Firefox boot slow, browser redirect, new tab opens up

Solved
By canam
Dec 14, 2010
Topic Status:
Not open for further replies.
  1. Hi there having issues with firefox slow booting, (up to 3 minutes), redirect when clicking on a link, and new windows opening on their own.
    I have maleware bytes, and microsoft security essentials.
    I have run combo fix and will paste result. Microsoft security essentials is turned off now after combofix, can i still use it?
    since combofix the firefox seems to be working and i will update any other findings.
    Do you see any errors or problems?Thanks



    ComboFix 10-12-14.01 - Jeff 12/14/2010 20:34:36.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1982.1335 [GMT -4:00]
    Running from: c:\users\Jeff\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
    SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Jeff\AppData\Roaming\inst.exe
    c:\users\Jeff\AppData\Roaming\Local
    c:\users\Jeff\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
    c:\users\Jeff\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
    c:\users\Jeff\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
    c:\users\Jeff\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
    c:\users\Jeff\Documents\Readiris.DUS
    c:\windows\system32\KBL.LOG

    .
    \\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
    .
    ((((((((((((((((((((((((( Files Created from 2010-11-15 to 2010-12-15 )))))))))))))))))))))))))))))))
    .

    2010-12-15 00:54 . 2010-12-15 00:57 -------- d-----w- c:\users\Jeff\AppData\Local\temp
    2010-12-15 00:54 . 2010-12-15 00:54 -------- d-----w- c:\users\postgres\AppData\Local\temp
    2010-12-15 00:54 . 2010-12-15 00:54 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-15 00:54 . 2010-12-15 00:54 -------- d-----w- c:\users\SHELL\AppData\Local\temp
    2010-12-13 16:05 . 2010-12-13 16:05 -------- d-----w- c:\program files\Common Files\PX Storage Engine
    2010-12-13 16:04 . 2010-12-13 16:04 -------- d-----w- c:\program files\Common Files\DivX Shared
    2010-12-13 16:02 . 2010-12-13 16:06 -------- d-----w- c:\program files\DivX
    2010-12-13 16:02 . 2010-12-13 16:06 -------- d-----w- c:\programdata\DivX
    2010-12-12 21:31 . 2010-12-12 21:33 -------- d-----w- c:\windows\system32\catroot2
    2010-12-12 01:25 . 2010-12-12 01:25 -------- d-----w- c:\users\Jeff\AppData\Local\WBFSManager
    2010-12-12 01:23 . 2010-12-12 01:23 -------- d-----w- c:\program files\WBFS
    2010-12-11 23:59 . 2010-07-15 12:44 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
    2010-12-11 23:59 . 2010-10-28 16:23 2217088 ----a-w- c:\windows\system32\BootMan.exe
    2010-12-11 23:59 . 2010-07-15 12:44 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
    2010-12-11 23:59 . 2010-07-15 12:44 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
    2010-12-11 23:59 . 2010-07-15 12:44 14216 ----a-w- c:\windows\system32\epmntdrv.sys
    2010-12-11 23:59 . 2010-12-11 23:59 -------- d-----w- c:\program files\EASEUS
    2010-12-11 16:22 . 2008-12-14 00:01 77824 ----a-w- c:\windows\system32\xvid.ax
    2010-12-11 16:22 . 2008-12-05 01:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
    2010-12-11 16:22 . 2008-12-05 01:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
    2010-12-11 16:22 . 2010-12-11 16:22 -------- d-----w- c:\program files\Xvid
    2010-12-11 12:09 . 2010-12-11 12:25 -------- d-----w- c:\users\Jeff\AppData\Roaming\Nero
    2010-12-11 02:21 . 2010-12-11 02:22 -------- d-----w- c:\program files\Common Files\Nero
    2010-12-11 02:20 . 2010-12-11 02:25 -------- d-----w- c:\programdata\Nero
    2010-12-11 02:13 . 2008-10-15 10:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
    2010-12-11 02:13 . 2007-05-16 20:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
    2010-12-10 13:13 . 2010-11-16 16:01 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F12A32A5-8DF5-469D-99AC-9CFB9B8D7DB5}\mpengine.dll
    2010-12-10 13:08 . 2010-12-10 13:08 -------- d-----w- c:\program files\Microsoft Security Essentials
    2010-12-10 11:54 . 2010-12-10 11:54 -------- d-----w- c:\program files\uTorrent
    2010-12-10 11:54 . 2010-12-15 00:03 -------- d-----w- c:\users\Jeff\AppData\Roaming\uTorrent
    2010-12-08 13:30 . 2010-12-08 13:30 219200 ----a-w- c:\windows\system32\dtsoftbus01.sys
    2010-12-08 13:22 . 2010-12-08 13:22 -------- d-----w- c:\programdata\bdch
    2010-12-08 13:07 . 2010-12-08 13:07 -------- d-----w- c:\program files\BitDefender
    2010-12-08 13:02 . 2010-12-08 13:02 -------- d-----w- c:\users\Jeff\AppData\Roaming\QuickScan
    2010-12-08 13:01 . 2010-12-08 13:07 -------- d-----w- c:\program files\Common Files\BitDefender
    2010-12-08 13:01 . 2010-12-08 13:19 62450 ----a-w- c:\programdata\bdinstall.bin
    2010-12-07 11:25 . 2010-12-07 11:25 -------- d-----w- c:\programdata\AVG Security Toolbar
    2010-12-07 03:35 . 2010-11-30 15:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-07 03:34 . 2010-11-30 15:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-07 03:24 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EBA4B151-505A-4B9D-9EB2-4C21043B6535}\mpengine.dll
    2010-12-04 14:40 . 2010-12-04 14:40 -------- d-----w- c:\users\Jeff\AppData\Roaming\Malwarebytes
    2010-12-04 14:40 . 2010-12-04 14:40 -------- d-----w- c:\programdata\Malwarebytes
    2010-12-04 14:40 . 2010-12-10 11:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-23 19:54 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2010-11-17 23:30 . 2010-11-17 23:30 -------- d-----w- c:\program files\Passware
    2010-11-17 11:55 . 2010-11-17 11:55 -------- d-----w- c:\program files\Intelore

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-14 23:54 . 2010-08-25 10:50 420920 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
    2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
    2010-10-19 14:41 . 2009-10-03 10:04 222080 ------w- c:\windows\system32\MpSigStub.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-03 68856]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
    "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
    "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
    "Prelaunch OmniPage"="c:\program files\Nuance\OmniPage17\OmniPage17.exe" [2010-01-26 5592352]
    "Nuance OmniPage 17-reminder"="c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe" [2008-11-03 54560]
    "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]

    c:\users\SHELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

    c:\users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate1ca45ea80e8e190;Google Update Service (gupdate1ca45ea80e8e190);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 133104]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
    R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 AFS;AFS; [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-14 420920]
    S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w [x]
    S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-15 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-06 04:18]

    2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 18:34]

    2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 18:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    mStart Page = about:blank
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    Trusted Zone: pogo.com\game3
    TCP: {9EDE12AD-6E7E-4171-9A86-A055CBE5991D} = 24.222.0.94,24.222.0.95
    FF - ProfilePath - c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\bljpsikf.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc6b978&v=6.010.006.004&i=26&tp=ab&iy=&ychte=ca&lng=en-US&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKCU-Run-OpAgent - OpAgent.exe
    HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    HKLM-Run-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe
    AddRemove-Adobe Acrobat 4.0 - c:\program files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu
    AddRemove-Adobe AIR - c:\program files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe
    AddRemove-Adobe_faf656ef605427ee2f42989c3ad31b8 - c:\program files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe
    AddRemove-Greeting Card Creator 32 - c:\progra~1\GREETI~1\UNWISE.EXE
    AddRemove-InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0} - c:\progra~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe
    AddRemove-Mansion Poker - c:\poker\MansionPoker\_MansionPoker.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-14 20:57
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\users\Jeff\AppData\Local\Temp\catchme.dll 53248 bytes executable

    scan completed successfully
    hidden files: 1

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6002 Disk: WDC_WD1600BEVS-60RST0 rev.04.01G04 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-3

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85BAE555]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85bb47b0]; MOV EAX, [0x85bb482c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x81E4B962] -> \Device\Harddisk0\DR0[0x85512358]
    3 CLASSPNP[0x87FAC8B3] -> ntkrnlpa!IofCallDriver[0x81E4B962] -> [0x84DCB858]
    5 acpi[0x8074A6BC] -> ntkrnlpa!IofCallDriver[0x81E4B962] -> [0x84DC5030]
    \Driver\atapi[0x8591E318] -> IRP_MJ_CREATE -> 0x85BAE555
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IdeDeviceP2T0L0-3 -> \??\IDE#DiskWDC_WD1600BEVS-60RST0___________________04.01G04#5&1f5e53fc&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi -> 0x843f01f8
    user != kernel MBR !!!
    sectors 312581806 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\postgresql-8.4]
    "ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\postgresql-8.4]
    "ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\SetId\Internal]
    @Denied: (A 2) (LocalSystem)
    "DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"0\" InstallIS=\"1289332796\" isSubsc=\"0\" authStat_is=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"2\" moduleId1=\"8\" moduleId2=\"0\" relType=\"1\" />"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-12-14 21:10:40
    ComboFix-quarantined-files.txt 2010-12-15 01:10

    Pre-Run: 12,929,273,856 bytes free
    Post-Run: 14,584,410,112 bytes free

    - - End Of File - - 1364B2C627A7C013DB80C600070ADB69
  2. Broni

    Broni Malware Annihilator Posts: 46,156   +251

    Welcome aboard [​IMG]

    You shouldn't be running Combofix on your own.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================================

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
  3. canam

    canam Newcomer, in training Topic Starter Posts: 23

    logs

    sorry about the combofix and I thank you for your time



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/19/2007 8:39:12 PM
    System Uptime: 12/14/2010 11:14:54 PM (0 hours ago)

    Motherboard: Quanta | | 30EA
    Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-58 | Socket S1 | 800/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 137 GiB total, 14.183 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 2.005 GiB free.
    E: is CDROM ()
    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {ff646f80-8def-11d2-9449-00105a075f6b}
    Description: pcouffin device for 32 bits systems
    Device ID: ROOT\PCOUFFIN\0000
    Manufacturer: VSO Software
    Name: pcouffin device for 32 bits systems
    PNP Device ID: ROOT\PCOUFFIN\0000
    Service: pcouffin

    ==== System Restore Points ===================

    RP1154: 12/6/2010 11:01:08 PM - Restore Operation

    ==== Installed Programs ======================


    AC3Filter (remove only)
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader 9.4.1
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player
    Adobe Shockwave Player 11.5
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Apple Software Update
    ArcSoft Panorama Maker 3
    Atheros Driver Installation Program
    µTorrent
    Cards_Calendar_OrderGift_DoMorePlugout
    Compatibility Pack for the 2007 Office system
    Conexant HD Audio
    Connect
    ConvertXtoDVD 4.0.12.327
    CyberLink YouCam
    DivX Setup
    DVD Decrypter (Remove Only)
    DVD Suite
    EA Link
    EASEUS Partition Master 6.5.2 Home Edition
    ESU for Microsoft Vista
    Final Uninstaller
    Full Tilt Poker
    GameHouse
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hewlett-Packard Active Check
    Hewlett-Packard Asset Agent for Health Check
    Holdem Manager
    Home Designer Suite 8
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP DVD Play 3.6
    HP Easy Setup - Frontend
    HP Games
    HP Help and Support
    HP Memories Disc
    HP Photo and Imaging 2.3 - Scanjet 4600 Series
    HP Photosmart Essential 2.5
    HP Quick Launch Buttons 6.30 D2
    HP Total Care Advisor
    HP Update
    HP User Guides 0091
    HP Wireless Assistant
    HPNetworkAssistant
    HPPhotoSmartDiscLabel_PaperLabel
    HPPhotoSmartDiscLabel_PrintOnDisc
    HPPhotoSmartDiscLabel_Tattoo
    HPPhotoSmartDiscLabelContent1
    hpphotosmartdisclabelplugin
    HPPhotoSmartPhotobookHolidayPack1
    HPPhotoSmartPhotobookModernPack1
    HPPhotoSmartPhotobookPlayfulPack1
    HPPhotoSmartPhotobookScrapbookPack1
    HPPhotoSmartPhotobookWebPack1
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 21
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Kids Cam Show and Share Creativity Center
    kuler
    LabelPrint
    Magellan RoadMate Tools
    MagicDisc 2.7.106
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Antimalware
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Essentials
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Mozilla Firefox (3.6.13)
    MSCU for Microsoft Vista
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 6.1
    Neonatal Resuscitation DVD-ROM
    Nero Burning ROM 10
    Nero BurningROM 10 Help (CHM)
    Nero BurnRights 10
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero Update
    neroxml
    NetWaiting
    Notepad++
    Nuance OmniPage 17
    NVIDIA Drivers
    OpenOffice.org Installer 1.0
    Opera 10.63
    PDF Settings CS4
    Photoshop Camera Raw
    PokerStars
    PostgreSQL 8.4
    PowerDirector
    PSSWCORE
    QuickTax 2008
    QuickTax 2009
    QuickTime
    Readiris Pro 8
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    ShareIns
    Skype™ 4.2
    Spelling Dictionaries Support For Adobe Reader 9
    Suite Shared Configuration CS4
    Synaptics Pointing Device Driver
    UltimateBet
    Uninstall Dual Mode Camera
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VantagePoint
    VC80CRTRedist - 8.0.50727.4053
    VideoToolkit01
    Viewpoint Media Player
    WBFS Manager 3.0
    Web Games Player Plugin
    Windows Media Player Firefox Plugin
    WinRAR archiver
    Xvid 1.2.1 final uninstall

    ==== Event Viewer Messages From Past Week ========

    12/9/2010 7:02:03 AM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
    12/8/2010 9:36:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    12/8/2010 9:36:24 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/8/2010 9:36:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/8/2010 9:25:10 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Bdfndisf Bdftdif DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr sptd tdx Wanarpv6
    12/8/2010 6:04:19 PM, Error: Service Control Manager [7031] - The HP Health Check Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/8/2010 3:29:39 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2010 3:29:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    12/8/2010 3:29:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    12/8/2010 3:29:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    12/8/2010 3:27:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Bdfndisf bdfsfltr Bdftdif DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr sptd tdx Wanarpv6
    12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    12/8/2010 3:26:11 PM, Error: EventLog [6008] - The previous system shutdown at 3:23:07 PM on 08/12/2010 was unexpected.
    12/7/2010 7:01:48 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    12/7/2010 1:47:22 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/14/2010 8:57:07 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    12/14/2010 8:33:54 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
    12/14/2010 8:26:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.1522.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
    12/14/2010 8:15:04 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/14/2010 8:10:53 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/14/2010 8:01:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    12/14/2010 6:44:15 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/14/2010 6:23:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    12/14/2010 11:48:33 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    12/14/2010 11:42:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.1522.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
    12/14/2010 11:42:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.1522.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
    12/14/2010 11:38:43 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    12/14/2010 11:38:43 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
    12/14/2010 11:38:13 PM, Error: srv [2018] - The server was unable to allocate from the system paged pool because the server reached the configured limit for paged pool allocations.
    12/14/2010 11:16:45 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    12/14/2010 11:14:54 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    12/14/2010 11:05:53 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    12/14/2010 10:16:58 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
    12/13/2010 7:14:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.1522.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
    12/13/2010 7:04:14 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/13/2010 12:49:40 PM, Error: Service Control Manager [7022] - The Remote Access Connection Manager service hung on starting.
    12/13/2010 12:49:40 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    12/13/2010 12:14:09 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
    12/13/2010 12:14:09 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.113.102, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
    12/13/2010 12:11:52 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/12/2010 7:37:47 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/12/2010 7:37:32 AM, Error: EventLog [6008] - The previous system shutdown at 7:35:34 AM on 12/12/2010 was unexpected.
    12/12/2010 7:13:10 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
    12/12/2010 7:13:10 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/12/2010 7:13:10 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/12/2010 7:13:10 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/12/2010 6:59:09 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/12/2010 5:30:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.1522.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
    12/12/2010 5:22:29 PM, Error: Microsoft-Windows-WMPNSS-Service [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
    12/12/2010 5:20:29 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/11/2010 8:04:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
    12/11/2010 7:20:42 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/11/2010 7:12:10 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/11/2010 5:18:00 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/11/2010 12:23:50 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/ClickPotato&threatid=153288 User: Jeff-PC\Jeff Name: Adware:Win32/ClickPotato ID: 153288 Severity: Medium Category: Adware Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.1522.0, AS: 1.95.1522.0 Engine Version: 1.1.6402.0
    12/11/2010 12:23:41 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.113.105, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
    12/11/2010 12:23:37 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.113.105 for the Network Card with network address 001B24E96EE5 has been denied by the DHCP server 192.168.113.1 (The DHCP Server sent a DHCPNACK message).
    12/11/2010 12:09:16 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/11/2010 12:09:01 PM, Error: EventLog [6008] - The previous system shutdown at 12:07:36 PM on 11/12/2010 was unexpected.
    12/11/2010 10:10:15 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.1522.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
    12/11/2010 10:00:00 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/10/2010 9:54:02 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/10/2010 9:22:44 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/10/2010 9:11:24 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007041d Error description: The service did not respond to the start or control request in a timely fashion.
    12/10/2010 8:50:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter spldr sptd Wanarpv6
    12/10/2010 8:50:01 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    12/10/2010 8:49:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    12/10/2010 8:49:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/10/2010 8:49:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/10/2010 7:56:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/10/2010 10:39:09 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/10/2010 10:30:54 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/10/2010 10:15:59 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

    ==== End Of File ===========================
  4. canam

    canam Newcomer, in training Topic Starter Posts: 23

    logs cont

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Jeff at 23:48:44.54 on Tue 12/14/2010
    Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_21
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1982.1070 [GMT -4:00]

    AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
    SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Windows\System32\alg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Jeff\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    mStart Page = about:blank
    mURLSearchHooks: H - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - No File
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
    uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [Prelaunch OmniPage] "c:\program files\nuance\omnipage17\OmniPage17.exe" /preload
    mRun: [Nuance OmniPage 17-reminder] "c:\program files\nuance\omnipage17\ereg\ereg.exe" -r "c:\programdata\scansoft\omnipage 17\ereg\Ereg.ini"
    mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    StartupFolder: c:\users\jeff\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    Trusted Zone: pogo.com\game3
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: {9EDE12AD-6E7E-4171-9A86-A055CBE5991D} = 24.222.0.94,24.222.0.95
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
    Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
    Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\jeff\appdata\roaming\mozilla\firefox\profiles\bljpsikf.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc6b978&v=6.010.006.004&i=26&tp=ab&iy=&ychte=ca&lng=en-US&q=
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true

    ============= SERVICES / DRIVERS ===============

    R0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2008-8-29 77004]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
    R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
    R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-20 24652]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1ca45ea80e8e190;Google Update Service (gupdate1ca45ea80e8e190);c:\program files\google\update\GoogleUpdate.exe [2009-10-5 133104]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-12-11 14216]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-12-11 8456]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-26 21504]
    S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe --> c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-12-15 03:41:07 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{2ff6d50b-01c9-4e01-84a8-c72fbf58cc2e}\mpengine.dll
    2010-12-15 01:11:03 -------- d-sh--w- C:\$RECYCLE.BIN
    2010-12-15 01:10:53 -------- d-----w- c:\users\jeff\appdata\local\temp
    2010-12-15 00:21:01 98816 ----a-w- c:\windows\sed.exe
    2010-12-15 00:21:01 89088 ----a-w- c:\windows\MBR.exe
    2010-12-15 00:21:01 256512 ----a-w- c:\windows\PEV.exe
    2010-12-15 00:21:01 161792 ----a-w- c:\windows\SWREG.exe
    2010-12-13 16:05:49 -------- d-----w- c:\program files\common files\PX Storage Engine
    2010-12-13 16:04:34 -------- d-----w- c:\program files\common files\DivX Shared
    2010-12-13 16:02:56 -------- d-----w- c:\program files\DivX
    2010-12-13 16:02:33 -------- d-----w- c:\progra~2\DivX
    2010-12-12 21:31:01 -------- d-----w- c:\windows\system32\catroot2
    2010-12-12 01:25:25 -------- d-----w- c:\users\jeff\appdata\local\WBFSManager
    2010-12-12 01:23:43 -------- d-----w- c:\program files\WBFS
    2010-12-11 23:59:47 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
    2010-12-11 23:59:46 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
    2010-12-11 23:59:46 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
    2010-12-11 23:59:46 2217088 ----a-w- c:\windows\system32\BootMan.exe
    2010-12-11 23:59:46 14216 ----a-w- c:\windows\system32\epmntdrv.sys
    2010-12-11 23:59:27 -------- d-----w- c:\program files\EASEUS
    2010-12-11 16:22:47 815104 ----a-w- c:\windows\system32\xvidcore.dll
    2010-12-11 16:22:47 77824 ----a-w- c:\windows\system32\xvid.ax
    2010-12-11 16:22:47 180224 ----a-w- c:\windows\system32\xvidvfw.dll
    2010-12-11 16:22:46 -------- d-----w- c:\program files\Xvid
    2010-12-11 02:20:15 -------- d-----w- c:\progra~2\Nero
    2010-12-11 02:13:43 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
    2010-12-11 02:13:24 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
    2010-12-10 13:08:19 -------- d-----w- c:\program files\Microsoft Security Essentials
    2010-12-10 11:54:57 -------- d-----w- c:\program files\uTorrent
    2010-12-10 11:54:30 -------- d-----w- c:\users\jeff\appdata\roaming\uTorrent
    2010-12-08 13:30:33 219200 ----a-w- c:\windows\system32\dtsoftbus01.sys
    2010-12-08 13:22:31 -------- d-----w- c:\progra~2\bdch
    2010-12-08 13:07:32 -------- d-----w- c:\program files\BitDefender
    2010-12-08 13:02:46 -------- d-----w- c:\users\jeff\appdata\roaming\QuickScan
    2010-12-08 13:01:42 -------- d-----w- c:\program files\common files\BitDefender
    2010-12-08 13:01:00 62450 ----a-w- c:\progra~2\bdinstall.bin
    2010-12-07 11:25:54 -------- d-----w- c:\progra~2\AVG Security Toolbar
    2010-12-07 03:35:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-07 03:34:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-07 03:24:48 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{eba4b151-505a-4b9d-9eb2-4c21043b6535}\mpengine.dll
    2010-12-04 14:40:47 -------- d-----w- c:\users\jeff\appdata\roaming\Malwarebytes
    2010-12-04 14:40:26 -------- d-----w- c:\progra~2\Malwarebytes
    2010-12-04 14:40:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-23 19:54:52 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
    2010-11-17 23:30:56 -------- d-----w- c:\program files\Passware
    2010-11-17 11:55:05 -------- d-----w- c:\program files\Intelore

    ==================== Find3M ====================

    2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
    2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
    2010-10-19 14:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6002 Disk: WDC_WD1600BEVS-60RST0 rev.04.01G04 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-3

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85BAF555]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85bb57b0]; MOV EAX, [0x85bb582c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x81E86962] -> \Device\Harddisk0\DR0[0x85513AC8]
    3 CLASSPNP[0x87FA28B3] -> ntkrnlpa!IofCallDriver[0x81E86962] -> [0x84DC9858]
    5 acpi[0x807466BC] -> ntkrnlpa!IofCallDriver[0x81E86962] -> [0x84DC7030]
    \Driver\atapi[0x85A220B8] -> IRP_MJ_CREATE -> 0x85BAF555
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IdeDeviceP2T0L0-3 -> \??\IDE#DiskWDC_WD1600BEVS-60RST0___________________04.01G04#5&1f5e53fc&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi -> 0x843e41f8
    user != kernel MBR !!!
    sectors 312581806 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

    ============= FINISH: 23:49:43.64 ===============
    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5315

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18975

    12/14/2010 11:26:20 PM
    mbam-log-2010-12-14 (23-26-20).txt

    Scan type: Quick scan
    Objects scanned: 175898
    Time elapsed: 5 minute(s), 50 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  5. Broni

    Broni Malware Annihilator Posts: 46,156   +251

    And GMER....
  6. canam

    canam Newcomer, in training Topic Starter Posts: 23

    gmr oops

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-12-14 23:32:58
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort2 WDC_WD1600BEVS-60RST0 rev.04.01G04
    Running: h03ml3le.exe; Driver: C:\Users\Jeff\AppData\Local\Temp\kxldypob.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sectors 312581552 (+255): rootkit-like behavior;

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 843E41F8
    Device \Driver\atapi \Device\Ide\IdePort0 843E41F8
    Device \Driver\atapi \Device\Ide\IdePort1 843E41F8
    Device \Driver\atapi \Device\Ide\IdePort2 843E41F8
    Device \Driver\atapi \Device\Ide\IdePort3 843E41F8
    Device \FileSystem\Ntfs \Ntfs 843E51F8

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    Device \Device\Ide\IdeDeviceP2T0L0-3 -> \??\IDE#DiskWDC_WD1600BEVS-60RST0___________________04.01G04#5&1f5e53fc&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----
  7. Broni

    Broni Malware Annihilator Posts: 46,156   +251

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  8. canam

    canam Newcomer, in training Topic Starter Posts: 23

    2010/12/16 07:04:21.0210 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
    2010/12/16 07:04:21.0210 ================================================================================
    2010/12/16 07:04:21.0210 SystemInfo:
    2010/12/16 07:04:21.0210
    2010/12/16 07:04:21.0210 OS Version: 6.0.6002 ServicePack: 2.0
    2010/12/16 07:04:21.0211 Product type: Workstation
    2010/12/16 07:04:21.0211 ComputerName: JEFF-PC
    2010/12/16 07:04:21.0212 UserName: Jeff
    2010/12/16 07:04:21.0212 Windows directory: C:\Windows
    2010/12/16 07:04:21.0212 System windows directory: C:\Windows
    2010/12/16 07:04:21.0212 Processor architecture: Intel x86
    2010/12/16 07:04:21.0212 Number of processors: 2
    2010/12/16 07:04:21.0212 Page size: 0x1000
    2010/12/16 07:04:21.0212 Boot type: Normal boot
    2010/12/16 07:04:21.0212 ================================================================================
    2010/12/16 07:04:22.0498 Initialize success
    2010/12/16 07:04:26.0429 ================================================================================
    2010/12/16 07:04:26.0429 Scan started
    2010/12/16 07:04:26.0429 Mode: Manual;
    2010/12/16 07:04:26.0429 ================================================================================
    2010/12/16 07:04:28.0510 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2010/12/16 07:04:28.0624 adfs (ece68655d81d662bc961abc05ba9680e) C:\Windows\system32\drivers\adfs.sys
    2010/12/16 07:04:28.0721 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2010/12/16 07:04:28.0879 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2010/12/16 07:04:28.0951 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2010/12/16 07:04:29.0030 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2010/12/16 07:04:29.0169 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2010/12/16 07:04:29.0269 AFS (be913403ed7219894b30e362fd8d4313) C:\Windows\system32\drivers\AFS.sys
    2010/12/16 07:04:29.0454 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    2010/12/16 07:04:29.0543 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2010/12/16 07:04:29.0618 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    2010/12/16 07:04:29.0682 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2010/12/16 07:04:29.0753 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    2010/12/16 07:04:29.0818 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2010/12/16 07:04:29.0909 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
    2010/12/16 07:04:30.0027 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2010/12/16 07:04:30.0089 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2010/12/16 07:04:30.0210 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/12/16 07:04:30.0298 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2010/12/16 07:04:30.0444 athr (0437199c88f6e88a387cfec8a8886a6e) C:\Windows\system32\DRIVERS\athr.sys
    2010/12/16 07:04:30.0650 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
    2010/12/16 07:04:30.0774 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2010/12/16 07:04:30.0966 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2010/12/16 07:04:31.0092 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2010/12/16 07:04:31.0152 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2010/12/16 07:04:31.0252 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2010/12/16 07:04:31.0332 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2010/12/16 07:04:31.0398 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2010/12/16 07:04:31.0473 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2010/12/16 07:04:31.0598 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2010/12/16 07:04:32.0012 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/12/16 07:04:32.0161 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/12/16 07:04:32.0281 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2010/12/16 07:04:32.0388 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2010/12/16 07:04:32.0508 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2010/12/16 07:04:32.0594 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    2010/12/16 07:04:32.0690 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
    2010/12/16 07:04:32.0824 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2010/12/16 07:04:32.0884 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2010/12/16 07:04:32.0961 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2010/12/16 07:04:33.0148 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2010/12/16 07:04:33.0345 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2010/12/16 07:04:33.0484 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2010/12/16 07:04:33.0642 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/12/16 07:04:33.0805 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
    2010/12/16 07:04:34.0036 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2010/12/16 07:04:34.0272 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2010/12/16 07:04:34.0458 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2010/12/16 07:04:34.0599 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
    2010/12/16 07:04:34.0798 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
    2010/12/16 07:04:34.0976 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2010/12/16 07:04:35.0100 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2010/12/16 07:04:35.0237 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2010/12/16 07:04:35.0360 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2010/12/16 07:04:35.0434 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2010/12/16 07:04:35.0601 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2010/12/16 07:04:35.0710 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2010/12/16 07:04:35.0859 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/12/16 07:04:35.0934 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2010/12/16 07:04:36.0084 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
    2010/12/16 07:04:36.0167 HdAudAddService (7be40bb4cd16d8760e18ea981ff452ec) C:\Windows\system32\drivers\CHDART.sys
    2010/12/16 07:04:36.0285 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/12/16 07:04:36.0365 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2010/12/16 07:04:36.0415 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2010/12/16 07:04:36.0529 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2010/12/16 07:04:36.0660 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2010/12/16 07:04:36.0764 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    2010/12/16 07:04:36.0916 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    2010/12/16 07:04:37.0093 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    2010/12/16 07:04:37.0226 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    2010/12/16 07:04:37.0344 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2010/12/16 07:04:37.0455 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2010/12/16 07:04:37.0569 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/12/16 07:04:37.0723 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2010/12/16 07:04:37.0960 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2010/12/16 07:04:38.0084 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2010/12/16 07:04:38.0222 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
    2010/12/16 07:04:38.0281 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
    2010/12/16 07:04:38.0415 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/12/16 07:04:38.0612 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2010/12/16 07:04:38.0708 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2010/12/16 07:04:38.0839 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2010/12/16 07:04:38.0930 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2010/12/16 07:04:39.0098 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2010/12/16 07:04:39.0190 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2010/12/16 07:04:39.0321 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2010/12/16 07:04:39.0451 JL2005C (78648c0450b9af8d1bbc5fd86dec1642) C:\Windows\system32\Drivers\jl2005c.sys
    2010/12/16 07:04:39.0584 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2010/12/16 07:04:39.0685 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2010/12/16 07:04:39.0920 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2010/12/16 07:04:40.0067 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2010/12/16 07:04:40.0189 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2010/12/16 07:04:40.0269 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2010/12/16 07:04:40.0356 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2010/12/16 07:04:40.0468 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2010/12/16 07:04:40.0678 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
    2010/12/16 07:04:40.0839 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2010/12/16 07:04:41.0019 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2010/12/16 07:04:41.0167 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2010/12/16 07:04:41.0263 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2010/12/16 07:04:41.0397 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2010/12/16 07:04:41.0464 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2010/12/16 07:04:41.0584 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2010/12/16 07:04:41.0705 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys
    2010/12/16 07:04:41.0799 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2010/12/16 07:04:42.0039 MpNWMon (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys
    2010/12/16 07:04:42.0185 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2010/12/16 07:04:42.0279 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2010/12/16 07:04:42.0373 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2010/12/16 07:04:42.0464 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2010/12/16 07:04:42.0531 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2010/12/16 07:04:42.0614 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2010/12/16 07:04:42.0682 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    2010/12/16 07:04:42.0748 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2010/12/16 07:04:42.0891 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2010/12/16 07:04:42.0995 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2010/12/16 07:04:43.0123 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2010/12/16 07:04:43.0200 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2010/12/16 07:04:43.0263 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2010/12/16 07:04:43.0369 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2010/12/16 07:04:43.0465 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2010/12/16 07:04:43.0517 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2010/12/16 07:04:43.0575 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2010/12/16 07:04:43.0700 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2010/12/16 07:04:43.0872 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2010/12/16 07:04:43.0972 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2010/12/16 07:04:44.0110 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2010/12/16 07:04:44.0243 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2010/12/16 07:04:44.0352 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2010/12/16 07:04:44.0458 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2010/12/16 07:04:44.0569 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2010/12/16 07:04:44.0717 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2010/12/16 07:04:44.0835 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2010/12/16 07:04:44.0950 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2010/12/16 07:04:45.0122 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2010/12/16 07:04:45.0273 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2010/12/16 07:04:45.0439 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2010/12/16 07:04:45.0607 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
    2010/12/16 07:04:46.0096 nvlddmkm (d65bc32c1795191b7f2b028351ab4fe2) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2010/12/16 07:04:46.0351 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    2010/12/16 07:04:46.0438 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
    2010/12/16 07:04:46.0520 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    2010/12/16 07:04:46.0613 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    2010/12/16 07:04:46.0882 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    2010/12/16 07:04:47.0073 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2010/12/16 07:04:47.0186 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2010/12/16 07:04:47.0270 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2010/12/16 07:04:47.0409 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2010/12/16 07:04:47.0485 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
    2010/12/16 07:04:47.0568 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2010/12/16 07:04:47.0716 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2010/12/16 07:04:48.0506 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2010/12/16 07:04:48.0592 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2010/12/16 07:04:48.0741 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2010/12/16 07:04:48.0854 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2010/12/16 07:04:48.0970 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2010/12/16 07:04:49.0079 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2010/12/16 07:04:49.0274 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2010/12/16 07:04:49.0418 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2010/12/16 07:04:49.0667 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2010/12/16 07:04:49.0802 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2010/12/16 07:04:49.0975 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2010/12/16 07:04:50.0116 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2010/12/16 07:04:50.0256 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    2010/12/16 07:04:50.0333 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2010/12/16 07:04:50.0542 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2010/12/16 07:04:50.0740 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\Windows\system32\DRIVERS\rimmptsk.sys
    2010/12/16 07:04:50.0864 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
    2010/12/16 07:04:51.0076 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
    2010/12/16 07:04:51.0331 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2010/12/16 07:04:51.0489 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2010/12/16 07:04:51.0730 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
    2010/12/16 07:04:51.0868 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2010/12/16 07:04:52.0210 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2010/12/16 07:04:52.0456 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2010/12/16 07:04:52.0560 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2010/12/16 07:04:52.0801 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
    2010/12/16 07:04:52.0986 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    2010/12/16 07:04:53.0079 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2010/12/16 07:04:53.0160 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2010/12/16 07:04:53.0296 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    2010/12/16 07:04:53.0428 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2010/12/16 07:04:53.0494 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2010/12/16 07:04:53.0693 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2010/12/16 07:04:53.0866 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2010/12/16 07:04:54.0096 sptd (87b5595eb1c623ff5887e36a35e51ba2) C:\Windows\system32\Drivers\sptd.sys
    2010/12/16 07:04:54.0096 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 87b5595eb1c623ff5887e36a35e51ba2
    2010/12/16 07:04:54.0134 sptd - detected Locked file (1)
    2010/12/16 07:04:54.0384 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
    2010/12/16 07:04:54.0659 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
    2010/12/16 07:04:54.0717 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
    2010/12/16 07:04:54.0852 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2010/12/16 07:04:54.0968 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2010/12/16 07:04:55.0092 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2010/12/16 07:04:55.0161 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2010/12/16 07:04:55.0308 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
    2010/12/16 07:04:55.0554 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    2010/12/16 07:04:55.0746 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    2010/12/16 07:04:55.0883 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2010/12/16 07:04:56.0150 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2010/12/16 07:04:56.0235 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2010/12/16 07:04:56.0326 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2010/12/16 07:04:56.0416 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2010/12/16 07:04:56.0593 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2010/12/16 07:04:56.0690 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2010/12/16 07:04:56.0784 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2010/12/16 07:04:56.0861 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    2010/12/16 07:04:56.0955 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2010/12/16 07:04:57.0072 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    2010/12/16 07:04:57.0142 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2010/12/16 07:04:57.0203 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2010/12/16 07:04:57.0305 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2010/12/16 07:04:57.0385 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2010/12/16 07:04:57.0533 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2010/12/16 07:04:57.0608 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2010/12/16 07:04:57.0700 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2010/12/16 07:04:57.0799 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2010/12/16 07:04:57.0885 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
    2010/12/16 07:04:57.0959 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2010/12/16 07:04:58.0051 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    2010/12/16 07:04:58.0118 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2010/12/16 07:04:58.0221 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
    2010/12/16 07:04:58.0359 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    2010/12/16 07:04:58.0472 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    2010/12/16 07:04:58.0543 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2010/12/16 07:04:58.0620 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2010/12/16 07:04:58.0697 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2010/12/16 07:04:58.0808 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    2010/12/16 07:04:58.0934 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2010/12/16 07:04:59.0059 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2010/12/16 07:04:59.0170 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2010/12/16 07:04:59.0253 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2010/12/16 07:04:59.0439 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2010/12/16 07:04:59.0517 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/12/16 07:04:59.0575 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/12/16 07:04:59.0686 wceusbsh (dc7f91b2ed24a738c807ea07f298928c) C:\Windows\system32\DRIVERS\wceusbsh.sys
    2010/12/16 07:04:59.0798 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2010/12/16 07:04:59.0917 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2010/12/16 07:05:00.0307 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    2010/12/16 07:05:00.0545 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2010/12/16 07:05:00.0765 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    2010/12/16 07:05:00.0874 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2010/12/16 07:05:01.0059 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2010/12/16 07:05:01.0151 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
    2010/12/16 07:05:01.0286 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2010/12/16 07:05:01.0301 ================================================================================
    2010/12/16 07:05:01.0301 Scan finished
    2010/12/16 07:05:01.0301 ================================================================================
    2010/12/16 07:05:01.0344 Detected object count: 2
    2010/12/16 07:05:31.0698 Locked file(sptd) - User select action: Skip
    2010/12/16 07:05:31.0724 \HardDisk0 - will be cured after reboot
    2010/12/16 07:05:31.0726 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2010/12/16 07:05:36.0822 Deinitialize success
  9. Broni

    Broni Malware Annihilator Posts: 46,156   +251

    Good job :)
    We just killed a rootkit.

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  10. canam

    canam Newcomer, in training Topic Starter Posts: 23

    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: df1c10548966c4f16c540ebf80ffd180

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
  11. Broni

    Broni Malware Annihilator Posts: 46,156   +251

    We need to fix your MBR....

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
  12. canam

    canam Newcomer, in training Topic Starter Posts: 23

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Quanta
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: Compaq Presario F700 Notebook PC
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 154):
    0x81E3B000 \SystemRoot\system32\ntkrnlpa.exe
    0x81E08000 \SystemRoot\system32\hal.dll
    0x80409000 \SystemRoot\system32\kdcom.dll
    0x80410000 \SystemRoot\system32\PSHED.dll
    0x80421000 \SystemRoot\system32\BOOTVID.dll
    0x80429000 \SystemRoot\system32\CLFS.SYS
    0x8046A000 \SystemRoot\system32\CI.dll
    0x8054A000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x805BB000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80604000 \SystemRoot\System32\Drivers\sptd.sys
    0x80710000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x80719000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x8073F000 \SystemRoot\system32\drivers\acpi.sys
    0x80785000 \SystemRoot\system32\drivers\msisadrv.sys
    0x8078D000 \SystemRoot\system32\drivers\pci.sys
    0x807B4000 \SystemRoot\System32\drivers\partmgr.sys
    0x807C3000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x807C6000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x807D0000 \SystemRoot\system32\drivers\volmgr.sys
    0x82803000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8284D000 \SystemRoot\system32\drivers\pciide.sys
    0x82854000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x82862000 \SystemRoot\System32\drivers\mountmgr.sys
    0x82872000 \SystemRoot\system32\drivers\atapi.sys
    0x8287A000 \SystemRoot\system32\drivers\ataport.SYS
    0x82898000 \SystemRoot\System32\Drivers\AFS.sys
    0x828A5000 \SystemRoot\system32\drivers\fltmgr.sys
    0x828D7000 \SystemRoot\system32\drivers\fileinfo.sys
    0x828E7000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x82A0D000 \SystemRoot\system32\drivers\ndis.sys
    0x82B18000 \SystemRoot\system32\drivers\msrpc.sys
    0x82B43000 \SystemRoot\system32\drivers\NETIO.SYS
    0x87C0E000 \SystemRoot\System32\drivers\tcpip.sys
    0x87CF8000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x87E0E000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x87F1E000 \SystemRoot\system32\drivers\volsnap.sys
    0x87F57000 \SystemRoot\System32\Drivers\spldr.sys
    0x87F5F000 \SystemRoot\System32\Drivers\mup.sys
    0x87F6E000 \SystemRoot\System32\drivers\ecache.sys
    0x87F95000 \SystemRoot\system32\drivers\disk.sys
    0x87FA6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x87FC7000 \SystemRoot\system32\drivers\crcdisk.sys
    0x87FF0000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x87E00000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x87D13000 \SystemRoot\system32\DRIVERS\amdk8.sys
    0x87E09000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x87FFB000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
    0x87D23000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x87D33000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x87D3A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x87D43000 \SystemRoot\system32\DRIVERS\nvsmu.sys
    0x87D46000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x87D50000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x87D8E000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x87D9D000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x82958000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x87DB5000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x87DCF000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
    0x87DE0000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
    0x82B7E000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
    0x8BA08000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
    0x8BB08000 \SystemRoot\system32\DRIVERS\athr.sys
    0x8BC06000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x8C338000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8C3D9000 \SystemRoot\System32\drivers\watchdog.sys
    0x8C3E5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8C3F8000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
    0x8BBC1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8C407000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x8C442000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8C444000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8C44F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8C47E000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8C4BF000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8C4CA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8C4E1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8C4EC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8C50F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8C51E000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8C532000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8C547000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8C557000 \SystemRoot\system32\DRIVERS\mcdbus.sys
    0x8C574000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8C576000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8C5A0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8C5AA000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8C5B7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x8C5C0000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8BBCC000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x805C9000 \SystemRoot\system32\drivers\CHDRT32.sys
    0x82BD0000 \SystemRoot\system32\drivers\portcls.sys
    0x8CA0D000 \SystemRoot\system32\drivers\drmk.sys
    0x8CA32000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    0x8CA70000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0x8CE09000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0x8CEBE000 \SystemRoot\system32\drivers\modem.sys
    0x8CECB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x8CEE2000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x8CF03000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0x8CF26000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8CF2F000 \SystemRoot\System32\Drivers\Null.SYS
    0x8CF36000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8CF3D000 \SystemRoot\System32\drivers\vga.sys
    0x8CF49000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8CF6A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8CF72000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8CF7A000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8CF85000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8CF93000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8CF9C000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8CFB2000 \SystemRoot\system32\DRIVERS\smb.sys
    0x8CFC6000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8CB73000 \SystemRoot\system32\drivers\afd.sys
    0x8CBBB000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8CBD1000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8CBDF000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8D008000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8D044000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8D04E000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8D065000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8D072000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x8D07D000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x95890000 \SystemRoot\System32\win32k.sys
    0x8D085000 \SystemRoot\System32\drivers\Dxapi.sys
    0x8D08F000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x95AB0000 \SystemRoot\System32\TSDDD.dll
    0x95AD0000 \SystemRoot\System32\cdd.dll
    0x95AE0000 \SystemRoot\System32\ATMFD.DLL
    0x8D09E000 \SystemRoot\system32\drivers\luafv.sys
    0x8D0C1000 \SystemRoot\system32\drivers\spsys.sys
    0x8D171000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x8D181000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x8D1AB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x8D1B5000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9B802000 \SystemRoot\system32\drivers\HTTP.sys
    0x9B86F000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9B88C000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x9B8A5000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x9B8BA000 \SystemRoot\system32\drivers\mrxdav.sys
    0x9B8DB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9B8FA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x9B933000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x9B94B000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9B973000 \SystemRoot\System32\DRIVERS\srv.sys
    0x9B9D9000 \SystemRoot\System32\Drivers\adfs.SYS
    0x9B9EA000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0x9C602000 \SystemRoot\system32\drivers\peauth.sys
    0x9C6E0000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x9C6EA000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x9C6F6000 \SystemRoot\system32\DRIVERS\xaudio.sys
    0x9C6FE000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
    0x9C707000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0x9C72D000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x77D40000 \Windows\System32\ntdll.dll

    Processes (total 70):
    0 System Idle Process
    4 System
    448 C:\Windows\System32\smss.exe
    516 csrss.exe
    568 C:\Windows\System32\wininit.exe
    580 csrss.exe
    612 C:\Windows\System32\services.exe
    624 C:\Windows\System32\lsass.exe
    632 C:\Windows\System32\lsm.exe
    716 C:\Windows\System32\winlogon.exe
    824 C:\Windows\System32\svchost.exe
    872 C:\Windows\System32\nvvsvc.exe
    900 C:\Windows\System32\svchost.exe
    952 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    1076 C:\Windows\System32\svchost.exe
    1196 C:\Windows\System32\svchost.exe
    1216 C:\Windows\System32\svchost.exe
    1324 C:\Windows\System32\audiodg.exe
    1344 C:\Windows\System32\svchost.exe
    1360 C:\Windows\System32\SLsvc.exe
    1380 C:\Windows\System32\svchost.exe
    1436 C:\Windows\System32\rundll32.exe
    1572 C:\Windows\System32\svchost.exe
    1768 C:\Windows\System32\spoolsv.exe
    1792 C:\Windows\System32\svchost.exe
    2016 C:\Program Files\Nero\Update\NASvc.exe
    124 C:\Windows\System32\svchost.exe
    1312 C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
    1408 C:\Windows\System32\svchost.exe
    1580 C:\Program Files\Viewpoint\Common\ViewpointService.exe
    1600 postgres.exe
    1840 C:\Windows\System32\svchost.exe
    1108 C:\Windows\System32\SearchIndexer.exe
    1912 postgres.exe
    608 postgres.exe
    1536 postgres.exe
    1668 postgres.exe
    2052 C:\Windows\System32\drivers\XAudio.exe
    2108 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    2372 C:\Windows\System32\taskeng.exe
    2740 C:\Windows\System32\taskeng.exe
    2812 C:\Windows\System32\dwm.exe
    2884 C:\Windows\explorer.exe
    3132 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    3152 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    3168 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    3188 C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
    3196 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    3236 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    3252 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    3260 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    3312 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3332 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    3376 C:\Windows\System32\rundll32.exe
    3432 C:\Program Files\Microsoft Security Essentials\msseces.exe
    3456 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    3508 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3528 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3616 WmiPrvSE.exe
    3640 C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    3912 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    3024 C:\Windows\System32\alg.exe
    3408 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3976 C:\Program Files\Google\Chrome\Application\chrome.exe
    3812 C:\Program Files\Google\Chrome\Application\chrome.exe
    2480 C:\Program Files\Google\Chrome\Application\chrome.exe
    2404 C:\Windows\System32\SearchProtocolHost.exe
    1232 C:\Windows\System32\SearchFilterHost.exe
    2292 C:\Users\Jeff\Desktop\MBRCheck.exe
    3804 C:\Windows\System32\conime.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`53ff8a00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD1600BEVS-60RST0, Rev: 04.01G04

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
  13. Broni

    Broni Malware Annihilator Posts: 46,156   +251

    Good job :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  14. canam

    canam Newcomer, in training Topic Starter Posts: 23

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Quanta
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: Compaq Presario F700 Notebook PC
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 154):
    0x81E3B000 \SystemRoot\system32\ntkrnlpa.exe
    0x81E08000 \SystemRoot\system32\hal.dll
    0x80409000 \SystemRoot\system32\kdcom.dll
    0x80410000 \SystemRoot\system32\PSHED.dll
    0x80421000 \SystemRoot\system32\BOOTVID.dll
    0x80429000 \SystemRoot\system32\CLFS.SYS
    0x8046A000 \SystemRoot\system32\CI.dll
    0x8054A000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x805BB000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80604000 \SystemRoot\System32\Drivers\sptd.sys
    0x80710000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x80719000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x8073F000 \SystemRoot\system32\drivers\acpi.sys
    0x80785000 \SystemRoot\system32\drivers\msisadrv.sys
    0x8078D000 \SystemRoot\system32\drivers\pci.sys
    0x807B4000 \SystemRoot\System32\drivers\partmgr.sys
    0x807C3000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x807C6000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x807D0000 \SystemRoot\system32\drivers\volmgr.sys
    0x82803000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8284D000 \SystemRoot\system32\drivers\pciide.sys
    0x82854000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x82862000 \SystemRoot\System32\drivers\mountmgr.sys
    0x82872000 \SystemRoot\system32\drivers\atapi.sys
    0x8287A000 \SystemRoot\system32\drivers\ataport.SYS
    0x82898000 \SystemRoot\System32\Drivers\AFS.sys
    0x828A5000 \SystemRoot\system32\drivers\fltmgr.sys
    0x828D7000 \SystemRoot\system32\drivers\fileinfo.sys
    0x828E7000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x82A0D000 \SystemRoot\system32\drivers\ndis.sys
    0x82B18000 \SystemRoot\system32\drivers\msrpc.sys
    0x82B43000 \SystemRoot\system32\drivers\NETIO.SYS
    0x87C0E000 \SystemRoot\System32\drivers\tcpip.sys
    0x87CF8000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x87E0E000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x87F1E000 \SystemRoot\system32\drivers\volsnap.sys
    0x87F57000 \SystemRoot\System32\Drivers\spldr.sys
    0x87F5F000 \SystemRoot\System32\Drivers\mup.sys
    0x87F6E000 \SystemRoot\System32\drivers\ecache.sys
    0x87F95000 \SystemRoot\system32\drivers\disk.sys
    0x87FA6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x87FC7000 \SystemRoot\system32\drivers\crcdisk.sys
    0x87FF0000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x87E00000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x87D13000 \SystemRoot\system32\DRIVERS\amdk8.sys
    0x87E09000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x87FFB000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
    0x87D23000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x87D33000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x87D3A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x87D43000 \SystemRoot\system32\DRIVERS\nvsmu.sys
    0x87D46000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x87D50000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x87D8E000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x87D9D000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x82958000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x87DB5000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x87DCF000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
    0x87DE0000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
    0x82B7E000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
    0x8BA08000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
    0x8BB08000 \SystemRoot\system32\DRIVERS\athr.sys
    0x8BC06000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x8C338000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8C3D9000 \SystemRoot\System32\drivers\watchdog.sys
    0x8C3E5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8C3F8000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
    0x8BBC1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8C407000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x8C442000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8C444000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8C44F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8C47E000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8C4BF000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8C4CA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8C4E1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8C4EC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8C50F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8C51E000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8C532000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8C547000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8C557000 \SystemRoot\system32\DRIVERS\mcdbus.sys
    0x8C574000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8C576000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8C5A0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8C5AA000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8C5B7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x8C5C0000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8BBCC000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x805C9000 \SystemRoot\system32\drivers\CHDRT32.sys
    0x82BD0000 \SystemRoot\system32\drivers\portcls.sys
    0x8CA0D000 \SystemRoot\system32\drivers\drmk.sys
    0x8CA32000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    0x8CA70000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0x8CE09000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0x8CEBE000 \SystemRoot\system32\drivers\modem.sys
    0x8CECB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x8CEE2000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x8CF03000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0x8CF26000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8CF2F000 \SystemRoot\System32\Drivers\Null.SYS
    0x8CF36000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8CF3D000 \SystemRoot\System32\drivers\vga.sys
    0x8CF49000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8CF6A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8CF72000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8CF7A000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8CF85000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8CF93000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8CF9C000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8CFB2000 \SystemRoot\system32\DRIVERS\smb.sys
    0x8CFC6000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8CB73000 \SystemRoot\system32\drivers\afd.sys
    0x8CBBB000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8CBD1000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8CBDF000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8D008000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8D044000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8D04E000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8D065000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8D072000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x8D07D000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x95890000 \SystemRoot\System32\win32k.sys
    0x8D085000 \SystemRoot\System32\drivers\Dxapi.sys
    0x8D08F000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x95AB0000 \SystemRoot\System32\TSDDD.dll
    0x95AD0000 \SystemRoot\System32\cdd.dll
    0x95AE0000 \SystemRoot\System32\ATMFD.DLL
    0x8D09E000 \SystemRoot\system32\drivers\luafv.sys
    0x8D0C1000 \SystemRoot\system32\drivers\spsys.sys
    0x8D171000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x8D181000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x8D1AB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x8D1B5000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9B802000 \SystemRoot\system32\drivers\HTTP.sys
    0x9B86F000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9B88C000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x9B8A5000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x9B8BA000 \SystemRoot\system32\drivers\mrxdav.sys
    0x9B8DB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9B8FA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x9B933000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x9B94B000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9B973000 \SystemRoot\System32\DRIVERS\srv.sys
    0x9B9D9000 \SystemRoot\System32\Drivers\adfs.SYS
    0x9B9EA000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0x9C602000 \SystemRoot\system32\drivers\peauth.sys
    0x9C6E0000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x9C6EA000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x9C6F6000 \SystemRoot\system32\DRIVERS\xaudio.sys
    0x9C6FE000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
    0x9C707000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0x9C72D000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x77D40000 \Windows\System32\ntdll.dll

    Processes (total 70):
    0 System Idle Process
    4 System
    448 C:\Windows\System32\smss.exe
    516 csrss.exe
    568 C:\Windows\System32\wininit.exe
    580 csrss.exe
    612 C:\Windows\System32\services.exe
    624 C:\Windows\System32\lsass.exe
    632 C:\Windows\System32\lsm.exe
    716 C:\Windows\System32\winlogon.exe
    824 C:\Windows\System32\svchost.exe
    872 C:\Windows\System32\nvvsvc.exe
    900 C:\Windows\System32\svchost.exe
    952 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    1076 C:\Windows\System32\svchost.exe
    1196 C:\Windows\System32\svchost.exe
    1216 C:\Windows\System32\svchost.exe
    1324 C:\Windows\System32\audiodg.exe
    1344 C:\Windows\System32\svchost.exe
    1360 C:\Windows\System32\SLsvc.exe
    1380 C:\Windows\System32\svchost.exe
    1436 C:\Windows\System32\rundll32.exe
    1572 C:\Windows\System32\svchost.exe
    1768 C:\Windows\System32\spoolsv.exe
    1792 C:\Windows\System32\svchost.exe
    2016 C:\Program Files\Nero\Update\NASvc.exe
    124 C:\Windows\System32\svchost.exe
    1312 C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
    1408 C:\Windows\System32\svchost.exe
    1580 C:\Program Files\Viewpoint\Common\ViewpointService.exe
    1600 postgres.exe
    1840 C:\Windows\System32\svchost.exe
    1108 C:\Windows\System32\SearchIndexer.exe
    1912 postgres.exe
    608 postgres.exe
    1536 postgres.exe
    1668 postgres.exe
    2052 C:\Windows\System32\drivers\XAudio.exe
    2108 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    2372 C:\Windows\System32\taskeng.exe
    2740 C:\Windows\System32\taskeng.exe
    2812 C:\Windows\System32\dwm.exe
    2884 C:\Windows\explorer.exe
    3132 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    3152 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    3168 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    3188 C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
    3196 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    3236 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    3252 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    3260 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    3312 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3332 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    3376 C:\Windows\System32\rundll32.exe
    3432 C:\Program Files\Microsoft Security Essentials\msseces.exe
    3456 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    3508 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3528 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3616 WmiPrvSE.exe
    3640 C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    3912 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    3024 C:\Windows\System32\alg.exe
    3408 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3976 C:\Program Files\Google\Chrome\Application\chrome.exe
    3812 C:\Program Files\Google\Chrome\Application\chrome.exe
    2480 C:\Program Files\Google\Chrome\Application\chrome.exe
    2404 C:\Windows\System32\SearchProtocolHost.exe
    1232 C:\Windows\System32\SearchFilterHost.exe
    2292 C:\Users\Jeff\Desktop\MBRCheck.exe
    3804 C:\Windows\System32\conime.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`53ff8a00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD1600BEVS-60RST0, Rev: 04.01G04

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
  15. Broni

    Broni Malware Annihilator Posts: 46,156   +251

    Looks good :)
    Go on....
  16. canam

    canam Newcomer, in training Topic Starter Posts: 23

    I thank you for your time and input. On a side note why doesn't the anti-virus and malware protection find these issues?
  17. Broni

    Broni Malware Annihilator Posts: 46,156   +251

    There is no perfect security program.

    I still need Combofix log.
  18. canam

    canam Newcomer, in training Topic Starter Posts: 23

    i posted it but it said ot needed admin approval
     
  19. Broni

    Broni Malware Annihilator Posts: 46,156   +251

    I don't see Combofix log.
  20. canam

    canam Newcomer, in training Topic Starter Posts: 23

    can i re run combo fix?
  21. Broni

    Broni Malware Annihilator Posts: 46,156   +251

    If you really ran Combofix already, look for C:\combofix.txt file.
    If it's there, paste its content.
  22. canam

    canam Newcomer, in training Topic Starter Posts: 23

    lol search for combofix didnt work but adding c: to it helps :)

    ComboFix 10-12-17.02 - Jeff 12/18/2010 9:54.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1982.1192 [GMT -4:00]
    Running from: c:\users\Jeff\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
    SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2010-11-18 to 2010-12-18 )))))))))))))))))))))))))))))))
    .

    2010-12-18 14:14 . 2010-12-18 14:15 -------- d-----w- c:\users\Jeff\AppData\Local\temp
    2010-12-18 14:14 . 2010-12-18 14:14 -------- d-----w- c:\users\SHELL\AppData\Local\temp
    2010-12-18 14:14 . 2010-12-18 14:14 -------- d-----w- c:\users\postgres\AppData\Local\temp
    2010-12-18 14:14 . 2010-12-18 14:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-17 11:37 . 2010-11-16 16:01 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9329974A-32ED-4308-B237-CC973B97B68A}\mpengine.dll
    2010-12-16 22:17 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-12-16 22:17 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2010-12-16 11:18 . 2010-11-16 16:01 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-12-13 16:05 . 2010-12-13 16:05 -------- d-----w- c:\program files\Common Files\PX Storage Engine
    2010-12-13 16:04 . 2010-12-13 16:04 -------- d-----w- c:\program files\Common Files\DivX Shared
    2010-12-13 16:02 . 2010-12-13 16:06 -------- d-----w- c:\program files\DivX
    2010-12-13 16:02 . 2010-12-13 16:06 -------- d-----w- c:\programdata\DivX
    2010-12-12 21:31 . 2010-12-16 22:16 -------- d-----w- c:\windows\system32\catroot2
    2010-12-12 01:25 . 2010-12-12 01:25 -------- d-----w- c:\users\Jeff\AppData\Local\WBFSManager
    2010-12-12 01:23 . 2010-12-12 01:23 -------- d-----w- c:\program files\WBFS
    2010-12-11 23:59 . 2010-07-15 12:44 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
    2010-12-11 23:59 . 2010-10-28 16:23 2217088 ----a-w- c:\windows\system32\BootMan.exe
    2010-12-11 23:59 . 2010-07-15 12:44 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
    2010-12-11 23:59 . 2010-07-15 12:44 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
    2010-12-11 23:59 . 2010-07-15 12:44 14216 ----a-w- c:\windows\system32\epmntdrv.sys
    2010-12-11 16:22 . 2008-12-14 00:01 77824 ----a-w- c:\windows\system32\xvid.ax
    2010-12-11 16:22 . 2008-12-05 01:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
    2010-12-11 16:22 . 2008-12-05 01:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
    2010-12-11 16:22 . 2010-12-11 16:22 -------- d-----w- c:\program files\Xvid
    2010-12-11 12:09 . 2010-12-11 12:25 -------- d-----w- c:\users\Jeff\AppData\Roaming\Nero
    2010-12-11 02:21 . 2010-12-11 02:22 -------- d-----w- c:\program files\Common Files\Nero
    2010-12-11 02:20 . 2010-12-11 02:25 -------- d-----w- c:\programdata\Nero
    2010-12-11 02:13 . 2008-10-15 10:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
    2010-12-11 02:13 . 2007-05-16 20:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
    2010-12-10 13:08 . 2010-12-10 13:08 -------- d-----w- c:\program files\Microsoft Security Essentials
    2010-12-10 11:54 . 2010-12-10 11:54 -------- d-----w- c:\program files\uTorrent
    2010-12-10 11:54 . 2010-12-18 13:37 -------- d-----w- c:\users\Jeff\AppData\Roaming\uTorrent
    2010-12-08 13:30 . 2010-12-08 13:30 219200 ----a-w- c:\windows\system32\dtsoftbus01.sys
    2010-12-08 13:22 . 2010-12-08 13:22 -------- d-----w- c:\programdata\bdch
    2010-12-08 13:07 . 2010-12-08 13:07 -------- d-----w- c:\program files\BitDefender
    2010-12-08 13:02 . 2010-12-08 13:02 -------- d-----w- c:\users\Jeff\AppData\Roaming\QuickScan
    2010-12-08 13:01 . 2010-12-08 13:19 62450 ----a-w- c:\programdata\bdinstall.bin
    2010-12-07 11:25 . 2010-12-07 11:25 -------- d-----w- c:\programdata\AVG Security Toolbar
    2010-12-07 03:35 . 2010-11-30 15:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-07 03:34 . 2010-11-30 15:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-07 03:24 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EBA4B151-505A-4B9D-9EB2-4C21043B6535}\mpengine.dll
    2010-12-04 14:40 . 2010-12-04 14:40 -------- d-----w- c:\users\Jeff\AppData\Roaming\Malwarebytes
    2010-12-04 14:40 . 2010-12-04 14:40 -------- d-----w- c:\programdata\Malwarebytes
    2010-12-04 14:40 . 2010-12-10 11:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-23 19:54 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-14 23:54 . 2010-08-25 10:50 420920 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
    2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
    2010-10-19 20:51 . 2009-10-03 10:04 222080 ------w- c:\windows\system32\MpSigStub.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-03 68856]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
    "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
    "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
    "Prelaunch OmniPage"="c:\program files\Nuance\OmniPage17\OmniPage17.exe" [2010-01-26 5592352]
    "Nuance OmniPage 17-reminder"="c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe" [2008-11-03 54560]
    "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

    c:\users\SHELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

    c:\users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate1ca45ea80e8e190;Google Update Service (gupdate1ca45ea80e8e190);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 133104]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
    R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 AFS;AFS; [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-14 420920]
    S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w [x]
    S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-18 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-06 04:18]

    2010-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 18:34]

    2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 18:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    mStart Page = about:blank
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    Trusted Zone: pogo.com\game3
    TCP: {9EDE12AD-6E7E-4171-9A86-A055CBE5991D} = 24.222.0.94,24.222.0.95
    FF - ProfilePath - c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\bljpsikf.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc6b978&v=6.010.006.004&i=26&tp=ab&iy=&ychte=ca&lng=en-US&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-EASEUS Partition Master Home Edition_is1 - c:\program files\EASEUS\EASEUS Partition Master 6.5.2 Home Edition\unins000.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-18 10:14
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\postgresql-8.4]
    "ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\postgresql-8.4]
    "ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\SetId\Internal]
    @Denied: (A 2) (LocalSystem)
    "DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"0\" InstallIS=\"1289332796\" isSubsc=\"0\" authStat_is=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"2\" moduleId1=\"8\" moduleId2=\"0\" relType=\"1\" />"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(4028)
    c:\program files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL
    c:\program files\Hewlett-Packard\HP Share-to-Web\S2WNSRES.DLL
    c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
    .
    Completion time: 2010-12-18 10:32:26
    ComboFix-quarantined-files.txt 2010-12-18 14:32
    ComboFix2.txt 2010-12-15 01:10

    Pre-Run: 14,836,469,760 bytes free
    Post-Run: 14,811,410,432 bytes free

    - - End Of File - - EBDCC780FEFE82CE9E36578537F7E327
  23. Broni

    Broni Malware Annihilator Posts: 46,156   +251

    It looks good :)

    How is computer doing?

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

    =======================================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  24. canam

    canam Newcomer, in training Topic Starter Posts: 23

    OTL logfile created on: 12/20/2010 7:07:42 AM - Run 1
    OTL by OldTimer - Version 3.2.17.4 Folder = C:\Users\Jeff\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): ?:\pagefile.sys

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 137.31 Gb Total Space | 17.37 Gb Free Space | 12.65% Space Free | Partition Type: NTFS
    Drive D: | 11.74 Gb Total Space | 2.01 Gb Free Space | 17.09% Space Free | Partition Type: NTFS

    Computer Name: JEFF-PC | User Name: Jeff | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/20 07:06:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
    PRC - [2010/12/08 19:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    PRC - [2010/12/08 15:17:46 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
    PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
    PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    PRC - [2009/09/08 03:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
    PRC - [2009/09/08 03:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
    PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/08/03 09:14:27 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2007/09/15 04:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    PRC - [2002/04/17 09:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    PRC - [2002/04/17 09:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/20 07:06:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
    MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
    SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/09/08 03:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
    SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/03/05 14:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jeff\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2010/11/14 19:54:53 | 000,420,920 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2010/07/15 08:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
    DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
    DRV - [2010/05/27 22:32:58 | 000,245,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
    DRV - [2009/06/24 06:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/03/25 06:13:11 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
    DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2008/08/29 10:54:37 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
    DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2008/03/04 01:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2007/11/01 07:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2007/11/01 07:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
    DRV - [2007/11/01 07:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2007/10/18 05:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/09/09 03:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
    DRV - [2007/08/08 20:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2007/06/18 21:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2007/05/30 19:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2007/04/10 11:36:36 | 000,062,794 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C)
    DRV - [2007/02/16 04:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
    DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 03:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
    DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2006/11/02 03:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
    DRV - [2006/10/18 22:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
    DRV - [2006/06/28 14:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
    FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cc6b978&v=6.010.006.004&i=26&tp=ab&iy=&ychte=ca&lng=en-US&q="
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 12:12:31 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/13 11:49:01 | 000,000,000 | ---D | M]

    [2009/05/29 22:04:49 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Mozilla\Extensions
    [2010/12/19 12:05:39 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\bljpsikf.default\extensions
    [2009/09/02 09:53:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\bljpsikf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/11/14 19:41:23 | 000,002,059 | ---- | M] () -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\bljpsikf.default\searchplugins\daemon-search.xml
    [2010/12/10 07:39:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/07/05 20:00:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/26 22:49:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2009/07/02 10:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

    O1 HOSTS File: ([2010/12/14 20:56:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Nuance OmniPage 17-reminder] C:\Program Files\Nuance\OmniPage17\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [Prelaunch OmniPage] C:\Program Files\Nuance\OmniPage17\OmniPage17.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
    O15 - HKCU\..Trusted Domains: pogo.com ([game3] http in Trusted sites)
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab (MSN Photo Upload Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
    O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/11/04 09:09:42 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.JDCT - C:\Windows\System32\jl_jdct.drv (JEILIN Tech.)
    Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
    Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/20 07:06:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
    [2010/12/18 10:32:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/12/18 10:32:45 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Local\temp
    [2010/12/18 10:29:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/12/18 09:48:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/12/14 20:21:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/12/14 20:21:01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/12/14 20:21:01 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/12/14 20:20:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/12/13 12:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
    [2010/12/13 12:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
    [2010/12/13 12:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
    [2010/12/13 12:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
    [2010/12/12 17:31:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
    [2010/12/12 07:12:31 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Desktop\eli
    [2010/12/12 07:07:19 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Desktop\music
    [2010/12/11 21:25:25 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Local\WBFSManager
    [2010/12/11 21:23:44 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Documents\WBFS Manager Covers
    [2010/12/11 21:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\WBFS
    [2010/12/11 12:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
    [2010/12/11 08:09:38 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\Nero
    [2010/12/11 07:45:37 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Desktop\hdd
    [2010/12/11 07:45:07 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Desktop\SEA_DISC
    [2010/12/10 22:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
    [2010/12/10 22:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
    [2010/12/10 21:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
    [2010/12/10 10:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
    [2010/12/10 09:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
    [2010/12/10 07:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
    [2010/12/10 07:54:30 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\uTorrent
    [2010/12/08 09:30:33 | 000,219,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\dtsoftbus01.sys
    [2010/12/08 09:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch
    [2010/12/08 09:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
    [2010/12/08 09:02:46 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\QuickScan
    [2010/12/07 07:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
    [2010/12/06 23:35:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/12/06 23:34:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/12/05 19:33:15 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/04 10:40:47 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\Malwarebytes
    [2010/12/04 10:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/12/04 10:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/21 09:28:41 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Desktop\web
    [2010/08/20 21:54:39 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Jeff\AppData\Roaming\pcouffin.sys
    [1 C:\Users\Jeff\Documents\*.tmp files -> C:\Users\Jeff\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/12/20 07:06:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
    [2010/12/20 06:19:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/12/20 05:53:10 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/12/20 05:53:10 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/12/19 22:41:32 | 000,125,800 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2010/12/19 22:41:32 | 000,125,800 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2010/12/19 17:51:43 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2010/12/19 14:19:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/12/19 11:54:47 | 000,000,437 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
    [2010/12/19 11:53:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/12/18 09:44:54 | 000,618,330 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/12/18 09:44:54 | 000,112,552 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/12/17 03:24:25 | 002,328,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/12/14 20:56:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/12/14 20:14:27 | 209,644,028 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/12/13 19:20:37 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2010/12/13 12:06:49 | 000,001,430 | ---- | M] () -- C:\Users\Jeff\Desktop\DivX Movies.lnk
    [2010/12/13 12:06:09 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2010/12/12 17:15:17 | 000,689,664 | ---- | M] () -- C:\Users\Jeff\Desktop\MicrosoftFixit50202.msi
    [2010/12/12 14:05:11 | 000,001,057 | ---- | M] () -- C:\Users\Jeff\AppData\Roaming\vso_ts_preview.xml
    [2010/12/11 21:23:46 | 000,000,938 | ---- | M] () -- C:\Users\Jeff\Desktop\WBFS Manager 3.0.lnk
    [2010/12/10 22:23:21 | 000,002,122 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
    [2010/12/10 10:34:57 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2010/12/10 09:08:24 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
    [2010/12/10 07:54:57 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2010/12/10 07:49:02 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/08 17:41:00 | 000,000,162 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
    [2010/12/08 09:36:28 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/12/08 09:30:33 | 000,219,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\dtsoftbus01.sys
    [2010/12/08 09:30:33 | 000,007,838 | ---- | M] () -- C:\Windows\System32\dtsoftbus01.cat
    [2010/12/08 09:30:33 | 000,001,915 | ---- | M] () -- C:\Windows\System32\dtsoftbus01.inf
    [2010/12/08 09:19:51 | 000,062,450 | ---- | M] () -- C:\ProgramData\bdinstall.bin
    [2010/11/30 11:22:20 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/11/30 11:22:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/11/23 00:20:31 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2010/11/20 08:52:29 | 000,000,657 | ---- | M] () -- C:\Users\Public\Desktop\Poker 770.lnk
    [1 C:\Users\Jeff\Documents\*.tmp files -> C:\Users\Jeff\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/12/14 20:21:01 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/12/14 20:21:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/12/14 20:21:01 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/12/14 20:21:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/12/14 20:21:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/12/13 12:06:49 | 000,001,430 | ---- | C] () -- C:\Users\Jeff\Desktop\DivX Movies.lnk
    [2010/12/13 12:06:09 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2010/12/13 11:41:13 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2010/12/12 17:15:15 | 000,689,664 | ---- | C] () -- C:\Users\Jeff\Desktop\MicrosoftFixit50202.msi
    [2010/12/11 21:23:46 | 000,000,938 | ---- | C] () -- C:\Users\Jeff\Desktop\WBFS Manager 3.0.lnk
    [2010/12/11 19:59:47 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
    [2010/12/11 19:59:46 | 002,217,088 | ---- | C] () -- C:\Windows\System32\BootMan.exe
    [2010/12/11 19:59:46 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
    [2010/12/11 19:59:46 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
    [2010/12/11 19:59:46 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
    [2010/12/11 12:22:47 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2010/12/11 12:22:47 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2010/12/11 12:22:47 | 000,077,824 | ---- | C] () -- C:\Windows\System32\xvid.ax
    [2010/12/10 22:23:21 | 000,002,122 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
    [2010/12/10 10:34:57 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/12/10 09:08:24 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
    [2010/12/10 07:54:57 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2010/12/08 09:30:33 | 000,007,838 | ---- | C] () -- C:\Windows\System32\dtsoftbus01.cat
    [2010/12/08 09:30:33 | 000,001,915 | ---- | C] () -- C:\Windows\System32\dtsoftbus01.inf
    [2010/12/08 09:01:00 | 000,062,450 | ---- | C] () -- C:\ProgramData\bdinstall.bin
    [2010/12/06 23:35:05 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/20 08:52:29 | 000,000,657 | ---- | C] () -- C:\Users\Public\Desktop\Poker 770.lnk
    [2010/11/13 09:26:18 | 000,000,391 | ---- | C] () -- C:\Windows\MAXLINK.INI
    [2010/10/28 17:33:54 | 000,000,293 | ---- | C] () -- C:\Windows\hpqcopy.INI
    [2010/08/25 06:50:03 | 000,420,920 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
    [2010/08/20 21:58:53 | 000,001,057 | ---- | C] () -- C:\Users\Jeff\AppData\Roaming\vso_ts_preview.xml
    [2010/08/20 21:56:57 | 000,000,034 | ---- | C] () -- C:\Users\Jeff\AppData\Roaming\pcouffin.log
    [2010/08/20 21:54:39 | 000,007,887 | ---- | C] () -- C:\Users\Jeff\AppData\Roaming\pcouffin.cat
    [2010/08/20 21:54:39 | 000,001,144 | ---- | C] () -- C:\Users\Jeff\AppData\Roaming\pcouffin.inf
    [2010/07/22 09:32:38 | 000,000,000 | ---- | C] () -- C:\Windows\PTWebCam.INI
    [2010/07/22 09:19:07 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2010/07/05 19:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
    [2009/11/21 03:34:02 | 000,000,484 | ---- | C] () -- C:\Windows\wininit.ini
    [2009/09/17 01:40:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/07/29 13:36:25 | 000,000,576 | ---- | C] () -- C:\ProgramData\afl.log
    [2009/07/01 09:37:45 | 000,125,800 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2009/07/01 09:37:45 | 000,125,800 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/07/01 08:54:13 | 000,118,784 | ---- | C] () -- C:\Windows\System32\PTTreeIcons.dll
    [2009/05/20 15:56:20 | 000,001,112 | ---- | C] () -- C:\Users\Jeff\AppData\Local\autohandposter.xml
    [2008/08/29 11:00:25 | 000,147,456 | ---- | C] () -- C:\Windows\System32\VegaShEx.dll
    [2008/08/29 10:59:28 | 000,000,021 | ---- | C] () -- C:\Windows\PMK_setup.ini
    [2008/08/29 10:58:33 | 000,000,142 | ---- | C] () -- C:\Windows\Readiris.ini
    [2008/08/29 10:58:31 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
    [2008/08/26 08:27:23 | 000,025,602 | ---- | C] () -- C:\Windows\System32\un2ibdb.dll
    [2008/08/26 08:27:23 | 000,022,530 | ---- | C] () -- C:\Windows\System32\32kndit.dll
    [2008/08/12 11:48:06 | 000,000,000 | ---- | C] () -- C:\Users\Jeff\AppData\Local\FnF4.txt
    [2008/08/05 23:57:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
    [2008/06/08 13:51:17 | 000,000,680 | ---- | C] () -- C:\Users\Jeff\AppData\Local\d3d9caps.dat
    [2008/05/05 21:02:44 | 000,009,216 | ---- | C] () -- C:\Users\Jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/05/05 19:01:02 | 000,087,024 | ---- | C] () -- C:\Users\Jeff\AppData\Roaming\nvModes.001
    [2008/05/04 15:00:19 | 000,087,024 | ---- | C] () -- C:\Users\Jeff\AppData\Roaming\nvModes.dat
    [2008/05/03 07:59:32 | 000,000,000 | ---- | C] () -- C:\Users\Jeff\AppData\Local\QSwitch.txt
    [2008/05/03 07:59:32 | 000,000,000 | ---- | C] () -- C:\Users\Jeff\AppData\Local\DSwitch.txt
    [2008/05/03 07:59:32 | 000,000,000 | ---- | C] () -- C:\Users\Jeff\AppData\Local\AtStart.txt
    [2008/05/03 07:06:11 | 000,000,367 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2007/03/30 12:31:20 | 000,049,152 | ---- | C] () -- C:\Windows\System32\dec_jl6.dll
    [2007/02/22 11:17:50 | 000,000,071 | ---- | C] () -- C:\Windows\pn.ini
    [2007/02/22 11:17:50 | 000,000,051 | ---- | C] () -- C:\Windows\pr.ini
    [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/03/09 18:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

    ========== LOP Check ==========

    [2009/05/20 15:30:39 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\acccore
    [2009/10/13 18:51:05 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\AM Browser
    [2010/11/14 11:47:55 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\CheeseSoft
    [2010/11/14 12:54:38 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\DAEMON Tools Lite
    [2010/08/25 16:35:16 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\DAEMON Tools Pro
    [2010/10/24 11:20:33 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Home Designer Suite 8.0
    [2009/01/03 15:40:57 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\iWin
    [2008/08/21 11:49:21 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\muvee Technologies
    [2010/11/09 17:41:50 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Notepad++
    [2010/11/13 09:26:48 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Nuance
    [2009/10/28 17:31:06 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Opera
    [2009/08/20 20:09:56 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Passware
    [2009/06/07 09:21:44 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\PlayFirst
    [2010/12/08 09:02:46 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\QuickScan
    [2010/06/27 17:16:02 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\TeamViewer
    [2010/12/20 07:00:42 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\uTorrent
    [2010/12/12 14:05:12 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Vso
    [2009/06/10 17:26:24 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Wildlife Zoo
    [2008/05/04 19:22:16 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\WildTangent
    [2010/11/13 09:27:46 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Zeon
    [2010/12/19 11:52:07 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/07/01 08:54:15 | 000,000,035 | ---- | M] () -- C:\aa.txt
    [2007/11/04 09:09:42 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
    [2010/12/09 00:43:06 | 000,003,052 | ---- | M] () -- C:\bdlog.txt
    [2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2010/12/18 10:32:35 | 000,014,766 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2008/08/29 10:55:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008/08/29 10:55:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010/12/19 11:52:56 | 2393,038,848 | -HS- | M] () -- C:\pagefile.sys
    [2010/12/16 07:05:36 | 000,060,414 | ---- | M] () -- C:\TDSSKiller.2.4.11.0_16.12.2010_07.04.21_log.txt
    [2008/11/23 16:00:49 | 000,000,594 | ---- | M] () -- C:\updatedatfix.log

    < %systemroot%\Fonts\*.com >
    [2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/09/29 19:00:44 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 17:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/01/19 03:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/09/07 02:41:00 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/07/01 09:45:17 | 000,000,286 | -HS- | M] () -- C:\Users\Jeff\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/12/20 07:06:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/05/03 07:58:56 | 000,000,402 | -HS- | M] () -- C:\Users\Jeff\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2009/07/29 13:36:55 | 000,000,576 | ---- | M] () -- C:\ProgramData\afl.log
    [2010/12/08 09:19:51 | 000,062,450 | ---- | M] () -- C:\ProgramData\bdinstall.bin
    [2008/05/03 07:07:14 | 000,000,367 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2008/08/05 23:57:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\N360BUOptions.ini
    [2010/12/10 10:34:57 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2010/12/19 22:41:32 | 000,125,800 | ---- | M] () -- C:\ProgramData\nvModes.001
  25. canam

    canam Newcomer, in training Topic Starter Posts: 23

    OTL Extras logfile created on: 12/20/2010 7:07:42 AM - Run 1
    OTL by OldTimer - Version 3.2.17.4 Folder = C:\Users\Jeff\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): ?:\pagefile.sys

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 137.31 Gb Total Space | 17.37 Gb Free Space | 12.65% Space Free | Partition Type: NTFS
    Drive D: | 11.74 Gb Total Space | 2.01 Gb Free Space | 17.09% Space Free | Partition Type: NTFS

    Computer Name: JEFF-PC | User Name: Jeff | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01F28CFE-397D-47E6-8FAB-4BA0AE156F74}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{215EFFB2-3CFA-4C7C-A272-78A88330147E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{2537F476-8C19-4958-A83D-5CBF022FB2AD}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{2B207403-0F50-41F7-819B-7CF3E37FE16D}" = rport=445 | protocol=6 | dir=out | app=system |
    "{2B64F7F2-9682-4F06-9285-BFB05E06BBC7}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
    "{2C953002-F8CE-4E98-BABC-D4F93D737FB5}" = lport=137 | protocol=17 | dir=in | app=system |
    "{4BAB754D-E9EB-4EB1-80A4-B00F1B527E11}" = lport=445 | protocol=6 | dir=in | app=system |
    "{4C50BC56-CCC0-4647-9BF7-6E3071244462}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{8281F96D-70D5-4CEC-A538-FF74B006FFEC}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{876778A4-8EF0-4F69-B5E8-AE175E801142}" = rport=139 | protocol=6 | dir=out | app=system |
    "{8B2E7F08-C28F-45CC-9DB5-8DDFE17CF281}" = rport=138 | protocol=17 | dir=out | app=system |
    "{A4C13B4F-3D9D-4197-A8C7-E359D217949A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{A79C9EC7-6F92-4CA3-801E-9977E1F579EA}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{A95D99A0-E6D0-4BB5-A788-27B877B7F022}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{AA4B79BE-EEF9-4FE5-A264-BEAB321CAE35}" = lport=15521 | protocol=6 | dir=in | name=bit |
    "{B30176D8-AC0E-4AFF-9322-00B77C41D79F}" = rport=137 | protocol=17 | dir=out | app=system |
    "{C53D16EB-91AA-4041-9F5B-81885150AA11}" = lport=48280 | protocol=6 | dir=in | name=bt |
    "{CBC59855-9931-4CB5-A77C-39A094FF9467}" = lport=139 | protocol=6 | dir=in | app=system |
    "{DD02B778-DD61-4A9D-BFA8-7164FA670C43}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{E322BEE7-6622-4892-8B52-06EDE7F30362}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F8072254-D116-458A-85CA-5B92B0ECC58B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{FF584733-4972-4AC0-9D95-350B99620BDB}" = lport=138 | protocol=17 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0ADA5953-51A9-4C66-BFBE-96F2014F19C7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{10991564-3DB0-4C92-9BC1-C643C6720110}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{23EB3066-98EB-4480-808F-95C947B03857}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{26B16EFB-C97F-4E98-B1C4-679FB61DB2A1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{35126E00-6F0E-4A6B-A215-582B48C615E4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{38480E5F-0C34-4C74-A1D0-5AB45A8D1063}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{40CE8CC0-FFAC-47D7-AE13-7D965DF405E8}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{5117AB97-2ABD-42A3-897E-AED5D13ADB7D}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
    "{591F1AE4-2A84-45CF-99AA-D27EAC0F183A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{740B1D4D-2480-41DD-93D5-CF4B43EEBC97}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
    "{9C8F60A2-70E3-4072-8414-3E0ED01F8ABE}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
    "{9F118CEF-E90F-486F-A15D-2B6EF9B76822}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{AA17A70B-303D-49D4-9DE2-8102CA6FB948}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
    "{B0C8F3DD-7159-4214-96FE-928312A8BD7E}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "{BB3B11C7-D341-4BDA-B17D-9D8545C540DF}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{BFE4293A-29E3-4443-A0B2-6CC457693363}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
    "{C5242670-38B6-45A2-B48A-68F8BAAF499D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{C6721515-62E5-44D7-940B-6F9C5A93B9F1}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{C7A37852-B64D-4282-B7BE-950849339362}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
    "{CCF0AA8A-1CBE-402E-9330-6019719CC44A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{D7A37AA5-5D25-4E2B-BDAA-6337F3DFB345}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{D925B26B-E3B4-416C-AEFA-BBD8E28EC0D1}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
    "{DBF76BFC-BD5C-4B67-A166-D4F41DA6D412}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{DE9156E7-467F-4733-94A6-5EB4CA60CC06}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
    "{E157CC2D-4495-4A1E-88E9-B1AB420B1909}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{E3499878-E43F-413C-9BB1-C198CD9C6A7A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{E8D5FD2C-6D9A-4570-9064-22E3C83AD063}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{EA3315DE-7B5D-4C84-942C-FD3B943326BA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "TCP Query User{9F9CBFF5-9741-470A-9F07-B8ED115AD4B2}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "UDP Query User{DFD7EE7C-2885-4F65-A19E-CFF095FC1FE9}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
    "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
    "{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
    "{1D21ED4F-3C5E-45C3-9795-8C8CB2AB31DC}" = VantagePoint
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
    "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
    "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
    "{2E190C8E-682A-409D-9329-539E24C9D1C1}" = Opera 10.63
    "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 D2
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{3E270C95-8327-4C2F-A8E1-902CC2604A20}" = HP Photo and Imaging 2.3 - Scanjet 4600 Series
    "{3EB3B7E8-1466-405A-B5BC-44513AF85E34}_is1" = UltimateBet
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{4304BE34-6DDA-46CC-ADAB-77990DC77ED5}" = Magellan RoadMate Tools
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{71A271BC-9147-4074-B8FA-C222E6C5084D}" = ArcSoft Panorama Maker 3
    "{74B68E74-908B-48C4-8562-580CF2741BBA}" = Nuance OmniPage 17
    "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista
    "{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
    "{900792CC-3203-356C-EC2D-C3E558991ACE}" = Home Designer Suite 8
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
    "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
    "{9B93C2B3-D9E8-11D6-AB3E-000102B0F79A}" = Readiris Pro 8
    "{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}" = QuickTax 2008
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
    "{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
    "{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
    "{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
    "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.12.327
    "{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
    "{E6D3A461-8DDE-45C9-8C34-A33436FCC0B4}" = HP User Guides 0091
    "{ECB9C58E-C565-4683-9599-B72290BD3B25}" = QuickTax 2009
    "{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
    "{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
    "{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FCF2A735-3324-4D97-ADAD-4FF865CC05EB}_is1" = Final Uninstaller
    "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
    "{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
    "AC3Filter" = AC3Filter (remove only)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AIMars" = Kids Cam Show and Share Creativity Center
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "DivX Setup.divx.com" = DivX Setup
    "Dual Mode Camera_is1" = Uninstall Dual Mode Camera
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "GameHouse" = GameHouse
    "Google Chrome" = Google Chrome
    "Google Updater" = Google Updater
    "HoldemManager" = Holdem Manager
    "HP Photosmart Essential" = HP Photosmart Essential 2.5
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1D21ED4F-3C5E-45C3-9795-8C8CB2AB31DC}" = VantagePoint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Essentials" = Microsoft Security Essentials
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "Neonatal Resuscitation DVD-ROM" = Neonatal Resuscitation DVD-ROM
    "Notepad++" = Notepad++
    "NVIDIA Drivers" = NVIDIA Drivers
    "PokerStars" = PokerStars
    "PostgreSQL 8.4" = PostgreSQL 8.4
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "uTorrent" = µTorrent
    "WBFS Manager 3.0" = WBFS Manager 3.0
    "Web Games Player Plugin" = Web Games Player Plugin
    "WildTangent hp Master Uninstall" = HP Games
    "WinRAR archiver" = WinRAR archiver
    "Xvid_is1" = Xvid 1.2.1 final uninstall

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.