETWORKSDM\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NCNETWORKSDM\bin\tgsrvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071024
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Productivity 3 Toolbar: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - c:\program files\productivity_3\prxtbPro2.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Productivity 3 Toolbar: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - c:\program files\productivity_3\prxtbPro2.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NCNETWORKSDM] "c:\program files\ncnetworksdm\bin\sprtcmd.exe" /P NCNETWORKSDM
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194376528525
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194376586009
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\carmen 2\application data\mozilla\firefox\profiles\dhvcimm2.default\
.
============= SERVICES / DRIVERS ===============
.
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-3-17 65536]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-2 654408]
R2 REY Install NT Service;REY Install NT Service;c:\rey\bin\UcsInSvc.exe [2010-9-10 98304]
R2 sprtsvc_ncnetworksdm;SupportSoft Sprocket Service (ncnetworksdm);c:\program files\ncnetworksdm\bin\sprtsvc.exe [2010-6-17 206120]
R2 tgsrvc_ncnetworksdm;SupportSoft Repair Service (ncnetworksdm);c:\program files\ncnetworksdm\bin\tgsrvc.exe [2010-6-17 185640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-2 22344]
S2 gupdate1ca27f0cb39b8f4;Google Update Service (gupdate1ca27f0cb39b8f4);c:\program files\google\update\GoogleUpdate.exe [2009-8-28 133104]
S2 REY PSCVersionService;REY PSCVersionService;c:\rey\bin\pscversionservice.exe --> c:\rey\bin\PscVersionService.exe [?]
S2 UCS Install NT Service;UCS Install NT Service;c:\ucc\services\ucsinsvc.exe --> c:\ucc\services\UcsInSvc.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-28 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-30 129976]
.
=============== Created Last 30 ================
.
2012-06-07 23:48:06 -------- d-----w- c:\documents and settings\carmen 2\local settings\application data\Adobe
2012-06-03 00:40:22 -------- d-----w- c:\documents and settings\carmen 2\local settings\application data\Mozilla
2012-06-02 23:40:18 -------- d-----w- c:\documents and settings\carmen 2\application data\Malwarebytes
2012-06-02 20:15:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 20:15:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-02 20:15:33 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-05-29 20:42:26 -------- d-sh--w- c:\documents and settings\carmen 2\PrivacIE
2012-05-29 03:49:28 -------- d-sh--w- c:\documents and settings\carmen 2\IECompatCache
2012-05-29 03:48:20 -------- d-----w- c:\documents and settings\carmen 2\application data\PriceGong
2012-05-29 03:47:52 -------- d-----w- c:\documents and settings\carmen 2\local settings\application data\Conduit
2012-05-29 03:47:10 -------- d-----w- c:\documents and settings\carmen 2\local settings\application data\Productivity_3
2012-05-29 03:46:24 -------- d-----w- c:\documents and settings\carmen 2\local settings\application data\SupportSoft
2012-05-28 23:42:27 -------- d-----w- c:\program files\common files\SpeedyPC Software
2012-05-28 23:42:26 -------- d-----w- c:\program files\SpeedyPC Software
2012-05-28 23:42:26 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
.
==================== Find3M ====================
.
2012-05-04 17:16:16 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 17:16:16 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 17:16:12 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600AAJS-75PSA0 rev.05.06H05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x868314B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8683893c]; MOV EAX, [0x86838ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x86D86AB8]
3 CLASSPNP[0xF7572FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x86876F18]
\Driver\atapi[0x86977580] -> IRP_MJ_CREATE -> 0x868314B1
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x868312E2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 20:41:34.64 ===============
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
20:53:23.0843 0688 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
20:53:23.0890 0688 ============================================================
20:53:23.0890 0688 Current date / time: 2012/06/07 20:53:23.0890
20:53:23.0890 0688 SystemInfo:
20:53:23.0890 0688
20:53:23.0890 0688 OS Version: 5.1.2600 ServicePack: 3.0
20:53:23.0890 0688 Product type: Workstation
20:53:23.0890 0688 ComputerName: ELLIOTT
20:53:23.0890 0688 UserName: Carmen 2
20:53:23.0890 0688 Windows directory: C:\WINDOWS
20:53:23.0890 0688 System windows directory: C:\WINDOWS
20:53:23.0890 0688 Processor architecture: Intel x86
20:53:23.0890 0688 Number of processors: 2
20:53:23.0890 0688 Page size: 0x1000
20:53:23.0890 0688 Boot type: Normal boot
20:53:23.0890 0688 ============================================================
20:53:26.0750 0688 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:53:26.0781 0688 ============================================================
20:53:26.0781 0688 \Device\Harddisk0\DR0:
20:53:26.0781 0688 MBR partitions:
20:53:26.0781 0688 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x129ED876
20:53:26.0781 0688 ============================================================
20:53:26.0843 0688 C: <-> \Device\Harddisk0\DR0\Partition0
20:53:26.0843 0688 ============================================================
20:53:26.0843 0688 Initialize success
20:53:26.0843 0688 ============================================================
20:53:31.0171 2480 ============================================================
20:53:31.0171 2480 Scan started
20:53:31.0171 2480 Mode: Manual;
20:53:31.0171 2480 ============================================================
20:53:31.0921 2480 Abiosdsk - ok
20:53:31.0953 2480 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:53:31.0953 2480 abp480n5 - ok
20:53:31.0984 2480 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:53:31.0984 2480 ACPI - ok
20:53:32.0015 2480 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:53:32.0015 2480 ACPIEC - ok
20:53:32.0062 2480 ADIHdAudAddService (62afc64108bbdb8d3ca32aad559e5af1) C:\WINDOWS\system32\drivers\ADIHdAud.sys
20:53:32.0078 2480 ADIHdAudAddService - ok
20:53:32.0140 2480 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:53:32.0156 2480 AdobeFlashPlayerUpdateSvc - ok
20:53:32.0187 2480 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:53:32.0187 2480 adpu160m - ok
20:53:32.0234 2480 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:53:32.0234 2480 aec - ok
20:53:32.0281 2480 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:53:32.0281 2480 AFD - ok
20:53:32.0328 2480 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:53:32.0328 2480 agp440 - ok
20:53:32.0359 2480 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:53:32.0359 2480 agpCPQ - ok
20:53:32.0375 2480 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:53:32.0375 2480 Aha154x - ok
20:53:32.0390 2480 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:53:32.0390 2480 aic78u2 - ok
20:53:32.0406 2480 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:53:32.0406 2480 aic78xx - ok
20:53:32.0437 2480 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:53:32.0437 2480 Alerter - ok
20:53:32.0453 2480 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:53:32.0453 2480 ALG - ok
20:53:32.0484 2480 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
20:53:32.0484 2480 AliIde - ok
20:53:32.0515 2480 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:53:32.0515 2480 alim1541 - ok
20:53:32.0546 2480 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:53:32.0546 2480 amdagp - ok
20:53:32.0578 2480 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
20:53:32.0578 2480 amsint - ok
20:53:32.0609 2480 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:53:32.0625 2480 AppMgmt - ok
20:53:32.0640 2480 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
20:53:32.0640 2480 asc - ok
20:53:32.0640 2480 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:53:32.0656 2480 asc3350p - ok
20:53:32.0687 2480 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:53:32.0687 2480 asc3550 - ok
20:53:32.0984 2480 ASFIPmon (cc184933b1dd73f34db5346515639a59) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
20:53:32.0984 2480 ASFIPmon - ok
20:53:33.0140 2480 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:53:33.0171 2480 aspnet_state - ok
20:53:33.0203 2480 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:53:33.0203 2480 AsyncMac - ok
20:53:33.0234 2480 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:53:33.0234 2480 atapi - ok
20:53:33.0250 2480 Atdisk - ok
20:53:33.0265 2480 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:53:33.0265 2480 Atmarpc - ok
20:53:33.0312 2480 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:53:33.0312 2480 AudioSrv - ok
20:53:33.0328 2480 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:53:33.0328 2480 audstub - ok
20:53:33.0375 2480 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:53:33.0375 2480 b57w2k - ok
20:53:33.0390 2480 BASFND (3d87b0484be1093c6614062701f375c5) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
20:53:33.0390 2480 BASFND - ok
20:53:33.0437 2480 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:53:33.0437 2480 Beep - ok
20:53:33.0500 2480 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:53:33.0578 2480 BITS - ok
20:53:33.0625 2480 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:53:33.0625 2480 Browser - ok
20:53:33.0640 2480 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:53:33.0640 2480 cbidf - ok
20:53:33.0656 2480 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:53:33.0656 2480 cbidf2k - ok
20:53:33.0656 2480 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:53:33.0656 2480 cd20xrnt - ok
20:53:33.0703 2480 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:53:33.0703 2480 Cdaudio - ok
20:53:33.0718 2480 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:53:33.0718 2480 Cdfs - ok
20:53:33.0765 2480 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:53:33.0765 2480 Cdrom - ok
20:53:33.0765 2480 Changer - ok
20:53:33.0796 2480 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:53:33.0796 2480 CiSvc - ok
20:53:33.0828 2480 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:53:33.0828 2480 ClipSrv - ok
20:53:33.0859 2480 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:53:33.0890 2480 clr_optimization_v2.0.50727_32 - ok
20:53:33.0906 2480 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:53:33.0906 2480 CmdIde - ok
20:53:33.0921 2480 COMSysApp - ok
20:53:33.0937 2480 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:53:33.0937 2480 Cpqarray - ok
20:53:34.0015 2480 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:53:34.0015 2480 CryptSvc - ok
20:53:34.0046 2480 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:53:34.0062 2480 dac2w2k - ok
20:53:34.0078 2480 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:53:34.0078 2480 dac960nt - ok
20:53:34.0125 2480 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:53:34.0140 2480 DcomLaunch - ok
20:53:34.0203 2480 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:53:34.0203 2480 Dhcp - ok
20:53:34.0218 2480 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:53:34.0218 2480 Disk - ok
20:53:34.0281 2480 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
20:53:34.0281 2480 DLABMFSM - ok
20:53:34.0281 2480 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
20:53:34.0281 2480 DLABOIOM - ok
20:53:34.0296 2480 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
20:53:34.0296 2480 DLACDBHM - ok
20:53:34.0328 2480 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
20:53:34.0328 2480 DLADResM - ok
20:53:34.0343 2480 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
20:53:34.0343 2480 DLAIFS_M - ok
20:53:34.0343 2480 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
20:53:34.0343 2480 DLAOPIOM - ok
20:53:34.0359 2480 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
20:53:34.0359 2480 DLAPoolM - ok
20:53:34.0359 2480 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
20:53:34.0359 2480 DLARTL_M - ok
20:53:34.0359 2480 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
20:53:34.0359 2480 DLAUDFAM - ok
20:53:34.0375 2480 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
20:53:34.0375 2480 DLAUDF_M - ok
20:53:34.0375 2480 dlcx_device - ok
20:53:34.0375 2480 dmadmin - ok
20:53:34.0453 2480 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:53:34.0468 2480 dmboot - ok
20:53:34.0500 2480 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:53:34.0500 2480 dmio - ok
20:53:34.0531 2480 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:53:34.0531 2480 dmload - ok
20:53:34.0562 2480 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:53:34.0562 2480 dmserver - ok
20:53:34.0578 2480 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:53:34.0578 2480 DMusic - ok
20:53:34.0593 2480 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:53:34.0609 2480 Dnscache - ok
20:53:34.0625 2480 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:53:34.0625 2480 Dot3svc - ok
20:53:34.0640 2480 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:53:34.0640 2480 dpti2o - ok
20:53:34.0671 2480 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:53:34.0671 2480 drmkaud - ok
20:53:34.0703 2480 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
20:53:34.0718 2480 DRVMCDB - ok
20:53:34.0718 2480 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
20:53:34.0718 2480 DRVNDDM - ok
20:53:34.0734 2480 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:53:34.0734 2480 E100B - ok
20:53:34.0750 2480 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:53:34.0750 2480 EapHost - ok
20:53:34.0781 2480 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:53:34.0781 2480 ERSvc - ok
20:53:34.0828 2480 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:53:34.0828 2480 Eventlog - ok
20:53:34.0890 2480 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:53:34.0890 2480 EventSystem - ok
20:53:34.0906 2480 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:53:34.0906 2480 Fastfat - ok
20:53:34.0953 2480 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:53:34.0953 2480 FastUserSwitchingCompatibility - ok
20:53:35.0031 2480 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
20:53:35.0031 2480 Fax - ok
20:53:35.0093 2480 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:53:35.0093 2480 Fdc - ok
20:53:35.0109 2480 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:53:35.0109 2480 Fips - ok
20:53:35.0125 2480 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:53:35.0125 2480 Flpydisk - ok
20:53:35.0171 2480 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:53:35.0171 2480 FltMgr - ok
20:53:35.0312 2480 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:53:35.0312 2480 FontCache3.0.0.0 - ok
20:53:35.0359 2480 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:53:35.0359 2480 Fs_Rec - ok
20:53:35.0406 2480 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:53:35.0406 2480 Ftdisk - ok
20:53:35.0468 2480 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:53:35.0468 2480 Gpc - ok
20:53:35.0593 2480 gupdate1ca27f0cb39b8f4 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
20:53:35.0609 2480 gupdate1ca27f0cb39b8f4 - ok
20:53:35.0609 2480 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
20:53:35.0609 2480 gupdatem - ok
20:53:35.0656 2480 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:53:35.0656 2480 gusvc - ok
20:53:35.0703 2480 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:53:35.0703 2480 HDAudBus - ok
20:53:35.0781 2480 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:53:35.0781 2480 helpsvc - ok
20:53:35.0812 2480 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
20:53:35.0812 2480 HidServ - ok
20:53:35.0828 2480 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:53:35.0828 2480 HidUsb - ok
20:53:35.0875 2480 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:53:35.0875 2480 hkmsvc - ok
20:53:35.0984 2480 HP Port Resolver (c5f00d15aa15cb7f55a027ff75e44bb7) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
20:53:36.0000 2480 HP Port Resolver - ok
20:53:36.0093 2480 HP Status Server (c5a288e4ceef5a26d105117baa3763ab) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
20:53:36.0093 2480 HP Status Server - ok
20:53:36.0125 2480 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
20:53:36.0125 2480 hpn - ok
20:53:36.0140 2480 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:53:36.0140 2480 HPZid412 - ok
20:53:36.0156 2480 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:53:36.0156 2480 HPZipr12 - ok
20:53:36.0171 2480 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:53:36.0171 2480 HPZius12 - ok
20:53:36.0203 2480 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:53:36.0203 2480 HTTP - ok
20:53:36.0250 2480 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:53:36.0265 2480 HTTPFilter - ok
20:53:36.0281 2480 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:53:36.0281 2480 i2omgmt - ok
20:53:36.0312 2480 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:53:36.0312 2480 i2omp - ok
20:53:36.0328 2480 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:53:36.0328 2480 i8042prt - ok
20:53:36.0406 2480 ialm (0674ce8ae167d830b871a99c677c5c59) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:53:36.0421 2480 ialm - ok
20:53:36.0578 2480 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:53:36.0593 2480 idsvc - ok
20:53:36.0656 2480 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:53:36.0656 2480 Imapi - ok
20:53:36.0687 2480 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:53:36.0703 2480 ImapiService - ok
20:53:36.0718 2480 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:53:36.0718 2480 ini910u - ok
20:53:36.0734 2480 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:53:36.0734 2480 IntelIde - ok
20:53:36.0765 2480 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:53:36.0765 2480 intelppm - ok
20:53:36.0796 2480 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:53:36.0812 2480 Ip6Fw - ok
20:53:36.0812 2480 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:53:36.0812 2480 IpFilterDriver - ok
20:53:36.0828 2480 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:53:36.0843 2480 IpInIp - ok
20:53:36.0875 2480 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:53:36.0875 2480 IpNat - ok
20:53:36.0890 2480 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:53:36.0890 2480 IPSec - ok
20:53:36.0906 2480 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:53:36.0921 2480 IRENUM - ok
20:53:36.0937 2480 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:53:36.0937 2480 isapnp - ok
20:53:37.0125 2480 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
20:53:37.0140 2480 JavaQuickStarterService - ok
20:53:37.0140 2480 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:53:37.0140 2480 Kbdclass - ok
20:53:37.0140 2480 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:53:37.0140 2480 kbdhid - ok
20:53:37.0171 2480 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:53:37.0171 2480 kmixer - ok
20:53:37.0203 2480 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:53:37.0203 2480 KSecDD - ok
20:53:37.0234 2480 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:53:37.0234 2480 lanmanserver - ok
20:53:37.0281 2480 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:53:37.0281 2480 lanmanworkstation - ok
20:53:37.0296 2480 lbrtfdc - ok
20:53:37.0359 2480 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:53:37.0359 2480 LmHosts - ok
20:53:37.0406 2480 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
20:53:37.0406 2480 MBAMProtector - ok
20:53:37.0484 2480 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:53:37.0500 2480 MBAMService - ok
20:53:37.0500 2480 MCSTRM - ok
20:53:37.0546 2480 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:53:37.0546 2480 Messenger - ok
20:53:37.0578 2480 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:53:37.0578 2480 mnmdd - ok
20:53:37.0609 2480 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:53:37.0609 2480 mnmsrvc - ok
20:53:37.0640 2480 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:53:37.0640 2480 Modem - ok
20:53:37.0671 2480 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:53:37.0671 2480 Mouclass - ok
20:53:37.0718 2480 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:53:37.0718 2480 mouhid - ok
20:53:37.0765 2480 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:53:37.0765 2480 MountMgr - ok
20:53:37.0812 2480 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:53:37.0812 2480 MozillaMaintenance - ok
20:53:37.0843 2480 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:53:37.0843 2480 mraid35x - ok
20:53:37.0843 2480 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:53:37.0843 2480 MRxDAV - ok
20:53:37.0921 2480 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:53:37.0968 2480 MRxSmb - ok
20:53:38.0015 2480 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:53:38.0031 2480 MSDTC - ok
20:53:38.0031 2480 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:53:38.0031 2480 Msfs - ok
20:53:38.0031 2480 MSIServer - ok
20:53:38.0078 2480 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:53:38.0078 2480 MSKSSRV - ok
20:53:38.0078 2480 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:53:38.0078 2480 MSPCLOCK - ok
20:53:38.0093 2480 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:53:38.0093 2480 MSPQM - ok
20:53:38.0125 2480 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:53:38.0140 2480 mssmbios - ok
20:53:38.0187 2480 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:53:38.0187 2480 Mup - ok
20:53:38.0234 2480 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:53:38.0281 2480 napagent - ok
20:53:38.0312 2480 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:53:38.0328 2480 NDIS - ok
20:53:38.0359 2480 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:53:38.0375 2480 NdisTapi - ok
20:53:38.0375 2480 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:53:38.0375 2480 Ndisuio - ok
20:53:38.0406 2480 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:53:38.0406 2480 NdisWan - ok
20:53:38.0421 2480 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:53:38.0421 2480 NDProxy - ok
20:53:38.0421 2480 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:53:38.0421 2480 NetBIOS - ok
20:53:38.0468 2480 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:53:38.0468 2480 NetBT - ok
20:53:38.0500 2480 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:53:38.0500 2480 NetDDE - ok
20:53:38.0515 2480 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:53:38.0515 2480 NetDDEdsdm - ok
20:53:38.0546 2480 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:53:38.0546 2480 Netlogon - ok
20:53:38.0609 2480 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:53:38.0609 2480 Netman - ok
20:53:38.0734 2480 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:53:38.0734 2480 NetTcpPortSharing - ok
20:53:38.0781 2480 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:53:38.0781 2480 Nla - ok
20:53:38.0812 2480 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:53:38.0812 2480 Npfs - ok
20:53:38.0859 2480 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:53:38.0859 2480 Ntfs - ok
20:53:38.0859 2480 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:53:38.0859 2480 NtLmSsp - ok
20:53:38.0921 2480 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:53:38.0953 2480 NtmsSvc - ok
20:53:39.0000 2480 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:53:39.0000 2480 Null - ok
20:53:39.0125 2480 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:53:39.0203 2480 nv - ok
20:53:39.0296 2480 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:53:39.0296 2480 NwlnkFlt - ok
20:53:39.0312 2480 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:53:39.0312 2480 NwlnkFwd - ok
20:53:39.0343 2480 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:53:39.0343 2480 Parport - ok
20:53:39.0359 2480 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:53:39.0359 2480 PartMgr - ok
20:53:39.0375 2480 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:53:39.0375 2480 ParVdm - ok
20:53:39.0406 2480 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:53:39.0406 2480 PCI - ok
20:53:39.0406 2480 PCIDump - ok
20:53:39.0421 2480 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:53:39.0421 2480 PCIIde - ok
20:53:39.0437 2480 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:53:39.0437 2480 Pcmcia - ok
20:53:39.0453 2480 PDCOMP - ok
20:53:39.0453 2480 PDFRAME - ok
20:53:39.0453 2480 PDRELI - ok
20:53:39.0453 2480 PDRFRAME - ok
20:53:39.0484 2480 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
20:53:39.0484 2480 perc2 - ok
20:53:39.0500 2480 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:53:39.0500 2480 perc2hib - ok
20:53:39.0546 2480 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:53:39.0546 2480 PlugPlay - ok
20:53:39.0593 2480 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
20:53:39.0593 2480 Pml Driver HPZ12 - ok
20:53:39.0640 2480 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:53:39.0640 2480 PolicyAgent - ok
20:53:39.0703 2480 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:53:39.0703 2480 PptpMiniport - ok
20:53:39.0703 2480 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:53:39.0703 2480 ProtectedStorage - ok
20:53:39.0703 2480 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:53:39.0703 2480 PSched - ok
20:53:39.0718 2480 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:53:39.0718 2480 Ptilink - ok
20:53:39.0734 2480 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:53:39.0734 2480 PxHelp20 - ok
20:53:39.0750 2480 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:53:39.0750 2480 ql1080 - ok
20:53:39.0750 2480 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:53:39.0750 2480 Ql10wnt - ok
20:53:39.0765 2480 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:53:39.0765 2480 ql12160 - ok
20:53:39.0781 2480 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:53:39.0781 2480 ql1240 - ok
20:53:39.0796 2480 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:53:39.0796 2480 ql1280 - ok
20:53:39.0828 2480 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:53:39.0828 2480 RasAcd - ok
20:53:39.0859 2480 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:53:39.0859 2480 RasAuto - ok
20:53:39.0890 2480 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:53:39.0890 2480 Rasl2tp - ok
20:53:39.0937 2480 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:53:39.0953 2480 RasMan - ok
20:53:39.0953 2480 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:53:39.0953 2480 RasPppoe - ok
20:53:39.0953 2480 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:53:39.0953 2480 Raspti - ok
20:53:40.0000 2480 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:53:40.0000 2480 Rdbss - ok
20:53:40.0000 2480 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:53:40.0015 2480 RDPCDD - ok
20:53:40.0015 2480 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:53:40.0031 2480 rdpdr - ok
20:53:40.0093 2480 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:53:40.0093 2480 RDPWD - ok
20:53:40.0125 2480 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:53:40.0140 2480 RDSessMgr - ok
20:53:40.0171 2480 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:53:40.0171 2480 redbook - ok
20:53:40.0218 2480 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:53:40.0218 2480 RemoteAccess - ok
20:53:40.0250 2480 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:53:40.0265 2480 RemoteRegistry - ok
20:53:40.0343 2480 REY Install NT Service (0b975a71d0122f85fb466d8eea826c78) C:\Rey\Bin\Ucsinsvc.exe
20:53:40.0343 2480 REY Install NT Service - ok
20:53:40.0359 2480 REY PSCVersionService - ok
20:53:40.0406 2480 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:53:40.0406 2480 RpcLocator - ok
20:53:40.0453 2480 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:53:40.0468 2480 RpcSs - ok
20:53:40.0515 2480 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:53:40.0515 2480 RSVP - ok
20:53:40.0562 2480 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:53:40.0562 2480 SamSs - ok
20:53:40.0593 2480 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:53:40.0593 2480 SCardSvr - ok
20:53:40.0640 2480 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:53:40.0656 2480 Schedule - ok
20:53:40.0703 2480 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:53:40.0703 2480 Secdrv - ok
20:53:40.0750 2480 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:53:40.0750 2480 seclogon - ok
20:53:40.0812 2480 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
20:53:40.0828 2480 SenFiltService - ok
20:53:40.0843 2480 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:53:40.0843 2480 SENS - ok
20:53:40.0890 2480 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:53:40.0890 2480 serenum - ok
20:53:40.0906 2480 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:53:40.0906 2480 Serial - ok
20:53:40.0937 2480 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys
20:53:40.0937 2480 sermouse - ok
20:53:40.0953 2480 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:53:40.0953 2480 Sfloppy - ok
20:53:41.0015 2480 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:53:41.0031 2480 SharedAccess - ok
20:53:41.0125 2480 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:53:41.0125 2480 ShellHWDetection - ok
20:53:41.0125 2480 Simbad - ok
20:53:41.0171 2480 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:53:41.0171 2480 sisagp - ok
20:53:41.0203 2480 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:53:41.0203 2480 Sparrow - ok
20:53:41.0218 2480 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:53:41.0218 2480 splitter - ok
20:53:41.0265 2480 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:53:41.0265 2480 Spooler - ok
20:53:41.0359 2480 sprtsvc_ncnetworksdm - ok
20:53:41.0375 2480 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:53:41.0375 2480 sr - ok
20:53:41.0437 2480 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:53:41.0437 2480 srservice - ok
20:53:41.0468 2480 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:53:41.0484 2480 Srv - ok
20:53:41.0500 2480 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:53:41.0500 2480 SSDPSRV - ok
20:53:41.0562 2480 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:53:41.0625 2480 stisvc - ok
20:53:41.0687 2480 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
20:53:41.0687 2480 stllssvr - ok
20:53:41.0718 2480 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:53:41.0718 2480 swenum - ok
20:53:41.0718 2480 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:53:41.0718 2480 swmidi - ok
20:53:41.0734 2480 SwPrv - ok
20:53:41.0781 2480 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
20:53:41.0781 2480 symc810 - ok
20:53:41.0796 2480 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:53:41.0796 2480 symc8xx - ok
20:53:41.0812 2480 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:53:41.0812 2480 sym_hi - ok
20:53:41.0812 2480 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:53:41.0812 2480 sym_u3 - ok
20:53:41.0843 2480 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:53:41.0843 2480 sysaudio - ok
20:53:41.0890 2480 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:53:41.0890 2480 SysmonLog - ok
20:53:41.0921 2480 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:53:41.0937 2480 TapiSrv - ok
20:53:41.0968 2480 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:53:42.0015 2480 Tcpip - ok
20:53:42.0062 2480 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:53:42.0062 2480 TDPIPE - ok
20:53:42.0078 2480 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:53:42.0078 2480 TDTCP - ok
20:53:42.0156 2480 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:53:42.0156 2480 TermDD - ok
20:53:42.0203 2480 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:53:42.0250 2480 TermService - ok
20:53:42.0328 2480 tgsrvc_ncnetworksdm - ok
20:53:42.0375 2480 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:53:42.0390 2480 Themes - ok
20:53:42.0421 2480 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
20:53:42.0437 2480 TlntSvr - ok
20:53:42.0453 2480 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
20:53:42.0468 2480 TosIde - ok
20:53:42.0500 2480 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:53:42.0500 2480 TrkWks - ok
20:53:42.0531 2480 UCS Install NT Service - ok
20:53:42.0546 2480 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:53:42.0562 2480 Udfs - ok
20:53:42.0578 2480 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
20:53:42.0578 2480 ultra - ok
20:53:42.0640 2480 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:53:42.0640 2480 Update - ok
20:53:42.0703 2480 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:53:42.0703 2480 upnphost - ok
20:53:42.0734 2480 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:53:42.0734 2480 UPS - ok
20:53:42.0765 2480 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:53:42.0765 2480 usbaudio - ok
20:53:42.0781 2480 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:53:42.0781 2480 usbccgp - ok
20:53:42.0828 2480 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:53:42.0828 2480 usbehci - ok
20:53:42.0828 2480 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:53:42.0843 2480 usbhub - ok
20:53:42.0859 2480 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:53:42.0859 2480 usbprint - ok
20:53:42.0890 2480 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:53:42.0890 2480 usbscan - ok
20:53:42.0921 2480 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:53:42.0921 2480 USBSTOR - ok
20:53:42.0921 2480 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:53:42.0921 2480 usbuhci - ok
20:53:42.0937 2480 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:53:42.0937 2480 VgaSave - ok
20:53:42.0984 2480 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:53:42.0984 2480 viaagp - ok
20:53:43.0000 2480 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:53:43.0000 2480 ViaIde - ok
20:53:43.0031 2480 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:53:43.0031 2480 VolSnap - ok
20:53:43.0078 2480 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:53:43.0109 2480 VSS - ok
20:53:43.0171 2480 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:53:43.0171 2480 w32time - ok
20:53:43.0218 2480 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:53:43.0234 2480 Wanarp - ok
20:53:43.0234 2480 WDICA - ok
20:53:43.0250 2480 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:53:43.0250 2480 wdmaud - ok
20:53:43.0296 2480 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:53:43.0296 2480 WebClient - ok
20:53:43.0390 2480 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:53:43.0406 2480 winmgmt - ok
20:53:43.0468 2480 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:53:43.0468 2480 WmdmPmSN - ok
20:53:43.0531 2480 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:53:43.0578 2480 Wmi - ok
20:53:43.0625 2480 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:53:43.0625 2480 WmiApSrv - ok
20:53:43.0750 2480 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:53:43.0781 2480 WMPNetworkSvc - ok
20:53:43.0828 2480 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:53:43.0828 2480 wscsvc - ok
20:53:43.0875 2480 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:53:43.0906 2480 wuauserv - ok
20:53:43.0984 2480 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:53:43.0984 2480 WudfPf - ok
20:53:44.0000 2480 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:53:44.0000 2480 WudfRd - ok
20:53:44.0015 2480 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:53:44.0015 2480 WudfSvc - ok
20:53:44.0078 2480 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:53:44.0093 2480 WZCSVC - ok
20:53:44.0171 2480 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:53:44.0171 2480 xmlprov - ok
20:53:44.0203 2480 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:53:44.0250 2480 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
20:53:44.0250 2480 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
20:53:44.0281 2480 Boot (0x1200) (3fcdddab4f35a1210d9e28fe8729ffdd) \Device\Harddisk0\DR0\Partition0
20:53:44.0296 2480 \Device\Harddisk0\DR0\Partition0 - ok
20:53:44.0296 2480 ============================================================
20:53:44.0296 2480 Scan finished
20:53:44.0296 2480 ============================================================
20:53:44.0296 3224 Detected object count: 1
20:53:44.0296 3224 Actual detected object count: 1
20:54:06.0781 3224 \Device\Harddisk0\DR0\# - copied to quarantine
20:54:06.0781 3224 \Device\Harddisk0\DR0 - copied to quarantine
20:54:06.0796 3224 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
20:54:06.0796 3224 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
20:54:06.0828 3224 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
20:54:06.0828 3224 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:54:06.0843 3224 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:54:06.0843 3224 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
20:54:06.0890 3224 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
20:54:06.0890 3224 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
20:54:06.0890 3224 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:54:06.0890 3224 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:54:06.0890 3224 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
20:54:06.0890 3224 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
20:54:06.0890 3224 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
20:54:06.0890 3224 \Device\Harddisk0\DR0 - ok
20:54:07.0984 3224 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
20:54:12.0796 3512 Deinitialize success
 
Good :)

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

==========================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
When I hit Ctrl + C the screen turns white, I open the Notepad and hit Cntrl +V it eerily looks like the TDSS log-- Is that correct?
 
That was TDSSKiller log.

On your desktop you should see bootkit_remover_debug_log.txt file.
Post its content.
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-07 21:14:37
-----------------------------
21:14:37.203 OS Version: Windows 5.1.2600 Service Pack 3
21:14:37.203 Number of processors: 2 586 0xF0D
21:14:37.203 ComputerName: ELLIOTT UserName:
21:14:37.859 Initialize success
21:17:27.312 AVAST engine defs: 12060701
21:17:44.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:17:44.453 Disk 0 Vendor: WDC_WD1600AAJS-75PSA0 05.06H05 Size: 152587MB BusType: 3
21:17:44.484 Disk 0 MBR read successfully
21:17:44.484 Disk 0 MBR scan
21:17:44.546 Disk 0 Windows XP default MBR code
21:17:44.546 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
21:17:44.562 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152539 MB offset 96390
21:17:44.562 Disk 0 scanning sectors +312496380
21:17:44.687 Disk 0 scanning C:\WINDOWS\system32\drivers
21:17:55.671 Service scanning
21:18:11.453 Modules scanning
21:18:18.687 Disk 0 trace - called modules:
21:18:18.703 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
21:18:18.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d87ab8]
21:18:18.703 3 CLASSPNP.SYS[f7572fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d3cd98]
21:18:19.312 AVAST engine scan C:\WINDOWS
21:18:27.281 AVAST engine scan C:\WINDOWS\system32
21:20:55.046 AVAST engine scan C:\WINDOWS\system32\drivers
21:21:12.390 AVAST engine scan C:\Documents and Settings\Carmen 2
21:22:59.500 AVAST engine scan C:\Documents and Settings\All Users
21:23:50.375 Scan finished successfully
21:25:01.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Carmen 2\Desktop\MBR.dat"
21:25:01.671 The log file has been saved successfully to "C:\Documents and Settings\Carmen 2\Desktop\aswMBR.txt"
 
.\debug.cpp(238) : Debug log started at 08.06.2012 - 01:11:59
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.1
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x0020e000 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806e5000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xf7a32000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xf7942000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xf7403000 0x0002e000 "ACPI.sys"
.\debug.cpp(256) : 0xf7a34000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xf73f2000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xf7532000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xf7afa000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xf77b2000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xf7542000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xf73d3000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xf7a36000 0x00002000 "dmload.sys"
.\debug.cpp(256) : 0xf73ad000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xf77ba000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xf7552000 0x0000d000 "VolSnap.sys"
.\debug.cpp(256) : 0xf7395000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xf7562000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xf7572000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xf7375000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xf7363000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xf734d000 0x00016000 "DRVMCDB.SYS"
.\debug.cpp(256) : 0xf7582000 0x00009000 "PxHelp20.sys"
.\debug.cpp(256) : 0xf7336000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xf72a9000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xf727c000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xf7262000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xf75a2000 0x00009000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0xf70fd000 0x0010c000 "\SystemRoot\system32\DRIVERS\igxpmp32.sys"
.\debug.cpp(256) : 0xf70e9000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xf78a2000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xf70c5000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xf78aa000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xf709d000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xf7073000 0x0002a000 "\SystemRoot\system32\DRIVERS\b57xp32.sys"
.\debug.cpp(256) : 0xf78b2000 0x00007000 "\SystemRoot\system32\DRIVERS\fdc.sys"
.\debug.cpp(256) : 0xf705f000 0x00014000 "\SystemRoot\system32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0xf75b2000 0x00010000 "\SystemRoot\system32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0xf79fe000 0x00004000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0xf75c2000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xf7a5e000 0x00002000 "\SystemRoot\System32\Drivers\DLACDBHM.SYS"
.\debug.cpp(256) : 0xf75d2000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xf75e2000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xf703c000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xf7c29000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xf75f2000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xf7a06000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xf7025000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xf7602000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xf7612000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xf78ba000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xf7014000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xf7622000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xf78c2000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xf78ca000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xf6fe4000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xf7632000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xf78d2000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xf78da000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xf7a60000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xf6f5e000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xf7a26000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xf7652000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xf7662000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xf7a62000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xa9f22000 0x00040000 "\SystemRoot\system32\drivers\ADIHdAud.sys"
.\debug.cpp(256) : 0xa9efe000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xf7672000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xa9dfe000 0x00060000 "\SystemRoot\system32\drivers\Senfilt.sys"
.\debug.cpp(256) : 0xf78e2000 0x00005000 "\SystemRoot\system32\DRIVERS\flpydisk.sys"
.\debug.cpp(256) : 0xf79da000 0x00003000 "\SystemRoot\System32\Drivers\i2omgmt.SYS"
.\debug.cpp(256) : 0xf78f2000 0x00008000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0xf7a68000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xf7b9c000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xf7a6a000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xf7902000 0x00006000 "\SystemRoot\System32\Drivers\DLARTL_M.SYS"
.\debug.cpp(256) : 0xf790a000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xf7912000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xf7a6c000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xf7a6e000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xf791a000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xf7922000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xf79ea000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xa9da3000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xa9d4a000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xa9cfa000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xa9cd4000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xa8ff2000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xf76b2000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xa8fc7000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xa8f57000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xf76c2000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xf76d2000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xf6fd0000 0x00004000 "\SystemRoot\system32\DRIVERS\usbscan.sys"
.\debug.cpp(256) : 0xf7932000 0x00007000 "\SystemRoot\system32\DRIVERS\usbprint.sys"
.\debug.cpp(256) : 0xf6fcc000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0xf76e2000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xf77ca000 0x00007000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
.\debug.cpp(256) : 0xf7712000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xf722d000 0x00004000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0xf7229000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0xa8f17000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0xf7a80000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c7000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xa9dd6000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xf77fa000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xf7b37000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf022000 0x00027000 "\SystemRoot\System32\igxpgd32.dll"
.\debug.cpp(256) : 0xbf012000 0x00010000 "\SystemRoot\System32\igxprd32.dll"
.\debug.cpp(256) : 0xbf049000 0x0013d000 "\SystemRoot\System32\igxpdv32.DLL"
.\debug.cpp(256) : 0xbf186000 0x00200000 "\SystemRoot\System32\igxpdx32.DLL"
.\debug.cpp(256) : 0xbf386000 0x00047000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xa8e73000 0x00004000 "\??\C:\WINDOWS\system32\drivers\mbam.sys"
.\debug.cpp(256) : 0xa9e9e000 0x0000b000 "\SystemRoot\System32\Drivers\DRVNDDM.SYS"
.\debug.cpp(256) : 0xf7bc3000 0x00001000 "\SystemRoot\System32\DLA\DLADResM.SYS"
.\debug.cpp(256) : 0xa8dbf000 0x00018000 "\SystemRoot\System32\DLA\DLAIFS_M.SYS"
.\debug.cpp(256) : 0xf7812000 0x00005000 "\SystemRoot\System32\DLA\DLAOPIOM.SYS"
.\debug.cpp(256) : 0xf7a9e000 0x00002000 "\SystemRoot\System32\DLA\DLAPoolM.SYS"
.\debug.cpp(256) : 0xf781a000 0x00007000 "\SystemRoot\System32\DLA\DLABMFSM.SYS"
.\debug.cpp(256) : 0xf7822000 0x00007000 "\SystemRoot\System32\DLA\DLABOIOM.SYS"
.\debug.cpp(256) : 0xa8da9000 0x00016000 "\SystemRoot\System32\DLA\DLAUDFAM.SYS"
.\debug.cpp(256) : 0xa8d92000 0x00017000 "\SystemRoot\System32\DLA\DLAUDF_M.SYS"
.\debug.cpp(256) : 0xa8e13000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xa8b35000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xa8a58000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xa8e97000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xf7aca000 0x00002000 "\??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys"
.\debug.cpp(256) : 0xa86d5000 0x00058000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xa7f58000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0xa7d79000 0x00009000 "\SystemRoot\system32\DRIVERS\ipfltdrv.sys"
.\debug.cpp(256) : 0xa7a6d000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys"
.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000029"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\00000031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{b0dc341a-1879-11e1-a80b-001aa0dbdc06}"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination "\Device\Ip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&23116b25&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000028"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2830&SUBSYS_01DA1028&REV_02#3&172e68dd&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination "\Device\IPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_413c&Pid_2003#5&18e0a94f&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination "\Device\NDProxy"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#8&2b8fcfeb&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&40094b8&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\FloppyPDO0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2834&SUBSYS_01DA1028&REV_02#3&172e68dd&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination "\Device\Serial0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{23996D71-0B1E-411E-B2B2-E59EDF8353F5}"
.\debug.cpp(400) : Destination "\Device\{23996D71-0B1E-411E-B2B2-E59EDF8353F5}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1983&SUBSYS_102801DA&REV_1004#4&33439bc3&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000059"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1983&SUBSYS_102801DA&REV_1004#4&33439bc3&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000059"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2835&SUBSYS_01DA1028&REV_02#3&172e68dd&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Usbscan0"
.\debug.cpp(400) : Destination "\Device\Usbscan0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3828bed4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination "\Device\IPNAT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination "\Device\PSched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#8&2b8fcfeb&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I2OExec"
.\debug.cpp(400) : Destination "\Device\I2OExec"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Dell&Prod_USB_Mass_Storage&Rev_1.00#7&2af10d4b&0&88ZLGB1&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000067"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2992&SUBSYS_01DA1028&REV_02#3&172e68dd&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\VideoPdo0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&6ba2591&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPFILTERDRIVER"
.\debug.cpp(400) : Destination "\Device\IPFILTERDRIVER"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature41AB2316Offset2F10C00Length253DB0EC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1983&SUBSYS_102801DA&REV_1004#4&33439bc3&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000059"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_167A&SUBSYS_01DA1028&REV_02#4&21e4e6e0&0&00E4#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination "\Device\sysaudio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DR3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8E6984F7-592D-47F6-98D0-801C944188C5}"
.\debug.cpp(400) : Destination "\Device\{8E6984F7-592D-47F6-98D0-801C944188C5}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2836&SUBSYS_01DA1028&REV_02#3&172e68dd&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1983&SUBSYS_102801DA&REV_1004#4&33439bc3&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\00000059"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD+-RW_GSA-H31N_______________B109____#5&1a4d1015&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000003d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) : Destination "\Device\USBFDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&64061ba&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EEBB6D6F-4603-4592-A853-FB7E4BDA8C26}"
.\debug.cpp(400) : Destination "\Device\{EEBB6D6F-4603-4592-A853-FB7E4BDA8C26}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1983&SUBSYS_102801DA&REV_1004#4&33439bc3&0&0001#{a8bdfc47-9b46-4bc3-97ea-7d092a5c1b72}"
.\debug.cpp(400) : Destination "\Device\00000059"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
.\debug.cpp(400) : Destination "\Device\USBFDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination "\Device\00000053"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\drvnddm"
.\debug.cpp(400) : Destination "\Device\drvnddm"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD+-RW_GSA-H31N_______________B109____#5&1a4d1015&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B6AF18BB-88BD-4D45-A455-01ABFDE33781}"
.\debug.cpp(400) : Destination "\Device\{B6AF18BB-88BD-4D45-A455-01ABFDE33781}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_c408#5&198140ad&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1ecb9431-8c9b-11dc-a5e3-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination "\Device\00000031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination "\Device\00000031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_413c&Pid_5115&MI_02#7&719cf89&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000066"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1ecb9430-8c9b-11dc-a5e3-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&61efccb&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2c6be34e&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination "\Device\00000053"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1983&SUBSYS_102801DA&REV_1004#4&33439bc3&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\00000059"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{99805ECF-EE0C-47CB-AFA1-A37216867C24}"
.\debug.cpp(400) : Destination "\Device\{99805ECF-EE0C-47CB-AFA1-A37216867C24}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_413c&Pid_2003#6&9f75d98&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000068"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) : Destination "\Device\DmControl\DmConfig"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000027"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_413c&Pid_5115#88ZLGB1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_413c&Pid_2003#6&9f75d98&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000068"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD1600AAJS-75PSA0___________________05.06H05#5&7935f70&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1ecb9432-8c9b-11dc-a5e3-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\Floppy0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) : Destination "\Device\DmControl\DmTrace"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#4&25ebac29&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) : Destination "\Device\00000052"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\A:"
.\debug.cpp(400) : Destination "\Device\Floppy0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NdisWanIp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c408#6&d0567be&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000069"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2832&SUBSYS_01DA1028&REV_02#3&172e68dd&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination "\Device\00000031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination "\Device\ParTechInc0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2831&SUBSYS_01DA1028&REV_02#3&172e68dd&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination "\Device\00000031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
.\debug.cpp(400) : Destination "\Device\DmLoader"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination "\Device\ParTechInc1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination "\Device\IPMULTICAST"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination "\Device\NdisTapi"
.\debug.cpp(409) : --
.\debug.cpp(369) : Device "\GLOBAL??\DLAIFS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\drvmcdb"
.\debug.cpp(400) : Destination "\Device\drvmcdb"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination "\Device\ParTechInc2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5DBEB105-DEA3-47EE-801E-4F293FD25B2D}"
.\debug.cpp(400) : Destination "\Device\{5DBEB105-DEA3-47EE-801E-4F293FD25B2D}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1b8e453e&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD+-RW_GSA-H31N_______________B109____#5&1a4d1015&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination "\Device\LanmanRedirector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\FtControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&10671e48&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MBAMProtector"
.\debug.cpp(400) : Destination "\Device\MBAMProtector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BASFND"
.\debug.cpp(400) : Destination "\Device\BASFND"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2993&SUBSYS_01DA1028&REV_02#3&172e68dd&0&11#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000030"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c408#6&d0567be&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000069"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_413c&Pid_5115&MI_00#6&3819bf4c&0&0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\00000060"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6AFC366D-296E-4803-8210-5117A775E02D}"
.\debug.cpp(400) : Destination "\Device\{6AFC366D-296E-4803-8210-5117A775E02D}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000002f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) : Destination "\Device\DmControl\DmInfo"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_283A&SUBSYS_01DA1028&REV_02#3&172e68dd&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_413c&Pid_5115&MI_01#6&3819bf4c&0&0001#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"
.\debug.cpp(400) : Destination "\Device\00000061"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
.\boot_cleaner.cpp(1061) :
.\boot_cleaner.cpp(1062) : Size Device Name MBR Status
.\boot_cleaner.cpp(1063) : --------------------------------------------
.\boot_cleaner.cpp(1107) : 149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1113) :
.\boot_cleaner.cpp(1152) : Done;
 
Those look good.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-06-07.04 - Carmen 2 06/07/2012 21:48:20.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.542 [GMT -4:00]
Running from: c:\documents and settings\Carmen 2\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Carmen 2\Application Data\PriceGong
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\407.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\4436.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\I.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\z.txt
c:\windows\system32\Cache
c:\windows\system32\Cache\077c683d500ebf65.fb
c:\windows\system32\Cache\103bd32941421ab2.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2ab1dd6fe84f5db3.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\ea87f5ec972ce832.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
.
.
((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 )))))))))))))))))))))))))))))))
.
.
2012-06-08 00:54 . 2012-06-08 00:54 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-03 02:50 . 2012-06-03 02:50 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-06-02 20:15 . 2012-06-02 20:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-06-02 20:15 . 2012-06-02 20:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-02 20:15 . 2012-06-02 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-02 20:15 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-31 00:06 . 2012-05-31 00:06 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2012-05-31 00:06 . 2012-05-31 00:06 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-30 00:58 . 2012-05-30 00:58 -------- d-----w- c:\program files\Windows Sidebar
2012-05-29 03:45 . 2012-05-30 02:16 -------- d-----w- c:\documents and settings\Carmen 2
2012-05-29 03:03 . 2012-05-29 03:03 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2012-05-29 00:43 . 2012-05-29 00:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2012-05-29 00:40 . 2012-05-29 00:40 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-05-29 00:04 . 2012-05-29 00:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-05-28 23:42 . 2012-05-28 23:42 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-05-28 23:42 . 2012-05-28 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-05-28 23:42 . 2012-05-28 23:42 -------- d-----w- c:\program files\SpeedyPC Software
2012-05-28 16:11 . 2012-05-28 16:11 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 17:16 . 2012-04-11 17:17 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 17:16 . 2011-11-26 23:15 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 17:16 . 2012-05-04 17:16 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-11 13:14 . 2004-08-11 21:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-11 21:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-04 02:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-21 01:19 . 2012-05-31 00:06 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Productivity_3\prxtbPro2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}"= "c:\program files\Productivity_3\prxtbPro2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1FCA4DF8-9ACD-4DFB-89CC-DDD0082FC588}"= "c:\program files\Productivity_3\prxtbPro2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"NCNETWORKSDM"="c:\program files\NCNETWORKSDM\bin\sprtcmd.exe" [2010-06-17 206120]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
2004-02-19 09:23 61440 ----a-w- c:\dell\bldbubg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-01-26 13:08 18944 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-07-21 20:50 86016 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-07-21 20:48 98304 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 20:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 20:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 21:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-07-21 20:47 81920 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 13:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2006-05-01 12:07 843776 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 17:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-02-26 01:31 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\ReynoldsCommon\\ERAccess\\wIntegSM.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\Rey\\Bin\\Umhwinmg.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5713:TCP"= 5713:TCP:*:Disabled:Reynolds5713
"5713:UDP"= 5713:UDP:*:Disabled:Reynolds5713
"5714:TCP"= 5714:TCP:*:Disabled:Reynolds5714
"5714:UDP"= 5714:UDP:*:Disabled:Reynolds5714
"5715:TCP"= 5715:TCP:*:Disabled:Reynolds5715
"5715:UDP"= 5715:UDP:*:Disabled:Reynolds5715
"5281:TCP"= 5281:TCP:*:Disabled:Reynolds5281
"5281:UDP"= 5281:UDP:*:Disabled:Reynolds5281
.
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 5:25 PM 65536]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/2/2012 4:15 PM 654408]
R2 REY Install NT Service;REY Install NT Service;c:\rey\Bin\UcsInSvc.exe [9/10/2010 12:07 PM 98304]
R2 sprtsvc_ncnetworksdm;SupportSoft Sprocket Service (ncnetworksdm);c:\program files\NCNETWORKSDM\bin\sprtsvc.exe [6/17/2010 4:59 AM 206120]
R2 tgsrvc_ncnetworksdm;SupportSoft Repair Service (ncnetworksdm);c:\program files\NCNETWORKSDM\bin\tgsrvc.exe [6/17/2010 4:59 AM 185640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/2/2012 4:15 PM 22344]
S2 gupdate1ca27f0cb39b8f4;Google Update Service (gupdate1ca27f0cb39b8f4);c:\program files\Google\Update\GoogleUpdate.exe [8/28/2009 11:04 AM 133104]
S2 REY PSCVersionService;REY PSCVersionService;c:\rey\bin\PscVersionService.exe --> c:\rey\bin\PscVersionService.exe [?]
S2 UCS Install NT Service;UCS Install NT Service;c:\ucc\Services\UcsInSvc.exe --> c:\ucc\Services\UcsInSvc.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/11/2012 1:17 PM 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/28/2009 11:04 AM 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/30/2012 8:06 PM 129976]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 17:16]
.
2012-06-08 c:\windows\Tasks\AVG PC Tuneup Integrator Start On Paul Logon.job
- c:\program files\AVG\AVG PC Tuneup\BoostSpeed.exe [2012-03-28 21:20]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-28 15:04]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-28 15:04]
.
2012-05-28 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-05-30 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-01-30 22:17]
.
2012-05-28 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\Carmen 2\Application Data\Mozilla\Firefox\Profiles\dhvcimm2.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-07 21:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-06-07 21:55:52
ComboFix-quarantined-files.txt 2012-06-08 01:55
.
Pre-Run: 142,526,308,352 bytes free
Post-Run: 143,515,611,136 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 268A70DE099657469FC3BAB160611F2E
 
Looks good.

How is computer doing?

You're not running any AV program.
Install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
Update, run full scan, report on any findings.

================================================================================

Uninstall SpeedyPC Pro.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


=======================================================================

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Avast did not find anything. I initially installed Norton 360 but it slowed my system way down again nad it had the PC tuneup which was ill advised. I was unable to remove it to I removed Norton 360 and installed avast. I also removed speedy PC Pro. ran OTL-- logs to follow
 
OTL logfile created on: 6/7/2012 11:58:41 PM - Run 1
OTL by OldTimer - Version 3.2.47.0 Folder = C:\Documents and Settings\Carmen 2\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.54 Mb Total Physical Memory | 350.57 Mb Available Physical Memory | 34.59% Memory free
2.38 Gb Paging File | 1.87 Gb Available in Paging File | 78.26% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 132.99 Gb Free Space | 89.27% Space Free | Partition Type: NTFS

Computer Name: ELLIOTT | User Name: Carmen 2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/07 23:57:05 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carmen 2\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/03/06 19:15:13 | 000,134,920 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2011/07/29 16:06:54 | 000,098,304 | ---- | M] (UCS) -- C:\Rey\Bin\UcsInSvc.exe
PRC - [2011/06/09 14:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/06/17 04:59:54 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\NCNETWORKSDM\bin\tgsrvc.exe
PRC - [2010/06/17 04:59:46 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\NCNETWORKSDM\bin\sprtsvc.exe
PRC - [2010/06/17 04:59:28 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\NCNETWORKSDM\bin\sprtcmd.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/11/03 18:07:04 | 000,537,480 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcxcoms.exe
PRC - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/07 17:50:38 | 001,768,448 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12060701\algo.dll
MOD - [2012/05/11 03:07:39 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/11 03:07:25 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 03:07:14 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/02/19 22:35:02 | 000,015,872 | ---- | M] () -- C:\Rey\Bin\reyconfig.dll
MOD - [2010/04/13 15:04:39 | 000,019,456 | ---- | M] () -- C:\Rey\Bin\UCSString.dll
MOD - [2009/08/08 01:44:36 | 000,049,152 | ---- | M] () -- C:\Rey\Bin\IntelDis.dll
MOD - [2006/10/20 21:05:50 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcxprpr.dll
MOD - [2006/10/20 02:34:34 | 000,115,200 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcxdrui.dll
MOD - [2006/10/20 02:33:28 | 000,117,760 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcxdrpp.dll
MOD - [2006/09/06 07:13:14 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcxcfg.dll
MOD - [2006/08/18 13:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\UCC\Services\UcsInSvc.exe -- (UCS Install NT Service)
SRV - File not found [Auto | Stopped] -- C:\rey\bin\PscVersionService.exe -- (REY PSCVersionService)
SRV - [2012/05/04 13:16:17 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/20 21:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/03/06 19:15:13 | 000,134,920 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2011/07/29 16:06:54 | 000,098,304 | ---- | M] (UCS) [Auto | Running] -- C:\Rey\Bin\UcsInSvc.exe -- (REY Install NT Service)
SRV - [2010/06/17 04:59:54 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\NCNETWORKSDM\bin\tgsrvc.exe -- (tgsrvc_ncnetworksdm) SupportSoft Repair Service (ncnetworksdm)
SRV - [2010/06/17 04:59:46 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\NCNETWORKSDM\bin\sprtsvc.exe -- (sprtsvc_ncnetworksdm) SupportSoft Sprocket Service (ncnetworksdm)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/03 18:07:04 | 000,537,480 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\dlcxcoms.exe -- (dlcx_device)
SRV - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\CARMEN~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/06 19:04:25 | 000,112,984 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:03:23 | 000,196,440 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/03/06 19:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/03/06 18:44:51 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2006/08/28 02:28:56 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/03/17 17:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2003/04/24 16:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071024
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071024
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071024
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071024
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-279607682-2533331918-2848403705-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-279607682-2533331918-2848403705-1008\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-279607682-2533331918-2848403705-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-279607682-2533331918-2848403705-1008\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-279607682-2533331918-2848403705-1008\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...04ee51b5401&lang=en&ds=AVG&pr=pr&d=2011-12-28 00:53:45&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-279607682-2533331918-2848403705-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/06/07 23:42:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/30 20:06:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/06/02 20:47:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carmen 2\Application Data\Mozilla\Extensions
[2012/05/30 20:06:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/20 21:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2012/06/07 21:54:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Productivity 3 Toolbar) - {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - C:\Program Files\Productivity_3\prxtbPro2.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Productivity 3 Toolbar) - {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - C:\Program Files\Productivity_3\prxtbPro2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-279607682-2533331918-2848403705-1008\..\Toolbar\WebBrowser: (Productivity 3 Toolbar) - {1FCA4DF8-9ACD-4DFB-89CC-DDD0082FC588} - C:\Program Files\Productivity_3\prxtbPro2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLCXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NCNETWORKSDM] C:\Program Files\NCNETWORKSDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-279607682-2533331918-2848403705-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-279607682-2533331918-2848403705-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-279607682-2533331918-2848403705-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-279607682-2533331918-2848403705-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1194376528525 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1194376586009 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23996D71-0B1E-411E-B2B2-E59EDF8353F5}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

Continued in next post-
 
========== Files/Folders - Created Within 30 Days ==========

[2012/06/07 23:56:58 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carmen 2\Desktop\OTL.exe
[2012/06/07 23:48:48 | 000,112,984 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2012/06/07 23:48:36 | 000,196,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2012/06/07 23:48:35 | 000,024,408 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/06/07 23:48:32 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2012/06/07 23:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security
[2012/06/07 23:42:39 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/06/07 23:42:39 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/06/07 23:42:35 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/06/07 23:42:35 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/06/07 23:42:34 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/06/07 23:42:33 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/06/07 23:42:33 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/06/07 23:42:30 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/06/07 23:42:04 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/06/07 23:42:03 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/06/07 23:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/06/07 23:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/06/07 21:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Application Data\PriceGong
[2012/06/07 21:46:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/06/07 21:45:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/07 21:45:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/07 21:45:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/07 21:45:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/07 21:45:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/06/07 21:45:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/07 21:44:30 | 004,539,477 | R--- | C] (Swearware) -- C:\Documents and Settings\Carmen 2\Desktop\ComboFix.exe
[2012/06/07 21:14:16 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Carmen 2\Desktop\aswMBR.exe
[2012/06/07 21:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Desktop\bootkit_remover
[2012/06/07 20:54:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/07 20:53:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Desktop\tdsskiller
[2012/06/07 20:40:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carmen 2\Start Menu\Programs\Administrative Tools
[2012/06/07 20:38:14 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Carmen 2\Desktop\dds.scr
[2012/06/07 19:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Local Settings\Application Data\Adobe
[2012/06/02 20:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Local Settings\Application Data\Mozilla
[2012/06/02 20:40:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Application Data\Mozilla
[2012/06/02 19:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Application Data\Malwarebytes
[2012/06/02 16:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/02 16:15:33 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/02 16:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/02 16:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/30 20:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/30 20:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/05/30 20:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/05/29 21:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\My Documents\Symantec
[2012/05/29 20:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2012/05/29 16:42:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Carmen 2\PrivacIE
[2012/05/28 23:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Application Data\Sun
[2012/05/28 23:49:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Carmen 2\IECompatCache
[2012/05/28 23:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Application Data\Adobe
[2012/05/28 23:47:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Local Settings\Application Data\Conduit
[2012/05/28 23:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Application Data\Google
[2012/05/28 23:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Local Settings\Application Data\Productivity_3
[2012/05/28 23:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Local Settings\Application Data\SupportSoft
[2012/05/28 23:45:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Carmen 2\IETldCache
[2012/05/28 23:45:11 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Carmen 2\Application Data\Microsoft
[2012/05/28 23:45:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Carmen 2\Application Data
[2012/05/28 23:45:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carmen 2\Favorites
[2012/05/28 23:45:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Carmen 2\Cookies
[2012/05/28 23:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Application Data\Macromedia
[2012/05/28 23:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Application Data\Identities
[2012/05/28 23:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Local Settings\Application Data\Google
[2012/05/28 23:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Desktop
[2012/05/28 23:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Local Settings\Application Data\ApplicationHistory
[2012/05/28 23:45:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Carmen 2\SendTo
[2012/05/28 23:45:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Carmen 2\Recent
[2012/05/28 23:45:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carmen 2\Start Menu\Programs\Startup
[2012/05/28 23:45:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carmen 2\Start Menu
[2012/05/28 23:45:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carmen 2\My Documents\My Videos
[2012/05/28 23:45:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carmen 2\My Documents\My Pictures
[2012/05/28 23:45:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carmen 2\My Documents\My Music
[2012/05/28 23:45:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carmen 2\My Documents
[2012/05/28 23:45:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carmen 2\Start Menu\Programs\Accessories
[2012/05/28 23:45:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Carmen 2\Templates
[2012/05/28 23:45:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Carmen 2\PrintHood
[2012/05/28 23:45:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Carmen 2\NetHood
[2012/05/28 23:45:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Carmen 2\Local Settings
[2012/05/28 23:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Local Settings\Application Data\Roxio
[2012/05/28 23:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Local Settings\Application Data\PowerDVD DX
[2012/05/28 23:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\My Documents\My Google Gadgets
[2012/05/28 23:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Local Settings\Application Data\Microsoft
[2012/05/28 23:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Start Menu\Programs\Dell Accessories
[2012/05/28 23:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2012/05/28 20:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/05/28 20:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/05/28 20:39:36 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/05/28 20:04:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2012/05/28 19:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/05/28 11:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/05/28 11:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/05/14 16:06:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/07 23:57:05 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carmen 2\Desktop\OTL.exe
[2012/06/07 23:50:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/07 23:50:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/07 23:50:14 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On Paul Logon.job
[2012/06/07 23:50:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/07 23:50:02 | 1062,846,464 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/07 23:48:35 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/06/07 23:46:37 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2012/06/07 23:22:28 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/07 23:16:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/07 21:54:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/07 21:46:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/06/07 21:44:43 | 004,539,477 | R--- | M] (Swearware) -- C:\Documents and Settings\Carmen 2\Desktop\ComboFix.exe
[2012/06/07 21:25:01 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Carmen 2\Desktop\MBR.dat
[2012/06/07 21:14:16 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Carmen 2\Desktop\aswMBR.exe
[2012/06/07 21:05:32 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\Carmen 2\Desktop\bootkit_remover.zip
[2012/06/07 20:50:24 | 002,108,959 | ---- | M] () -- C:\Documents and Settings\Carmen 2\Desktop\tdsskiller.zip
[2012/06/07 20:38:16 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Carmen 2\Desktop\dds.scr
[2012/06/06 14:57:20 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/02 16:15:34 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/30 20:06:12 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/05/29 00:19:17 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Carmen 2\Desktop\My Computer.lnk
[2012/05/28 23:46:17 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Carmen 2\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/28 23:46:08 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Carmen 2\Desktop\Windows Media Player.lnk
[2012/05/24 01:24:24 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/05/24 01:24:24 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Carmen 2\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/11 03:28:22 | 000,118,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/11 03:06:42 | 000,442,894 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/11 03:06:42 | 000,072,160 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/11 03:03:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/07 23:46:37 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2012/06/07 21:46:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/06/07 21:46:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/06/07 21:45:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/07 21:45:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/07 21:45:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/07 21:45:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/07 21:45:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/07 21:25:01 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Desktop\MBR.dat
[2012/06/07 21:05:32 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Desktop\bootkit_remover.zip
[2012/06/07 20:50:14 | 002,108,959 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Desktop\tdsskiller.zip
[2012/06/06 14:37:02 | 1062,846,464 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/02 16:15:34 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/30 20:06:12 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/30 20:06:12 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/05/29 00:19:17 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Desktop\My Computer.lnk
[2012/05/28 23:46:08 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Start Menu\Programs\Windows Media Player.lnk
[2012/05/28 23:46:08 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Desktop\Windows Media Player.lnk
[2012/05/28 23:45:12 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/28 23:45:12 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/28 23:45:12 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Desktop\Help and Support.lnk
[2012/05/28 23:45:12 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/05/28 23:45:11 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Start Menu\Programs\Remote Assistance.lnk
[2012/05/28 23:45:11 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Start Menu\Programs\Internet Explorer.lnk
[2012/05/28 23:45:11 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Start Menu\Programs\Outlook Express.lnk
[2012/05/28 14:53:31 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/14 21:03:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/07 18:48:28 | 000,331,264 | ---- | C] () -- C:\WINDOWS\System32\DS600WIA.dll
[2010/11/04 14:48:04 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\wodCertificate.dll

========== LOP Check ==========

[2011/11/26 19:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2012/06/07 23:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/11/26 19:57:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/05/29 20:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/02/07 18:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PENTAX
[2011/08/05 16:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Reynolds
[2009/02/18 17:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Snap-on Business Solutions
[2012/06/07 23:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/01/20 21:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/06/07 23:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carmen 2\Application Data\PriceGong
[2012/02/25 21:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\AVG Secure Search
[2012/06/07 23:50:14 | 000,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\AVG PC Tuneup Integrator Start On Paul Logon.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/11/07 08:45:53 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/06/07 21:46:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/06/07 21:55:53 | 000,016,505 | ---- | M] () -- C:\ComboFix.txt
[2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/10/23 23:40:44 | 000,005,887 | RH-- | M] () -- C:\dell.sdr
[2011/10/14 09:37:14 | 000,000,000 | ---- | M] () -- C:\EPC_CLIENT.LOG
[2012/02/23 10:25:08 | 000,027,136 | ---- | M] () -- C:\FAX SHEET.doc
[2012/06/07 23:50:02 | 1062,846,464 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:36:08 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/11 08:26:56 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/06/07 23:50:01 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/09/29 08:35:54 | 000,000,090 | ---- | M] () -- C:\Pcterm1.txt
[2012/06/07 20:54:12 | 000,091,100 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_07.06.2012_20.53.23_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/11 17:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/20 02:33:28 | 000,117,760 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcxdrpp.dll
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/10/14 23:41:46 | 000,072,192 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43a.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/11 17:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/11 17:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/11 17:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/11 08:30:33 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/05/28 23:46:15 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Carmen 2\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/11 17:20:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Carmen 2\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/06/07 21:14:16 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Carmen 2\Desktop\aswMBR.exe
[2012/06/07 21:44:43 | 004,539,477 | R--- | M] (Swearware) -- C:\Documents and Settings\Carmen 2\Desktop\ComboFix.exe
[2012/06/07 23:57:05 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carmen 2\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/07 23:16:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/07 23:50:14 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On Paul Logon.job
[2004/08/04 05:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
[2012/06/07 23:50:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/07 23:22:28 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/07 23:50:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/05/28 23:46:15 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Carmen 2\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/06/07 23:50:06 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Carmen 2\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-05-22 07:03:47

< >
< End of report >

End OTL Txt log-- Ellca1012; Extras txt log to follow
 
OTL Extras logfile created on: 6/7/2012 11:58:41 PM - Run 1
OTL by OldTimer - Version 3.2.47.0 Folder = C:\Documents and Settings\Carmen 2\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.54 Mb Total Physical Memory | 350.57 Mb Available Physical Memory | 34.59% Memory free
2.38 Gb Paging File | 1.87 Gb Available in Paging File | 78.26% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 132.99 Gb Free Space | 89.27% Space Free | Partition Type: NTFS

Computer Name: ELLIOTT | User Name: Carmen 2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
"5713:TCP" = 5713:TCP:*:Enabled:Reynolds5713
"5713:UDP" = 5713:UDP:*:Enabled:Reynolds5713
"5714:TCP" = 5714:TCP:*:Enabled:Reynolds5714
"5714:UDP" = 5714:UDP:*:Enabled:Reynolds5714
"5715:TCP" = 5715:TCP:*:Enabled:Reynolds5715
"5715:UDP" = 5715:UDP:*:Enabled:Reynolds5715
"5281:TCP" = 5281:TCP:*:Enabled:Reynolds5281
"5281:UDP" = 5281:UDP:*:Enabled:Reynolds5281

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"5713:TCP" = 5713:TCP:*:Disabled:Reynolds5713
"5713:UDP" = 5713:UDP:*:Disabled:Reynolds5713
"5714:TCP" = 5714:TCP:*:Disabled:Reynolds5714
"5714:UDP" = 5714:UDP:*:Disabled:Reynolds5714
"5715:TCP" = 5715:TCP:*:Disabled:Reynolds5715
"5715:UDP" = 5715:UDP:*:Disabled:Reynolds5715
"5281:TCP" = 5281:TCP:*:Disabled:Reynolds5281
"5281:UDP" = 5281:UDP:*:Disabled:Reynolds5281

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\ReynoldsCommon\ERAccess\wIntegSM.exe" = C:\ReynoldsCommon\ERAccess\wIntegSM.exe:*:Enabled:wIntegrate Session Manager -- (Rocket Software)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth -- (Google)
"C:\WINDOWS\system32\dlcxcoms.exe" = C:\WINDOWS\system32\dlcxcoms.exe:*:Enabled:Dell 926 Server -- ( )
"C:\Rey\Bin\Umhwinmg.exe" = C:\Rey\Bin\Umhwinmg.exe:*:Disabled:Umhwinmg -- (UCS)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05227385-5073-46ED-9035-B1910E2613CC}" = DSmobileSCAN II
"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{260EB1B5-AA50-4E04-ABA0-361F675213C4}_is1" = Frontier High Speed Internet
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3715EF4B-E9E6-462F-858A-F2E8F1C77170}" = Integration Assistant 3
"{3D800710-5CB7-49EC-B5D1-5FC14E727025}" = StarPL
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{44F9B9B0-1725-421E-9377-8193E982CE2B}" = DSmobile 600
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{68C063CF-FF7D-49F3-AE93-ED0DA0EAE214}" = Vz In Home Agent
"{704C2901-0E9C-4E4B-862B-2001DACA314B}" = Spinco Download Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FDC8065B-80DE-4466-B90B-2581F6D77DFF}" = Image Plugin
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Internet Security
"Bell & Howell Product Licenser III" = ProQuest Product Licenser
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Productivity_3 Toolbar" = Productivity 3 Toolbar
"Rhapsody" = Rhapsody
"SearchAssist" = SearchAssist
"SMGINSTL" = ERA Software Manager
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/2/2012 8:34:57 PM | Computer Name = ELLIOTT | Source = MsiInstaller | ID = 11705
Description = Product: Microsoft Office 2000 Professional -- Error 1705. A previous
installation for this product is in progress. You must undo the changes made by
that installation to continue. Do you want to undo those changes?

Error - 6/2/2012 8:35:29 PM | Computer Name = ELLIOTT | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
source could be found for product Microsoft Office 2000 Professional. The Windows
installer cannot continue.

Error - 6/2/2012 8:35:36 PM | Computer Name = ELLIOTT | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
source could be found for product Microsoft Office 2000 Professional. The Windows
installer cannot continue.

Error - 6/2/2012 8:38:48 PM | Computer Name = ELLIOTT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/2/2012 8:50:42 PM | Computer Name = ELLIOTT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 12.0.0.4493, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/2/2012 9:48:21 PM | Computer Name = ELLIOTT | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data

Error - 6/7/2012 8:56:58 PM | Computer Name = ELLIOTT | Source = MsiInstaller | ID = 11705
Description = Product: Microsoft Office 2000 Professional -- Error 1705. A previous
installation for this product is in progress. You must undo the changes made by
that installation to continue. Do you want to undo those changes?

Error - 6/7/2012 8:57:01 PM | Computer Name = ELLIOTT | Source = MsiInstaller | ID = 11705
Description = Product: Microsoft Office 2000 Professional -- Error 1705. A previous
installation for this product is in progress. You must undo the changes made by
that installation to continue. Do you want to undo those changes?

Error - 6/7/2012 8:57:05 PM | Computer Name = ELLIOTT | Source = MsiInstaller | ID = 11705
Description = Product: Microsoft Office 2000 Professional -- Error 1705. A previous
installation for this product is in progress. You must undo the changes made by
that installation to continue. Do you want to undo those changes?

Error - 6/7/2012 11:42:18 PM | Computer Name = ELLIOTT | Source = MsiInstaller | ID = 11704
Description = Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
-- Error 1704.An installation for Microsoft Office 2000 Professional is currently
suspended. You must undo the changes made by that installation to continue. Do
you want to undo those changes?

[ System Events ]
Error - 6/7/2012 11:24:38 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 6/7/2012 11:24:38 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7000
Description = The REY PSCVersionService service failed to start due to the following
error: %%2

Error - 6/7/2012 11:24:38 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7000
Description = The UCS Install NT Service service failed to start due to the following
error: %%3

Error - 6/7/2012 11:33:26 PM | Computer Name = ELLIOTT | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SYMEVENT\0000 disappeared from the system without
first being prepared for removal.

Error - 6/7/2012 11:35:29 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 6/7/2012 11:35:29 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7000
Description = The REY PSCVersionService service failed to start due to the following
error: %%2

Error - 6/7/2012 11:35:29 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7000
Description = The UCS Install NT Service service failed to start due to the following
error: %%3

Error - 6/7/2012 11:50:20 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 6/7/2012 11:50:20 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7000
Description = The REY PSCVersionService service failed to start due to the following
error: %%2

Error - 6/7/2012 11:50:20 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7000
Description = The UCS Install NT Service service failed to start due to the following
error: %%3


< End of report >
 
Computer is running much faster and seems to be back to where it was prior to my son's handywork, avast is active after OTL
 
Is my computer clean so I can go back to using it for important things like school, banking etc, without compromising my security?
 
Status
Not open for further replies.

Similar threads

L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
Neshta
Inactive Acer V5-571P-6642 no boot to Bios/UEFI/Windows/USB/CD ''' Neshta A Trojan, rootkit, virus''
2
Replies
35
Views
5K
Neshta
Neshta
M
Solved Trojan found
2
Replies
47
Views
10K
Broni
Broni

Latest posts

Back