Solved Path not found to taskmgr.exe

captainiom

Posts: 21   +0
I have a Vista problem which I suspect is registry related. Any attempt to start the task manager fails with a path not found error. That includes ctrl alt del, run command, navigating to \Windows\system32 and moving a copy to \temp. However, renamin the copy to fred.exe does work which suggests that there is a block on the name in the registry.
I have followed the malware 5 steps very carefully and paste below the results as requested.

I considered usin max reistry cleaner but it apparently 'found' so many errors on its scan that i baulked.

If you can point me in the riht direction I would be very pleased. I have some 40 years computer experience so even in retirement I want to solve this attack.

Kind regards from the Isle of Man, British Isles!

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.02.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: JSM-LATOP [administrator]

02/03/2012 16:41:46
mbam-log-2012-03-02 (16-41-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 282829
Time elapsed: 9 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-02 16:58:22
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005a WDC_WD16 rev.11.0
Running: fth2ip73.exe; Driver: C:\Users\User\AppData\Local\Temp\kwrdrpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 19/10/2009 02:31:29
System Uptime: 02/03/2012 09:11:19 (8 hours ago)
.
Motherboard: MEDION | | WAM2070
Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-53 | U1 | 1700/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 130 GiB total, 57.268 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 0.002 GiB free.
E: is CDROM ()
G: is FIXED (NTFS) - 149 GiB total, 60.378 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player Plugin
Adobe Reader X (10.1.1)
Apple Application Support
Apple Software Update
ArcSoft Software Suite
Bing Bar
Britannica CD 2000
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco Network Magic
Cisco PEAP Module
Classic Client 5.2 Patch1
Coupon Printer for Windows
Crossword Maestro
Defraggler
Dev-C++ 5 beta 9 release (4.9.9.2)
Dynamic Report Decoder 1.04.00.02
eSigner 3x
FileZilla Client 3.5.3
Fix RegCleaner v1.0
Google Earth
Google Update Helper
Gpg4win (2.1.0)
Hardware Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Photo Creations
HP Update
IEEE 802.11a-b-g Wireless LAN Utility
IEEE 802.11g Wireless LAN driver
Java Auto Updater
Java(TM) 6 Update 29
Launch Manager V1.4.0
Legacy 7.5
LightScribe 1.4.124.1
Malwarebytes Anti-Malware version 1.60.1.1000
Max Registry Cleaner
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network Magic
NVIDIA Drivers
NZMapConv
OpenOffice.org 3.3
Opera 11.51
Penguin Hutchinson Reference Suite
POPFile 1.1.1
POPFile Data (User)
Pure Networks Platform
QuickShadow 2.4.0.0
QuickTime
Ralink RT2870 Wireless LAN Card
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Sibelius 6
Sibelius 6.2.0.88
Skype Click to Call
Skype™ 5.5
Speccy
SuyinCam
Synaptics Pointing Device Driver
Total Immersion D'Fusion @Home Web Plug-In
Turnpike Six
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
WebEx
WebEx Support Manager for Internet Explorer
Windows Live ID Sign-in Assistant
WinZip
.
==== Event Viewer Messages From Past Week ========
.
29/02/2012 14:47:33, Error: Microsoft-Windows-SharedAccess_NAT [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.0.1 on the same network as the interface with IP address 192.168.0.6. The allocator has disabled itself on the interface to avoid confusing DHCP clients.
29/02/2012 14:42:43, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
29/02/2012 09:31:13, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
29/02/2012 09:30:45, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Deskjet 6980 series with shared resource name HP Deskjet 6980 series. Error 2114. The printer cannot be used by others on the network.
29/02/2012 09:30:30, Error: EventLog [6008] - The previous system shutdown at 09:15:55 on 29/02/2012 was unexpected.
29/02/2012 09:28:36, Error: Service Control Manager [7023] -
28/02/2012 11:11:46, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
28/02/2012 11:01:32, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
02/03/2012 17:02:07, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume BOOT.
02/03/2012 17:00:19, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
02/03/2012 16:58:58, Error: Microsoft-Windows-SharedAccess_NAT [30009] - The DHCP allocator encountered a network error while attempting to reply on IP address 0.0.0.0 to a request from a client. The data is the error code.
02/03/2012 16:58:58, Error: Microsoft-Windows-SharedAccess_NAT [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.0.1 on the same network as the interface with IP address 192.168.0.3. The allocator has disabled itself on the interface to avoid confusing DHCP clients.
02/03/2012 16:58:53, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 0016D383F625 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
02/03/2012 12:09:15, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.4 for the Network Card with network address 0060B3384B84 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
02/03/2012 10:02:01, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
02/03/2012 09:12:36, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mailKmd
02/03/2012 09:12:36, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
02/03/2012 09:11:56, Error: EventLog [6008] - The previous system shutdown at 08:48:43 on 02/03/2012 was unexpected.
01/03/2012 10:34:16, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
01/03/2012 10:33:39, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.6 for the Network Card with network address 0016D383F625 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
01/03/2012 10:33:35, Error: EventLog [6008] - The previous system shutdown at 10:23:33 on 01/03/2012 was unexpected.
.
==== End Of File ===========================


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by User at 17:00:46 on 2012-03-02
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1918.565 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\QuicklyTech\QuickShadow.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\atashost.exe
C:\Program Files\GNU\GnuPG\dirmngr.exe
C:\Program Files\Gemalto\Classic Client\BIN\GslShmSrvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Ralink\Common\RaRegistry.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynMedion.exe
C:\Program Files\Gemalto\Classic Client\BIN\RegTool.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\PHRS\LibMan.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\PROGRA~1\POPFile\popfileib.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Max Registry Cleaner\RCVistaService.exe
C:\temp\fred.exe
C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.manx.net/
uDefault_Page_URL = hxxp://www.msn.com
mDefault_Page_URL = hxxp://www.medion.com/
uInternet Settings,ProxyOverride = hxxp://localhost;
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [LaunchAp] "c:\program files\launch manager\LaunchAp.exe"
mRun: [HotkeyApp] "c:\program files\launch manager\HotkeyApp.exe"
mRun: [LMgrOSD] "c:\program files\launch manager\OSD.exe"
mRun: [Wbutton] "c:\program files\launch manager\Wbutton.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [RegTool] c:\program files\gemalto\classic client\bin\RegTool.exe
mRun: [TaskTray]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [RCAutoLiveUpdate] c:\program files\max registry cleaner\MaxLURC.exe -AUTO
mRun: [RCSystemTray] c:\program files\max registry cleaner\MaxRCSystemTray.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAAxADMAOQA3ADgAMgAyADMALQBCADMALQBUAEIAOQArADIALQBGAEwAKwA5AC0ARgA5AE0ANwBCACsANQA"&"prod=90"&"ver=9.0.872
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\runpop~1.lnk - c:\program files\popfile\runpopfile.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wplink~1.lnk - c:\program files\phrs\LibMan.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: barclayswealth.com\www
Trusted Zone: bacs.co.uk\paymentservices
Trusted Zone: barclays.com\ams
Trusted Zone: barclays.com\ibank1.bib
Trusted Zone: barclays.com\www.iceb
Trusted Zone: iplservices.voca.com
Trusted Zone: paymentservices.fpsdca.co.uk
Trusted Zone: tradeonlineservices.com\europe
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.hodder.co.uk/paintedcavesar/plugin/DFusionHomeWebPlugIn.Installer.exe
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C61D10ED-25E2-4D77-B092-B6662874A5EF} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F254966D-B4BC-43CF-BDFD-844E16CE01A1} : DhcpNameServer = 192.168.0.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IFEO: taskmgr.exe - "c:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\nmi62ys7\PROCEXP.EXE"
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 64952]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-4-20 20376]
R2 DirMngr;DirMngr;c:\program files\gnu\gnupg\dirmngr.exe [2011-3-2 224256]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-11-12 21504]
R2 GslShmSrvc;GSL Share Memory;c:\program files\gemalto\classic client\bin\GslShmSrvc.exe [2009-2-26 69632]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RaRegistry.exe [2011-10-21 185632]
R2 RCVistaSvc;RCVistaSvc;c:\program files\max registry cleaner\RCVistaService.exe [2012-3-2 1076880]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-29 904192]
R3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [2009-8-10 89600]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 WisLMSvc;WisLMSvc;c:\program files\launch manager\WisLMSvc.exe [2007-7-17 118784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-3 136176]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\drivers\athru6.sys [2011-5-1 871936]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-3 136176]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2011-10-21 822272]
S3 NtiEnc;NtiEnc;c:\windows\system32\drivers\NtiEnc.sys [2010-3-30 156928]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-02 16:59:53 6552120 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b43508cc-eed2-46bb-a153-acc7a6285b7f}\mpengine.dll
2012-03-02 16:39:40 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2012-03-02 16:39:25 -------- d-----w- c:\programdata\Malwarebytes
2012-03-02 16:39:23 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-02 16:39:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-02 12:11:44 -------- d-----w- c:\programdata\Max Secure
2012-03-02 12:11:18 151472 ----a-w- c:\windows\system32\GetHardDiskNo.dll
2012-03-02 12:11:07 -------- d-----w- c:\windows\MaxSecureBackup
2012-03-02 12:11:07 -------- d-----w- c:\program files\Max Registry Cleaner
2012-03-02 11:39:59 -------- d-----w- c:\program files\Fix RegCleaner
2012-02-28 13:22:11 -------- d-----w- c:\program files\Pure Networks
2012-02-28 13:17:48 8892928 ----a-w- c:\programdata\atscie.msi
2012-02-28 13:16:22 26672 ----a-w- c:\windows\system32\drivers\pnarp.sys
2012-02-28 13:15:09 27696 ----a-w- c:\windows\system32\drivers\purendis.sys
2012-02-28 13:14:35 -------- d-----w- c:\program files\common files\Pure Networks Shared
2012-02-28 13:14:11 -------- d-----w- c:\programdata\Pure Networks
2012-02-25 09:02:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-02-25 09:02:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-02-25 09:02:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-02-25 09:02:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-02-25 09:02:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-02-25 09:02:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-02-25 09:02:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-02-15 07:09:46 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 07:09:44 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 07:09:42 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-02-10 09:55:32 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{eab30799-6846-4a5f-bd52-ac0c2f90e658}\gapaengine.dll
2012-02-06 19:23:19 784144 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
.
==================== Find3M ====================
.
2012-02-20 09:52:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 17:01:38.70 ===============
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================================================

I considered usin max reistry cleaner
Don't.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


====================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
BSOD running aswMBR

Following instructions downloaded from AVAST, updated virus definitions and scan. After approx 3 minutes BSOD with restart data as follows:-

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 2057

Additional information about the problem:
BCCode: d1
BCP1: 00000000
BCP2: 000000FF
BCP3: 00000008
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini030312-01.dmp
C:\Users\User\AppData\Local\Temp\WER-110448-0.sysdata.xml
C:\Users\User\AppData\Local\Temp\WER3A12.tmp.version.txt

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409



After restart tried again and now BSOD after 1 minute while scanning sfloppy.sys I think. Data after restart in safe mode:-
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 2057

Additional information about the problem:
BCCode: 7a
BCP1: C0408090
BCP2: C000000E
BCP3: 393508C0
BCP4: 81012000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini030312-02.dmp
C:\Users\User\AppData\Local\Temp\WER-79045-0.sysdata.xml
C:\Users\User\AppData\Local\Temp\WER3BA8.tmp.version.txt

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409



tried running asw in safe mode but failed because (of course) no driver loaded.



Do you wish me to forward any of the data files collected in the crashes?
Do you wish me to uninstall the regcleaner?
 
bootkit

reg cleaner uninstalled and rebooted laptop

downloaded boot_cleaner

suspended non important apps such as skype

ran boot_cleaner with output as follows:-

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
combofix run

instructions followed precisely. only problem was on rebootin after completion to brin back all programs. First reboot had no sound so skype did not work. Rebooted aain and OK. task manaer now starts from ctr alt del.
Output of txt file follows. However, I would really like to know what was the infection and any pointers as to how it ot past MSE and firewall (and my hardware netgear firewall). It worries me that standard protection does not seem to be adequate ):

ComboFix 12-03-02.01 - User 03/03/2012 19:00:58.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1918.1044 [GMT 0:00]
Running from: c:\users\User\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL1C4.tmp
c:\programdata\SPL1CC2.tmp
c:\programdata\SPL4F01.tmp
c:\programdata\SPL8BAB.tmp
c:\programdata\SPLA755.tmp
c:\programdata\SPLA75B.tmp
c:\programdata\SPLC89E.tmp
c:\programdata\SPLCD0E.tmp
c:\programdata\SPLEB57.tmp
c:\programdata\SPLEDAA.tmp
c:\users\User\11n.pdf
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\oobe\audit.exe
c:\windows\system32\oobe\msoobe.exe
c:\windows\system32\oobe\oobeldr.exe
c:\windows\system32\oobe\Setup.exe
c:\windows\system32\oobe\windeploy.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))
.
.
2012-03-03 19:09 . 2012-03-03 19:09 -------- d-----w- c:\users\personal\AppData\Local\temp
2012-03-03 19:09 . 2012-03-03 19:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-03 19:09 . 2012-03-03 19:09 -------- d-----w- c:\users\mannin\AppData\Local\temp
2012-03-03 19:09 . 2012-03-03 19:09 -------- d-----w- c:\users\group\AppData\Local\temp
2012-03-03 19:09 . 2012-03-03 19:09 -------- d-----w- c:\users\estates\AppData\Local\temp
2012-03-03 19:09 . 2012-03-03 19:09 -------- d-----w- c:\users\dollar\AppData\Local\temp
2012-03-03 19:09 . 2012-03-03 19:09 -------- d-----w- c:\users\consultancy\AppData\Local\temp
2012-03-03 18:36 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CAD81826-92B0-46A0-894D-CBA234AF1882}\mpengine.dll
2012-03-03 08:06 . 2011-07-18 18:34 0 ----a-w- c:\windows\system\SysRegC.dll
2012-03-02 16:39 . 2012-03-02 16:39 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2012-03-02 16:39 . 2012-03-02 16:39 -------- d-----w- c:\programdata\Malwarebytes
2012-03-02 12:11 . 2012-03-02 12:11 -------- d-----w- c:\programdata\Max Secure
2012-03-02 12:11 . 2011-07-18 18:34 151472 ----a-w- c:\windows\system32\GetHardDiskNo.dll
2012-03-02 12:11 . 2012-03-03 18:21 -------- d-----w- c:\program files\Max Registry Cleaner
2012-03-02 11:39 . 2012-03-02 11:56 -------- d-----w- c:\program files\Fix RegCleaner
2012-02-28 13:22 . 2012-02-28 13:22 -------- d-----w- c:\program files\Pure Networks
2012-02-28 13:17 . 2012-02-28 13:17 8892928 ----a-w- c:\programdata\atscie.msi
2012-02-28 13:16 . 2009-07-07 14:48 26672 ----a-w- c:\windows\system32\drivers\pnarp.sys
2012-02-28 13:15 . 2012-02-28 13:16 -------- dc----w- c:\windows\system32\DRVSTORE
2012-02-28 13:15 . 2009-07-07 14:48 27696 ----a-w- c:\windows\system32\drivers\purendis.sys
2012-02-28 13:14 . 2012-02-28 13:14 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2012-02-28 13:14 . 2012-02-28 13:25 -------- d-----w- c:\programdata\Pure Networks
2012-02-28 09:52 . 2012-02-28 09:54 -------- d-----w- c:\users\User\AppData\Roaming\Ahead
2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-02-25 09:02 . 2012-02-25 09:02 -------- d-----w- c:\programdata\Apple Computer
2012-02-15 07:09 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 07:09 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 07:09 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-10 09:55 . 2012-02-10 09:54 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EAB30799-6846-4A5F-BD52-AC0C2F90E658}\gapaengine.dll
2012-02-06 19:23 . 2012-02-06 19:23 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 09:52 . 2011-05-22 09:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-08 06:03 . 2010-12-05 02:25 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2009-11-11 18:22 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-12 17351304]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-04-16 192512]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 857648]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-06-19 195072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"RegTool"="c:\program files\Gemalto\Classic Client\BIN\RegTool.exe" [2009-06-18 885760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA&inst=NwA3AC0ANAAxADMAOQA3ADgAMgAyADMALQBCADMALQBUAEIAOQArADIALQBGAEwAKwA5AC0ARgA5AE0ANwBCACsANQA&prod=90&ver=9.0.872" [?]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Run POPFile.lnk - c:\program files\POPFile\runpopfile.exe [2009-7-16 71822]
wkcalrem.LNK - c:\program files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [2005-8-18 21504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2011-10-21 1643808]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-1-15 122880]
WP Link.lnk - c:\program files\PHRS\LibMan.exe [2010-7-1 250368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-03 15:45]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-03 15:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.manx.net/
uInternet Settings,ProxyOverride = hxxp://localhost;
Trusted Zone: barclayswealth.com\www
Trusted Zone: bacs.co.uk\paymentservices
Trusted Zone: barclays.com\ams
Trusted Zone: barclays.com\ibank1.bib
Trusted Zone: barclays.com\www.iceb
Trusted Zone: iplservices.voca.com
Trusted Zone: paymentservices.fpsdca.co.uk
Trusted Zone: tradeonlineservices.com\europe
TCP: DhcpNameServer = 192.168.0.1
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.hodder.co.uk/paintedcavesar/plugin/DFusionHomeWebPlugIn.Installer.exe
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-TaskTray - (no file)
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-03 19:10
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?????H?M???????M???I?ze w????????H???0???$???????d??????w?????????s w?s w??????M???M?Cb?v????4???F??u??M???????M?t?????A???M???????A?f?o`Cb?v|????????e@?H???????????0?A?jl?`??????A???@???M??|@???M???o`??@???M????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-03-03 19:13:37
ComboFix-quarantined-files.txt 2012-03-03 19:13
.
Pre-Run: 84,736,757,760 bytes free
Post-Run: 85,112,156,160 bytes free
.
- - End Of File - - D0F7AF4E9D85488781DF6A5184FAD6DA
Kind regards from Isle of Man and your efforts are REALLY appreciated.

Stuart McKenzie
 
Good news :)

To answer your question there is no perfect security program.
A lot depends on your computing habits and....bad guys will always figure some new ways to mess with your computer.

I can see two registry cleaners:
Max Registry Cleaner
Fix RegCleaner v1.0

Did you uninstall both?

=================================================================

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
File::
c:\windows\system\SysRegC.dll
c:\windows\system32\GetHardDiskNo.dll
c:\programdata\atscie.msi


Folder::
c:\programdata\Max Secure
c:\program files\Max Registry Cleaner
c:\program files\Fix RegCleaner


DDS::
uInternet Settings,ProxyOverride = hxxp://localhost;
Trusted Zone: barclayswealth.com\www
Trusted Zone: bacs.co.uk\paymentservices
Trusted Zone: barclays.com\ams
Trusted Zone: barclays.com\ibank1.bib
Trusted Zone: barclays.com\www.iceb
Trusted Zone: iplservices.voca.com
Trusted Zone: paymentservices.fpsdca.co.uk
Trusted Zone: tradeonlineservices.com\europe

Registry::

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
combofix 2nd run

please excuse the missing g's - there is a kb problem......


2nd run successful but note stage 5 took as lon to run as the other 45 stages combined

task manager still starting from ctrl alt del.

My concern for the security measures in place and why I would like to know which infection has been the cause of the problem is that this is my wife's computer and, at 73, she is unlikely to have been visitin porn sites even if she knew how! I have quizzed her over any funnies she miht have encountered in the past few weeks but apart from emails and skype the only IE work has been searching for 'loose covers' for the settee :)

Anyway here is the txt file:-

ComboFix 12-03-02.01 - User 03/03/2012 21:45:59.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1918.1026 [GMT 0:00]
Running from: c:\users\User\Downloads\ComboFix.exe
Command switches used :: c:\users\User\Downloads\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\atscie.msi"
"c:\windows\system\SysRegC.dll"
"c:\windows\system32\GetHardDiskNo.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Max Registry Cleaner
c:\program files\Max Registry Cleaner\Liveupdate\ServerVersion.txt
c:\program files\Max Registry Cleaner\Log\RCLiveupdateLog.txt
c:\program files\Max Registry Cleaner\Log\ScanLog.txt
c:\program files\Max Registry Cleaner\Log\VoucherLog.txt
c:\programdata\Max Secure
c:\programdata\Max Secure\Max Registry Cleaner\SYSRegC.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))
.
.
2012-03-03 22:21 . 2012-03-03 22:21 -------- d-----w- c:\users\personal\AppData\Local\temp
2012-03-03 22:21 . 2012-03-03 22:21 -------- d-----w- c:\users\mannin\AppData\Local\temp
2012-03-03 22:21 . 2012-03-03 22:21 -------- d-----w- c:\users\group\AppData\Local\temp
2012-03-03 22:21 . 2012-03-03 22:21 -------- d-----w- c:\users\estates\AppData\Local\temp
2012-03-03 22:21 . 2012-03-03 22:21 -------- d-----w- c:\users\dollar\AppData\Local\temp
2012-03-03 22:21 . 2012-03-03 22:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-03 22:21 . 2012-03-03 22:21 -------- d-----w- c:\users\consultancy\AppData\Local\temp
2012-03-03 19:21 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95635104-B1DD-41C9-B9AC-1CDFC1E07D5C}\mpengine.dll
2012-03-03 08:06 . 2011-07-18 18:34 0 ----a-w- c:\windows\system\SysRegC.dll
2012-03-02 16:39 . 2012-03-02 16:39 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2012-03-02 16:39 . 2012-03-02 16:39 -------- d-----w- c:\programdata\Malwarebytes
2012-03-02 12:11 . 2011-07-18 18:34 151472 ----a-w- c:\windows\system32\GetHardDiskNo.dll
2012-02-28 13:22 . 2012-02-28 13:22 -------- d-----w- c:\program files\Pure Networks
2012-02-28 13:17 . 2012-02-28 13:17 8892928 ----a-w- c:\programdata\atscie.msi
2012-02-28 13:16 . 2009-07-07 14:48 26672 ----a-w- c:\windows\system32\drivers\pnarp.sys
2012-02-28 13:15 . 2012-02-28 13:16 -------- dc----w- c:\windows\system32\DRVSTORE
2012-02-28 13:15 . 2009-07-07 14:48 27696 ----a-w- c:\windows\system32\drivers\purendis.sys
2012-02-28 13:14 . 2012-02-28 13:14 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2012-02-28 13:14 . 2012-02-28 13:25 -------- d-----w- c:\programdata\Pure Networks
2012-02-28 09:52 . 2012-02-28 09:54 -------- d-----w- c:\users\User\AppData\Roaming\Ahead
2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-02-25 09:02 . 2012-02-25 09:02 -------- d-----w- c:\programdata\Apple Computer
2012-02-15 07:09 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 07:09 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 07:09 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-10 09:55 . 2012-02-10 09:54 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EAB30799-6846-4A5F-BD52-AC0C2F90E658}\gapaengine.dll
2012-02-06 19:23 . 2012-02-06 19:23 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 09:52 . 2011-05-22 09:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-08 06:03 . 2010-12-05 02:25 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2009-11-11 18:22 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-12 17351304]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-04-16 192512]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 857648]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-06-19 195072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"RegTool"="c:\program files\Gemalto\Classic Client\BIN\RegTool.exe" [2009-06-18 885760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA&inst=NwA3AC0ANAAxADMAOQA3ADgAMgAyADMALQBCADMALQBUAEIAOQArADIALQBGAEwAKwA5AC0ARgA5AE0ANwBCACsANQA&prod=90&ver=9.0.872" [?]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Run POPFile.lnk - c:\program files\POPFile\runpopfile.exe [2009-7-16 71822]
wkcalrem.LNK - c:\program files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [2005-8-18 21504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2011-10-21 1643808]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-1-15 122880]
WP Link.lnk - c:\program files\PHRS\LibMan.exe [2010-7-1 250368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-03 15:45]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-03 15:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.manx.net/
Trusted Zone: iplservices.voca.com
TCP: DhcpNameServer = 192.168.0.1
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.hodder.co.uk/paintedcavesar/plugin/DFusionHomeWebPlugIn.Installer.exe
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-03 22:21
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-03-03 22:23:37
ComboFix-quarantined-files.txt 2012-03-03 22:23
ComboFix2.txt 2012-03-03 19:13
.
Pre-Run: 80,574,189,568 bytes free
Post-Run: 80,587,694,080 bytes free
.
- - End Of File - - 4AADFB0D89FEB37CFD3FB7732EF61EC1
Regards

stuart mckenzie
 
At the end of this topic I'll post some security hints.

Combofix log looks good.

Any current issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
running otl

otl took 32 mins to run output files below.

taskmgr starts ok

outstanding is some problem with network in that it appears half the network is chained to wifi connection with netgear router (even thouh wifi switched off on Medion) while rest includin internet is via ethernet. The online backup quickshadow backs up constantly to a nasduo on 192.168.0.199 and only connects via the second route (apparently). Weird ):

Output:
OTL logfile created on: 04/03/2012 09:51:49 - Run 1
OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\User\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 46.62% Memory free
3.98 Gb Paging File | 1.49 Gb Available in Paging File | 37.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 129.52 Gb Total Space | 75.40 Gb Free Space | 58.22% Space Free | Partition Type: NTFS
Drive D: | 19.53 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
Drive G: | 149.05 Gb Total Space | 59.05 Gb Free Space | 39.62% Space Free | Partition Type: NTFS

Computer Name: JSM-LATOP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/04 09:43:10 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2012/02/20 09:52:44 | 000,250,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe
PRC - [2012/01/30 08:18:24 | 004,136,584 | ---- | M] (QuicklyTech Pty Ltd) -- C:\Program Files\QuicklyTech\QuickShadow.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/20 13:22:54 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2011/03/02 15:20:58 | 000,224,256 | ---- | M] () -- C:\Program Files\GNU\GnuPG\dirmngr.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/12/14 14:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2009/12/10 10:16:10 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaRegistry.exe
PRC - [2009/08/16 21:33:26 | 000,106,582 | ---- | M] (The POPFile Project) -- C:\Program Files\POPFile\popfileib.exe
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/06/19 11:44:02 | 000,195,072 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2009/06/18 11:46:00 | 000,885,760 | ---- | M] () -- C:\Program Files\Gemalto\Classic Client\BIN\RegTool.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/26 14:45:34 | 000,069,632 | ---- | M] (Gemalto) -- C:\Program Files\Gemalto\Classic Client\BIN\GslShmSrvc.exe
PRC - [2009/02/06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007/04/16 22:24:10 | 000,192,512 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2007/02/15 18:52:16 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynMedion.exe
PRC - [2007/02/15 15:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/12/26 18:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe
PRC - [2006/11/18 03:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe
PRC - [2006/11/09 21:37:52 | 000,086,016 | ---- | M] () -- C:\Program Files\Launch Manager\WButton.exe
PRC - [2005/10/28 10:00:00 | 000,122,880 | ---- | M] (WinZip Computing LP) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2005/07/25 20:36:40 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe
PRC - [1998/09/04 12:11:50 | 000,250,368 | ---- | M] () -- C:\Program Files\PHRS\LibMan.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/08 13:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/04/27 02:30:48 | 000,061,192 | ---- | M] () -- C:\Program Files\QuicklyTech\QSVSSServer32C.dll
MOD - [2011/03/01 20:13:18 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/07/13 17:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 17:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2009/06/18 11:46:00 | 000,885,760 | ---- | M] () -- C:\Program Files\Gemalto\Classic Client\BIN\RegTool.exe
MOD - [2009/06/03 20:51:24 | 000,409,706 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\DBD\SQLite\SQLite.dll
MOD - [2009/06/03 20:51:24 | 000,094,298 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\DBI\DBI.dll
MOD - [2009/06/03 20:51:24 | 000,032,878 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\List\Util\Util.dll
MOD - [2009/05/24 08:26:14 | 000,020,587 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\Sys\Hostname\Hostname.dll
MOD - [2009/05/24 08:26:00 | 000,032,867 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\Socket\Socket.dll
MOD - [2009/05/24 08:25:26 | 000,077,921 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\POSIX\POSIX.dll
MOD - [2009/05/24 08:25:10 | 000,020,584 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\MIME\Base64\Base64.dll
MOD - [2009/05/24 08:24:56 | 000,024,667 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\IO\IO.dll
MOD - [2009/05/24 08:24:38 | 000,024,676 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\File\Glob\Glob.dll
MOD - [2009/05/24 08:24:32 | 000,024,673 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\Fcntl\Fcntl.dll
MOD - [2009/05/24 08:22:48 | 000,024,676 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\Digest\MD5\MD5.dll
MOD - [2009/05/24 08:22:16 | 000,020,573 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\Cwd\Cwd.dll
MOD - [2009/04/12 13:14:56 | 000,041,055 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\Win32\Win32.dll
MOD - [2006/11/09 21:37:52 | 000,086,016 | ---- | M] () -- C:\Program Files\Launch Manager\WButton.exe
MOD - [2005/07/25 20:36:40 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe
MOD - [1998/09/04 12:11:50 | 000,250,368 | ---- | M] () -- C:\Program Files\PHRS\LibMan.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/20 13:22:54 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2011/03/02 15:20:58 | 000,224,256 | ---- | M] () [Auto | Running] -- C:\Program Files\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2009/12/10 10:16:10 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/02/26 14:45:34 | 000,069,632 | ---- | M] (Gemalto) [Auto | Running] -- C:\Program Files\Gemalto\Classic Client\BIN\GslShmSrvc.exe -- (GslShmSrvc)
SRV - [2009/02/06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/18 03:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- -- (mailKmd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (GemPCExp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/04 09:52:05 | 000,156,928 | ---- | M] (NewTech Infosystems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NtiEnc.sys -- (NtiEnc)
DRV - [2009/12/10 10:15:58 | 000,822,272 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/08/10 12:07:32 | 000,089,600 | ---- | M] (Gemalto) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GemCCID.sys -- (GemCCID)
DRV - [2009/07/07 14:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/29 04:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/05/16 17:43:14 | 000,871,936 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athru6.sys -- (athrusb6)
DRV - [2007/02/08 01:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/01/13 08:40:00 | 004,452,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/01/09 09:22:28 | 000,006,144 | ---- | M] (Chic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/11/15 15:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 10:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 08:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/09/15 06:44:18 | 000,011,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2003/04/28 18:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-957390550-3172770688-424660018-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.manx.net/
IE - HKU\S-1-5-21-957390550-3172770688-424660018-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\..\SearchScopes,DefaultScope = {AB40B303-B74C-4256-91B6-2BA9F09E862A}
IE - HKU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\..\SearchScopes\{AB40B303-B74C-4256-91B6-2BA9F09E862A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-957390550-3172770688-424660018-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2012/03/03 22:21:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RegTool] C:\Program Files\Gemalto\Classic Client\BIN\RegTool.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Run POPFile.lnk = C:\Program Files\POPFile\runpopfile.exe (The POPFile Project)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-957390550-3172770688-424660018-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-957390550-3172770688-424660018-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O12 - Plugin for: .csd - C:\Program Files\Gemalto\eSigner\plugin\Npcsig.dll (Gemplus)
O15 - HKLM\..Trusted Domains: iplservices.voca.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} http://www.hodder.co.uk/paintedcavesar/plugin/DFusionHomeWebPlugIn.Installer.exe (CDFusionActiveXCtl Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C61D10ED-25E2-4D77-B092-B6662874A5EF}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F254966D-B4BC-43CF-BDFD-844E16CE01A1}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\Pictures\2010-12-07 europa up to cork\europa up to cork 080.JPG
O24 - Desktop BackupWallPaper: C:\Users\User\Pictures\2010-12-07 europa up to cork\europa up to cork 080.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: VIDC.IV32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.dll (Intel(R) Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\IYVU9_32.DLL ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/03 22:23:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/03 18:58:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/03 18:58:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/03 18:58:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/03 18:58:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/03 18:58:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/02 16:39:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012/03/02 16:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/02 12:11:18 | 000,151,472 | ---- | C] (MaxSecure Software) -- C:\Windows\System32\GetHardDiskNo.dll
[2012/02/28 13:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2012/02/28 13:15:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/02/28 13:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2012/02/28 13:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Pure Networks
[2012/02/28 09:52:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Ahead
[2012/02/25 09:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/02/25 09:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/02/20 10:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuicklyTech
[2012/02/06 19:20:27 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/04 09:21:07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/04 08:27:39 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/04 08:27:39 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/03 22:35:22 | 000,611,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/03 22:35:22 | 000,109,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/03 22:28:16 | 000,012,978 | ---- | M] () -- C:\Users\User\AppData\Roaming\nvModes.001
[2012/03/03 22:28:08 | 000,000,433 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/03/03 22:27:53 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
[2012/03/03 22:27:44 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/03 22:27:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/03 22:27:28 | 2011,873,280 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/03 22:21:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/03 18:36:11 | 000,000,796 | ---- | M] () -- C:\Users\User\Desktop\bootkitscreen.rtf
[2012/03/03 18:24:31 | 000,330,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/03 08:15:09 | 266,130,871 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/03 08:08:05 | 000,001,090 | ---- | M] () -- C:\Users\User\Desktop\crashdurinaswmbr.rtf
[2012/03/02 11:36:50 | 000,056,010 | ---- | M] () -- C:\Users\User\Documents\cc_20120302_113638.reg
[2012/03/02 11:35:42 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/28 13:22:51 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\Network Magic.lnk
[2012/02/28 13:17:50 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi
[2012/02/28 11:11:47 | 000,012,978 | ---- | M] () -- C:\Users\User\AppData\Roaming\nvModes.dat
[2012/02/20 10:02:55 | 000,001,722 | ---- | M] () -- C:\Users\User\Desktop\QuickShadow.lnk
[2012/02/16 12:27:41 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2012/02/15 16:01:37 | 000,013,824 | ---- | M] () -- C:\Users\User\Documents\BM Government paymentsUntitled Document.wps
[2012/02/15 16:01:37 | 000,002,916 | ---- | M] () -- C:\Users\User\AppData\Roaming\wklnhst.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/03 19:57:43 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
[2012/03/03 18:58:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/03 18:58:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/03 18:58:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/03 18:58:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/03 18:58:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/03 18:36:11 | 000,000,796 | ---- | C] () -- C:\Users\User\Desktop\bootkitscreen.rtf
[2012/03/03 08:26:18 | 2011,873,280 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/03 08:08:04 | 000,001,090 | ---- | C] () -- C:\Users\User\Desktop\crashdurinaswmbr.rtf
[2012/03/03 08:06:17 | 000,000,000 | ---- | C] () -- C:\Windows\System\SysRegC.dll
[2012/03/02 11:36:43 | 000,056,010 | ---- | C] () -- C:\Users\User\Documents\cc_20120302_113638.reg
[2012/02/28 13:22:51 | 000,001,944 | ---- | C] () -- C:\Users\Public\Desktop\Network Magic.lnk
[2012/02/28 13:22:50 | 000,001,938 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Magic.lnk
[2012/02/28 13:17:48 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2012/02/20 10:02:55 | 000,001,722 | ---- | C] () -- C:\Users\User\Desktop\QuickShadow.lnk
[2012/02/16 12:27:41 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2012/01/08 20:18:35 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{23190CC8-9C61-4A65-A413-33C0A71A1976}
[2012/01/08 07:16:43 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{A77BEDC7-E80F-40D0-A8CC-F219B755DCC9}
[2011/10/26 00:15:00 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{943AB5EE-FA02-4C7D-880D-963F63F09754}
[2011/10/21 11:48:26 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2011/07/17 09:25:32 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{44A04786-641A-44DF-97AB-0E9004F29A15}
[2011/07/16 22:00:00 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{983B0C05-EB79-45C1-967D-B721EAB3DD74}
[2011/06/04 22:00:00 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{21F41288-E3C4-4877-8271-8E20D38251D8}
[2011/05/30 10:11:00 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{D5F01DD9-E485-4E89-82AF-6B5BB04F3F2B}
[2011/05/29 15:55:00 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{B28857BB-429F-43F3-BB12-636BD3C48F67}
[2011/05/28 19:32:31 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{32BF1FAC-443E-4618-93DF-BE0B5B2D244C}
[2011/05/25 20:51:26 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{33149CAA-6E74-49FF-94A4-B9BC35E51810}
[2011/02/14 10:59:23 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/02/14 10:59:23 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/02/14 10:59:23 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/02/14 10:59:23 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/02/14 10:59:23 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/02/14 10:59:23 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/02/14 10:59:23 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/02/14 10:59:23 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/02/14 10:59:23 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/02/14 10:59:23 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011/02/14 10:59:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/02/14 10:59:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/02/14 10:59:23 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/02/14 10:59:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/02/14 10:59:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/02/14 10:59:23 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011/02/14 10:59:23 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011/02/14 10:59:23 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/02/14 10:59:23 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/01/14 17:28:22 | 000,021,504 | ---- | C] () -- C:\Windows\System32\WBCustomizer.dll
[2011/01/11 07:54:35 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2010/12/08 15:37:22 | 000,056,832 | ---- | C] () -- C:\Windows\System32\IYVU9_32.DLL
[2010/12/08 15:37:09 | 000,001,522 | ---- | C] () -- C:\Windows\AWA.INI
[2010/12/07 11:19:27 | 000,000,608 | -H-- | C] () -- C:\ProgramData\T2
[2010/12/07 11:19:27 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2010/03/30 17:53:12 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NINJA4.dll
[2010/03/30 17:52:32 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTSHDW4.dll

========== LOP Check ==========

[2011/09/11 19:28:31 | 000,000,000 | ---D | M] -- C:\Users\group\AppData\Roaming\FileZilla
[2011/04/24 13:15:48 | 000,000,000 | ---D | M] -- C:\Users\group\AppData\Roaming\Opera
[2011/02/17 16:03:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Claws-mail
[2010/12/30 14:43:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\demo
[2010/02/20 19:53:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dev-Cpp
[2012/02/22 12:12:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla
[2011/10/18 15:26:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gnupg
[2011/02/17 16:03:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
[2011/05/25 20:50:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Lexmark Productivity Studio
[2009/11/25 22:01:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2011/06/14 10:04:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Opera
[2012/03/04 04:28:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\POPFile
[2009/11/13 20:02:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Template
[2012/03/03 22:26:25 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/01/16 21:50:25 | 000,000,036 | RHS- | M] () -- C:\.uid_xxx
[2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 06:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/07/17 01:28:46 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/03/03 22:23:38 | 000,010,275 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/03/03 22:27:28 | 2011,873,280 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/22 13:07:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/08/12 15:09:31 | 000,000,256 | ---- | M] () -- C:\lxdx.log
[2010/02/22 13:07:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/03/03 22:27:27 | 2325,688,320 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/11/02 12:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 12:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 12:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/11/12 13:28:39 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 21:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/19 07:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 12:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/11/12 10:30:11 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2010/12/07 11:19:27 | 000,000,604 | -H-- | M] () -- C:\Program Files\STLL Notifier

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 10:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/07/15 08:46:43 | 000,000,221 | -HS- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/03/03 22:27:44 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/04 09:21:07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/03 22:27:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/03/03 22:26:25 | 000,032,626 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/10/18 17:41:31 | 000,000,402 | -HS- | M] () -- C:\Users\User\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012/02/28 13:17:50 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi
[2011/05/26 19:51:00 | 000,000,252 | ---- | M] () -- C:\ProgramData\FastPics.log
[2010/12/07 11:19:27 | 000,000,608 | -H-- | M] () -- C:\ProgramData\T2
[2011/05/26 13:14:27 | 000,000,000 | ---- | M] () -- C:\ProgramData\UpdaterLog.txt

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

< End of report >



regards
stuart mckenzie
 
extras

OTL Extras logfile created on: 04/03/2012 09:51:49 - Run 1
OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\User\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 46.62% Memory free
3.98 Gb Paging File | 1.49 Gb Available in Paging File | 37.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 129.52 Gb Total Space | 75.40 Gb Free Space | 58.22% Space Free | Partition Type: NTFS
Drive D: | 19.53 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
Drive G: | 149.05 Gb Total Space | 59.05 Gb Free Space | 39.62% Space Free | Partition Type: NTFS

Computer Name: JSM-LATOP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B438FF-3E9D-42C7-8323-CD13A5D95355}" = lport=137 | protocol=17 | dir=in | app=system |
"{07B6CCC5-39B5-408D-B0F2-5FE0E6A750AA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{16EA5DEE-131D-4D80-9990-1A3DF0DDA9A1}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{275FFFA5-2A3A-4F33-A5C2-B0A0F10B2225}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2E667C24-C124-47D8-8221-FE45AE7A61E8}" = rport=138 | protocol=17 | dir=out | app=system |
"{3BAC702A-07BA-4807-B253-CD3C2CD47114}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3F4F4E1E-F165-4EB3-9A7C-0B0C7A237113}" = lport=139 | protocol=6 | dir=in | app=system |
"{4C23AF53-A477-4B83-B943-D50BC6D5DF50}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{510A7C1C-0DBE-41E9-91BF-C068A6060BB6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{600B2801-F9BF-4411-BBBA-F3A227D92FE6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{60482A55-B6A2-4B04-9EAE-5F262C2E6056}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{609A9ABD-799B-4EAD-AC87-37F81C82EB50}" = lport=445 | protocol=6 | dir=in | app=system |
"{622DEC71-5007-43D1-9D3C-FEBE7C08918B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6C1C4C49-65BE-4CB8-AB1F-E8F17855FF6E}" = rport=2869 | protocol=6 | dir=out | app=system |
"{912F7132-D2EC-4132-9D6E-92CEEFDC7BB7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{92AD280B-ABDF-4578-8036-458976093AB9}" = rport=139 | protocol=6 | dir=out | app=system |
"{95FCA3C1-534A-4E65-BD66-C38BF2B2F2C0}" = rport=137 | protocol=17 | dir=out | app=system |
"{BB552E9A-B195-48FC-888F-2FFDE08D70CE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C835FE33-B3B6-4D44-AA31-6961DEB05817}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CC2BCE3E-6C6D-4D6D-9427-99C94F3D3B6A}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{CD75FDA0-F37C-492A-8E10-4BD36A454480}" = rport=445 | protocol=6 | dir=out | app=system |
"{D0687BAA-E13A-41C2-99A1-5A1C030F26E9}" = lport=138 | protocol=17 | dir=in | app=system |
"{D06B1473-9C5E-4434-93FF-D4412BA5AE3D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E1985C29-DC5A-4239-94F2-26F14EF7EA5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EE9F051A-DA25-4A0D-B846-029756B2FCAA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F4F3021D-0B01-40B0-A301-098FE6635C69}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F6374CFD-1B36-47EE-B842-B75DF92C092F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02797C8E-E54E-4B4A-880F-15D357F5E222}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{02CA260F-1647-4D02-895E-D10BA16C0043}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{081551D3-405E-4BC2-814B-8BBC925F9C9C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0BA25ED8-3FE7-49F0-B74E-4731475013B5}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{153AEBC0-F089-4CB0-84BC-2A7340BC36EB}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{1FAA4737-7B7E-4C84-A071-8E780475D29C}" = protocol=17 | dir=in | app=c:\program files\quicklytech\quickshadow.exe |
"{41B73224-9404-4D0A-B1F7-96E2869F3EF1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{42C2F00B-0055-42C9-BC77-E694E60131D5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{68BE87C8-13C6-4951-82FB-FC8273F66E2C}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{756AF856-DF04-409F-B90C-7222551C9DAB}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{7B2BFAB3-7D07-4F5F-BE93-60629D8A9A46}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7DB340A4-A8C7-43D2-9687-2E93B785243E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{82A9B509-BAB8-460C-B7E5-A6721AE7B060}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{8B8FC581-2B1C-4B23-A7CE-EC9E7FA1DF09}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A1E79FC4-292E-40A5-ABAE-E779F9FC893B}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{A332723C-82CC-447B-8C72-F104AA16E446}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{AEBC517C-0DBD-458B-AC36-7EB588703712}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{CC672E1D-4B0B-4CA8-820F-C1687355F76A}" = protocol=6 | dir=in | app=c:\program files\quicklytech\quickshadow.exe |
"{E842921F-7379-4476-A2C7-03279F536DC2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EEB35E55-7E5F-4E44-AD92-9E573EEB177E}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{EFE3352C-26CE-4B8B-B1F2-C4E7230F7969}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{699F73E3-CB36-4852-85FF-81E1863F7A4C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{6D7E2CC0-4AB4-4506-8A9C-3B0419A51332}C:\users\user\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\cprogram filesopera\operaupgrader.exe |
"TCP Query User{FC34815B-DA40-488E-81AE-CB44DB9E155C}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{FE58B7C2-6E17-47E6-BC7D-FC1D30549C8C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{10DEE4E7-8878-4879-8B2B-B6A442E0526A}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{3BA79967-2283-4696-A26E-165B197F4A55}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{8ACE9E91-0D5A-423A-AB38-4C1A4EFEFCC2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{B84C9FB4-3573-45FC-88FE-EED77B67E1BB}C:\users\user\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\cprogram filesopera\operaupgrader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}" = Sibelius 6
"{1EDFA38A-2FEB-4E62-82C9-DA415C0EEF33}" = IEEE 802.11g Wireless LAN driver
"{226837D8-0BF8-4CBE-BAB2-8F07E2C2B4DD}" = HP Deskjet 1050 J410 series Basic Device Software
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{312B0A22-CF24-11D3-AB8B-00C04FCF5090}" = Turnpike Six
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = SuyinCam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78D295FC-9373-400D-A304-4C0985BE3A09}" = NZMapConv
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{997698d0-7007-11db-9fe1-0800200c9a66}}_is1" = Dynamic Report Decoder 1.04.00.02
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A05997D5-C080-49E3-93E6-ADE04B272B4F}" = eSigner 3x
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.0
"{D7D8623B-00E8-496C-BAAF-822FBE33A46B}" = Classic Client 5.2 Patch1
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F627582C-B411-47EE-A8F8-0D14A91B2303}" = IEEE 802.11a-b-g Wireless LAN Utility
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Britannica CD 2000" = Britannica CD 2000
"CCleaner" = CCleaner
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Crossword Maestro" = Crossword Maestro
"Defraggler" = Defraggler
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In
"FileZilla Client" = FileZilla Client 3.5.3
"GPG4Win" = Gpg4win (2.1.0)
"Hardware Helper_is1" = Hardware Helper
"HP Photo Creations" = HP Photo Creations
"Legacy 7.5" = Legacy 7.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Network MagicUninstall" = Network Magic
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.51.1087" = Opera 11.51
"Penguin Hutchinson Reference Suite" = Penguin Hutchinson Reference Suite
"QuicklyTech_QuickShadow_is1" = QuickShadow 2.4.0.0
"Sibelius 6_is1" = Sibelius 6.2.0.88
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinZip" = WinZip

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-957390550-3172770688-424660018-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = WebEx
"POPFile" = POPFile 1.1.1
"POPFile_Data" = POPFile Data (User)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/03/2012 05:41:06 | Computer Name = jsm-latop | Source = VSS | ID = 12289
Description =

Error - 04/03/2012 05:41:06 | Computer Name = jsm-latop | Source = VSS | ID = 12289
Description =

Error - 04/03/2012 05:41:41 | Computer Name = jsm-latop | Source = VSS | ID = 12289
Description =

Error - 04/03/2012 05:41:42 | Computer Name = jsm-latop | Source = VSS | ID = 12289
Description =

Error - 04/03/2012 05:58:04 | Computer Name = jsm-latop | Source = VSS | ID = 12289
Description =

Error - 04/03/2012 05:58:04 | Computer Name = jsm-latop | Source = VSS | ID = 12289
Description =

Error - 04/03/2012 05:58:04 | Computer Name = jsm-latop | Source = VSS | ID = 12289
Description =

Error - 04/03/2012 05:58:04 | Computer Name = jsm-latop | Source = VSS | ID = 12289
Description =

Error - 04/03/2012 05:58:34 | Computer Name = jsm-latop | Source = VSS | ID = 12289
Description =

Error - 04/03/2012 05:58:43 | Computer Name = jsm-latop | Source = VSS | ID = 12289
Description =

[ System Events ]
Error - 03/03/2012 18:40:12 | Computer Name = jsm-latop | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 03/03/2012 19:02:19 | Computer Name = jsm-latop | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 03/03/2012 20:25:28 | Computer Name = jsm-latop | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 03/03/2012 20:59:42 | Computer Name = jsm-latop | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 03/03/2012 22:22:25 | Computer Name = jsm-latop | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 03/03/2012 23:20:53 | Computer Name = jsm-latop | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 04/03/2012 00:43:35 | Computer Name = jsm-latop | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 04/03/2012 02:42:39 | Computer Name = jsm-latop | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 04/03/2012 03:41:07 | Computer Name = jsm-latop | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 04/03/2012 04:03:14 | Computer Name = jsm-latop | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    O15 - HKLM\..Trusted Domains: iplservices.voca.com ([]https in Trusted sites)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

==================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

==================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
overnight bsod

Not such good news this morning. 0500 woke up to find BSOD with D1 stop and pointer to athrusb.sys which I think is the Atheros built in wifi driver by Medion. On restart there is a constant attempt by O/S to install some driver for unidentified device which fails. Round and round.
Nevertheless I will continue with latest instructions in the hope that it is mended within the fixes.
 
final scans

All scans run as instructed, output files follow. O/S continued to try and install a driver to an unidentified unplued device until about 10 minutes before eset completed.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\iplservices.voca.com\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File oft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: consultancy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: dollar
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: estates
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: group
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 1171080 bytes

User: mannin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4581104 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 57064 bytes

User: personal
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Public
->Temp folder emptied: 0 bytes

User: User
->Temp folder emptied: 5708961 bytes
->Temporary Internet Files folder emptied: 266915547 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 3390630 bytes
->Flash cache emptied: 1548 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22687 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 269.00 mb


[EMPTYJAVA]

User: All Users

User: consultancy
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: dollar
->Java cache emptied: 0 bytes

User: estates
->Java cache emptied: 0 bytes

User: group
->Java cache emptied: 0 bytes

User: mannin
->Java cache emptied: 0 bytes

User: personal
->Java cache emptied: 0 bytes

User: Public

User: User
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: consultancy
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: dollar
->Flash cache emptied: 0 bytes

User: estates
->Flash cache emptied: 0 bytes

User: group

User: mannin
->Flash cache emptied: 0 bytes

User: personal
->Flash cache emptied: 0 bytes

User: Public

User: User
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.35.0 log created on 03052012_101612

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PLZ8WA00\ads[11].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KVI9T78S\bizo_multi[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4C5HGKSP\918[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4C5HGKSP\partner[3].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4C5HGKSP\partner[4].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3QHQGHXA\partner[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\WebEx\Log\35\atashost.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...


java updated and old files deleted

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Microsoft Security Essentials
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Java(TM) 6 Update 31
Adobe Flash Player ( 9.0.45.0) Flash Player Out of Date!
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Gemalto Classic Client BIN GslShmSrvc.exe
Microsoft Security Client Antimalware NisSrv.exe
Gemalto Classic Client BIN RegTool.exe
``````````End of Log````````````


Farbar Service Scanner Version: 01-03-2012
Ran by User (administrator) on 05-03-2012 at 10:43:20
Running from "C:\Users\User\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-15 11:31] - [2011-09-20 21:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

TFC ran OK no log

eset ran for 2hrs 10 mins, 172466 files no threats found so no log.

Phew..................
regards


stuart mckenzie
 
0500 woke up to find BSOD with D1 stop and pointer to athrusb.sys which I think is the Atheros built in wifi driver by Medion. On restart there is a constant attempt by O/S to install some driver for unidentified device which fails.

1. Download BlueScreenView
No installation required.
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

2. Please download MiniToolBox and run it.

Checkmark following boxes:
  • List Devices (do NOT change any settings)
Click Go and post the result.
 
I asked:
List Devices (do NOT change any settings), so only troubled devices are shown.
Please redo.
 
re run of toolbox list devices

That is exactly what I did. Download and click list devices leavin optins unicked. I have redone and lo is exactly same as I sent o you previous post. I confirm that only radio button shwin was that for troubled devices. Herewith:-

MiniToolBox by Farbar Version: 18-01-2012
Ran by User (administrator) on 06-03-2012 at 08:48:29
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Devices: ================================


**** End of log ****
Regards
jsm
 
I still need BlueScreenView log.

Also, do you have any errors listed in Device Manager?
 
Filename : athrusb.sys
Address In Stack : athrusb.sys+5f99f
From Address : 0x8c2bf000
To Address : 0x8c3a0000
Size : 0x000e1000
Time Stamp : 0x488f10de
Time String : 29/07/2008 12:45:18
Product Name : Driver for Atheros Wireless USB Network Adapter
File Description : Atheros Extensible Wireless LAN device driver
File Version : 2.2.0.27 built by: WinDDK
Company : Atheros Communications, Inc.
Full Path : C:\Windows\system32\drivers\athrusb.sys
==================================================

==================================================
Filename : ndis.sys
Address In Stack : ndis.sys+3743
From Address : 0x82679000
To Address : 0x82784000
Size : 0x0010b000
Time Stamp : 0x49e02080
Time String : 11/04/2009 04:45:52
Product Name : Microsoft® Windows® Operating System
File Description : NDIS 6.0 wrapper driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ndis.sys
==================================================

==================================================
Filename : ntkrnlpa.exe
Address In Stack : ntkrnlpa.exe+fe39bbf4
From Address : 0x82051000
To Address : 0x8240b000
Size : 0x003ba000
Time Stamp : 0x4ea6b87e
Time String : 25/10/2011 13:24:14
Product Name : Microsoft® Windows® Operating System
File Description : NT Kernel & System
File Version : 6.0.6002.18533 (vistasp2_gdr.111025-0338)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\ntkrnlpa.exe
==================================================

==================================================
Filename : nwifi.sys
Address In Stack : nwifi.sys+5035
From Address : 0x9d6c4000
To Address : 0x9d6ee000
Size : 0x0002a000
Time Stamp : 0x49e01fef
Time String : 11/04/2009 04:43:27
Product Name : Microsoft® Windows® Operating System
File Description : NativeWiFi Miniport Driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\nwifi.sys
==================================================

==================================================
Filename : USBPORT.SYS
Address In Stack : USBPORT.SYS+f4ce8c64
From Address : 0x8b704000
To Address : 0x8b742000
Size : 0x0003e000
Time Stamp : 0x49e01fcf
Time String : 11/04/2009 04:42:55
Product Name : Microsoft® Windows® Operating System
File Description : USB 1.1 & 2.0 Port Driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\USBPORT.SYS
==================================================

==================================================
Filename : Wdf01000.sys
Address In Stack : Wdf01000.sys+ffe9cba4
From Address : 0x80550000
To Address : 0x805cc000
Size : 0x0007c000
Time Stamp : 0x47919015
Time String : 19/01/2008 05:52:21
Product Name : Microsoft® Windows® Operating System
File Description : WDF Dynamic
File Version : 1.7.6001.0 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Wdf01000.sys
==================================================

==================================================
Filename : hal.dll
Address In Stack :
From Address : 0x8201e000
To Address : 0x82051000
Size : 0x00033000
Time Stamp : 0x49e018d9
Time String : 11/04/2009 04:13:13
Product Name : Microsoft® Windows® Operating System
File Description : Hardware Abstraction Layer DLL
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\hal.dll
==================================================

==================================================
Filename : kdcom.dll
Address In Stack :
From Address : 0x8040f000
To Address : 0x80416000
Size : 0x00007000
Time Stamp : 0x49e037d9
Time String : 11/04/2009 06:25:29
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Debugger HW Extension DLL
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\kdcom.dll
==================================================

==================================================
Filename : PSHED.dll
Address In Stack :
From Address : 0x80416000
To Address : 0x80427000
Size : 0x00011000
Time Stamp : 0x49e037dc
Time String : 11/04/2009 06:25:32
Product Name : Microsoft® Windows® Operating System
File Description : Platform Specific Hardware Error Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\PSHED.dll
==================================================

==================================================
Filename : BOOTVID.dll
Address In Stack :
From Address : 0x80427000
To Address : 0x8042f000
Size : 0x00008000
Time Stamp : 0x4791a653
Time String : 19/01/2008 07:27:15
Product Name : Microsoft® Windows® Operating System
File Description : VGA Boot Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\BOOTVID.dll
==================================================

==================================================
Filename : CLFS.SYS
Address In Stack :
From Address : 0x8042f000
To Address : 0x80470000
Size : 0x00041000
Time Stamp : 0x49e018ff
Time String : 11/04/2009 04:13:51
Product Name : Microsoft® Windows® Operating System
File Description : Common Log File System Driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\CLFS.SYS
==================================================

==================================================
Filename : CI.dll
Address In Stack :
From Address : 0x80470000
To Address : 0x80550000
Size : 0x000e0000
Time Stamp : 0x49e037d2
Time String : 11/04/2009 06:25:22
Product Name : Microsoft® Windows® Operating System
File Description : Code Integrity Module
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\CI.dll
==================================================

==================================================
Filename : WDFLDR.SYS
Address In Stack :
From Address : 0x805cc000
To Address : 0x805d9000
Size : 0x0000d000
Time Stamp : 0x47919013
Time String : 19/01/2008 05:52:19
Product Name : Microsoft® Windows® Operating System
File Description : WDFLDR
File Version : 1.7.6001.0 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\WDFLDR.SYS
==================================================

==================================================
Filename : acpi.sys
Address In Stack :
From Address : 0x8060d000
To Address : 0x80653000
Size : 0x00046000
Time Stamp : 0x49e01a37
Time String : 11/04/2009 04:19:03
Product Name : Microsoft® Windows® Operating System
File Description : ACPI Driver for NT
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\acpi.sys
==================================================

==================================================
Filename : WMILIB.SYS
Address In Stack :
From Address : 0x80653000
To Address : 0x8065c000
Size : 0x00009000
Time Stamp : 0x47919044
Time String : 19/01/2008 05:53:08
Product Name : Microsoft® Windows® Operating System
File Description : WMILIB WMI support library Dll
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\WMILIB.SYS
==================================================

==================================================
Filename : msisadrv.sys
Address In Stack :
From Address : 0x8065c000
To Address : 0x80664000
Size : 0x00008000
Time Stamp : 0x47918b83
Time String : 19/01/2008 05:32:51
Product Name : Microsoft® Windows® Operating System
File Description : ISA Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\msisadrv.sys
==================================================

==================================================
Filename : pci.sys
Address In Stack :
From Address : 0x80664000
To Address : 0x8068b000
Size : 0x00027000
Time Stamp : 0x49e01a44
Time String : 11/04/2009 04:19:16
Product Name : Microsoft® Windows® Operating System
File Description : NT Plug and Play PCI Enumerator
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\pci.sys
==================================================

==================================================
Filename : partmgr.sys
Address In Stack :
From Address : 0x8068b000
To Address : 0x8069a000
Size : 0x0000f000
Time Stamp : 0x49e01ef7
Time String : 11/04/2009 04:39:19
Product Name : Microsoft® Windows® Operating System
File Description : Partition Management Driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\partmgr.sys
==================================================

==================================================
Filename : compbatt.sys
Address In Stack :
From Address : 0x8069a000
To Address : 0x8069c900
Size : 0x00002900
Time Stamp : 0x47918b7f
Time String : 19/01/2008 05:32:47
Product Name : Microsoft® Windows® Operating System
File Description : Composite Battery Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\compbatt.sys
==================================================

==================================================
Filename : BATTC.SYS
Address In Stack :
From Address : 0x8069d000
To Address : 0x806a7000
Size : 0x0000a000
Time Stamp : 0x47918b7d
Time String : 19/01/2008 05:32:45
Product Name : Microsoft® Windows® Operating System
File Description : Battery Class Driver
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\BATTC.SYS
==================================================

==================================================
Filename : volmgr.sys
Address In Stack :
From Address : 0x806a7000
To Address : 0x806b6000
Size : 0x0000f000
Time Stamp : 0x47918f7f
Time String : 19/01/2008 05:49:51
Product Name : Microsoft® Windows® Operating System
File Description : Volume Manager Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\volmgr.sys
==================================================

==================================================
Filename : volmgrx.sys
Address In Stack :
From Address : 0x806b6000
To Address : 0x80700000
Size : 0x0004a000
Time Stamp : 0x49e01efd
Time String : 11/04/2009 04:39:25
Product Name : Microsoft® Windows® Operating System
File Description : Volume Manager Extension Driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\volmgrx.sys
==================================================

==================================================
Filename : pciide.sys
Address In Stack :
From Address : 0x80700000
To Address : 0x80707000
Size : 0x00007000
Time Stamp : 0x49e01eee
Time String : 11/04/2009 04:39:10
Product Name : Microsoft® Windows® Operating System
File Description : Generic PCI IDE Bus Driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\pciide.sys
==================================================

==================================================
Filename : PCIIDEX.SYS
Address In Stack :
From Address : 0x80707000
To Address : 0x80715000
Size : 0x0000e000
Time Stamp : 0x49e01eed
Time String : 11/04/2009 04:39:09
Product Name : Microsoft® Windows® Operating System
File Description : PCI IDE Bus Driver Extension
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\PCIIDEX.SYS
==================================================

==================================================
Filename : mountmgr.sys
Address In Stack :
From Address : 0x80715000
To Address : 0x80725000
Size : 0x00010000
Time Stamp : 0x47918f59
Time String : 19/01/2008 05:49:13
Product Name : Microsoft® Windows® Operating System
File Description : Mount Point Manager
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mountmgr.sys
==================================================

==================================================
Filename : atapi.sys
Address In Stack :
From Address : 0x80725000
To Address : 0x8072d000
Size : 0x00008000
Time Stamp : 0x49e01eed
Time String : 11/04/2009 04:39:09
Product Name : Microsoft® Windows® Operating System
File Description : ATAPI IDE Miniport Driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\atapi.sys
==================================================

==================================================
Filename : ataport.SYS
Address In Stack :
From Address : 0x8072d000
To Address : 0x8074b000
Size : 0x0001e000
Time Stamp : 0x49e01eee
Time String : 11/04/2009 04:39:10
Product Name : Microsoft® Windows® Operating System
File Description : ATAPI Driver Extension
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ataport.SYS
==================================================

==================================================
Filename : nvstor.sys
Address In Stack :
From Address : 0x8074b000
To Address : 0x80758000
Size : 0x0000d000
Time Stamp : 0x458d543d
Time String : 23/12/2006 16:07:25
Product Name : NVIDIA nForce(TM) SATA Driver
File Description : NVIDIA® nForce(TM) Sata Performance Driver
File Version : 5.10.2600.0824 built by: WinDDK
Company : NVIDIA Corporation
Full Path : C:\Windows\system32\drivers\nvstor.sys
==================================================

==================================================
Filename : storport.sys
Address In Stack :
From Address : 0x80758000
To Address : 0x80799000
Size : 0x00041000
Time Stamp : 0x49e01ef7
Time String : 11/04/2009 04:39:19
Product Name : Microsoft® Windows® Operating System
File Description : Microsoft Storage Port Driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\storport.sys
==================================================

==================================================
Filename : nvstor32.sys
Address In Stack :
From Address : 0x80799000
To Address : 0x807b6000
Size : 0x0001d000
Time Stamp : 0x46bb58d8
Time String : 09/08/2007 18:11:36
Product Name : NVIDIA nForce(TM) SATA Driver
File Description : NVIDIA® nForce(TM) Sata Performance Driver
File Version : 5.10.2600.0998 built by: WinDDK
Company : NVIDIA Corporation
Full Path : C:\Windows\system32\drivers\nvstor32.sys
==================================================

==================================================
Filename : fltmgr.sys
Address In Stack :
From Address : 0x807b6000
To Address : 0x807e8000
Size : 0x00032000
Time Stamp : 0x49e01907
Time String : 11/04/2009 04:13:59
Product Name : Microsoft® Windows® Operating System
File Description : Microsoft Filesystem Filter Manager
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\fltmgr.sys
==================================================

==================================================
Filename : fileinfo.sys
Address In Stack :
From Address : 0x807e8000
To Address : 0x807f8000
Size : 0x00010000
Time Stamp : 0x47918be3
Time String : 19/01/2008 05:34:27
Product Name : Microsoft® Windows® Operating System
File Description : FileInfo Filter Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\fileinfo.sys
==================================================

==================================================
Filename : ksecdd.sys
Address In Stack :
From Address : 0x82607000
To Address : 0x82679000
Size : 0x00072000
Time Stamp : 0x4ec3c4cc
Time String : 16/11/2011 14:12:28
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Security Support Provider Interface
File Version : 6.0.6002.18541 (vistasp2_gdr.111116-0305)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ksecdd.sys
==================================================

==================================================
Filename : msrpc.sys
Address In Stack :
From Address : 0x82784000
To Address : 0x827af000
Size : 0x0002b000
Time Stamp : 0x00000000
Time String :
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Remote Procedure Call Provider
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\msrpc.sys
==================================================

==================================================
Filename : NETIO.SYS
Address In Stack :
From Address : 0x827af000
To Address : 0x827ea000
Size : 0x0003b000
Time Stamp : 0x4bb9fe78
Time String : 05/04/2010 15:15:04
Product Name : Microsoft® Windows® Operating System
File Description : Network I/O Subsystem
File Version : 6.0.6002.22377 (vistasp2_ldr.100405-0403)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\NETIO.SYS
==================================================

==================================================
Filename : tcpip.sys
Address In Stack :
From Address : 0x82c0f000
To Address : 0x82cfc000
Size : 0x000ed000
Time Stamp : 0x4e78992c
Time String : 20/09/2011 13:46:20
Product Name : Microsoft® Windows® Operating System
File Description : TCP/IP Driver
File Version : 6.0.6002.22719 (vistasp2_ldr.110920-0346)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\tcpip.sys
==================================================

==================================================
Filename : fwpkclnt.sys
Address In Stack :
From Address : 0x82cfc000
To Address : 0x82d17000
Size : 0x0001b000
Time Stamp : 0x49e02076
Time String : 11/04/2009 04:45:42
Product Name : Microsoft® Windows® Operating System
File Description : FWP/IPsec Kernel-Mode API
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\fwpkclnt.sys
==================================================

==================================================
Filename : Ntfs.sys
Address In Stack :
From Address : 0x82e00000
To Address : 0x82f10000
Size : 0x00110000
Time Stamp : 0x49e0192a
Time String : 11/04/2009 04:14:34
Product Name : Microsoft® Windows® Operating System
File Description : NT File System Driver
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Ntfs.sys
==================================================

==================================================
Filename : volsnap.sys
Address In Stack :
From Address : 0x82f10000
To Address : 0x82f49000
Size : 0x00039000
Time Stamp : 0x49e01f09
Time String : 11/04/2009 04:39:37
Product Name : Microsoft® Windows® Operating System
File Description : Volume Shadow Copy Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\volsnap.sys
==================================================

==================================================
Filename : uagp35.sys
Address In Stack :
From Address : 0x82f49000
To Address : 0x82f5a000
Size : 0x00011000
Time Stamp : 0x4549adbb
Time String : 02/11/2006 08:35:07
Product Name : Microsoft® Windows® Operating System
File Description : MS AGPv3.5 Filter
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\uagp35.sys
==================================================

==================================================
Filename : spldr.sys
Address In Stack :
From Address : 0x82f5a000
To Address : 0x82f62000
Size : 0x00008000
Time Stamp : 0x467b17dd
Time String : 22/06/2007 00:29:17
Product Name : Microsoft® Windows® Operating System
File Description : loader for security processor
File Version : 6.0.6001.16606 (lh_security(sepbld-s).070621-1657)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\spldr.sys
==================================================

==================================================
Filename : mup.sys
Address In Stack :
From Address : 0x82f62000
To Address : 0x82f71000
Size : 0x0000f000
Time Stamp : 0x49e01914
Time String : 11/04/2009 04:14:12
Product Name : Microsoft® Windows® Operating System
File Description : Multiple UNC Provider driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mup.sys
==================================================

==================================================
Filename : ecache.sys
Address In Stack :
From Address : 0x82f71000
To Address : 0x82f98000
Size : 0x00027000
Time Stamp : 0x49e01f2c
Time String : 11/04/2009 04:40:12
Product Name : Microsoft® Windows® Operating System
File Description : Special Memory Device Cache
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ecache.sys
==================================================

==================================================
Filename : disk.sys
Address In Stack :
From Address : 0x82f98000
To Address : 0x82fa9000
Size : 0x00011000
Time Stamp : 0x49e01ef2
Time String : 11/04/2009 04:39:14
Product Name : Microsoft® Windows® Operating System
File Description : PnP Disk Driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\disk.sys
==================================================

==================================================
Filename : CLASSPNP.SYS
Address In Stack :
From Address : 0x82fa9000
To Address : 0x82fca000
Size : 0x00021000
Time Stamp : 0x49e01ee9
Time String : 11/04/2009 04:39:05
Product Name : Microsoft® Windows® Operating System
File Description : SCSI Class System Dll
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\CLASSPNP.SYS
==================================================

==================================================
Filename : crcdisk.sys
Address In Stack :
From Address : 0x82fca000
To Address : 0x82fd3000
Size : 0x00009000
Time Stamp : 0x4549b1cb
Time String : 02/11/2006 08:52:27
Product Name : Microsoft® Windows® Operating System
File Description : Disk Block Verification Filter Driver
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\crcdisk.sys
==================================================

==================================================
Filename : tunnel.sys
Address In Stack :
From Address : 0x82fea000
To Address : 0x82ff5000
Size : 0x0000b000
Time Stamp : 0x4b7d244d
Time String : 18/02/2010 11:28:13
Product Name : Microsoft® Windows® Operating System
File Description : Microsoft Tunnel Interface Driver
File Version : 6.0.6002.18209 (vistasp2_gdr.100218-0019)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\tunnel.sys
==================================================

==================================================
Filename : tunmp.sys
Address In Stack :
From Address : 0x82ff5000
To Address : 0x82ffe000
Size : 0x00009000
Time Stamp : 0x479190dc
Time String : 19/01/2008 05:55:40
Product Name : Microsoft® Windows® Operating System
File Description : Microsoft Tunnel Interface Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\tunmp.sys
==================================================

==================================================
Filename : amdk8.sys
Address In Stack :
From Address : 0x82d34000
To Address : 0x82d44000
Size : 0x00010000
Time Stamp : 0x47918a38
Time String : 19/01/2008 05:27:20
Product Name : Microsoft® Windows® Operating System
File Description : Processor Device Driver
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\amdk8.sys
==================================================

==================================================
Filename : wmiacpi.sys
Address In Stack :
From Address : 0x82d44000
To Address : 0x82d4d000
Size : 0x00009000
Time Stamp : 0x47918b7f
Time String : 19/01/2008 05:32:47
Product Name : Microsoft® Windows® Operating System
File Description : Windows Management Interface for ACPI
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\wmiacpi.sys
==================================================

==================================================
Filename : nvlddmkm.sys
Address In Stack :
From Address : 0x8b20c000
To Address : 0x8b64afc0
Size : 0x0043efc0
Time Stamp : 0x45a91e5d
Time String : 13/01/2007 18:01:01
Product Name : NVIDIA Compatible Windows 2000 Miniport Driver, Version 97.59
File Description : NVIDIA Compatible Windows 2000 Miniport Driver, Version 97.59
File Version : 7.15.10.9759
Company : NVIDIA Corporation
Full Path : C:\Windows\system32\drivers\nvlddmkm.sys
==================================================

==================================================
Filename : dxgkrnl.sys
Address In Stack :
From Address : 0x8b64b000
To Address : 0x8b6eb000
Size : 0x000a0000
Time Stamp : 0x4d383dc1
Time String : 20/01/2011 13:50:57
Product Name : Microsoft® Windows® Operating System
File Description : DirectX Graphics Kernel
File Version : 7.0.6002.18107 (vistasp2_gdr_win7ip_dgt(wmbla).090924-1550)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\dxgkrnl.sys
==================================================

==================================================
Filename : watchdog.sys
Address In Stack :
From Address : 0x8b6eb000
To Address : 0x8b6f7000
Size : 0x0000c000
Time Stamp : 0x49e01b13
Time String : 11/04/2009 04:22:43
Product Name : Microsoft® Windows® Operating System
File Description : Watchdog Driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\watchdog.sys
==================================================

==================================================
Filename : nvsmu.sys
Address In Stack :
From Address : 0x8b6f7000
To Address : 0x8b6f9d00
Size : 0x00002d00
Time Stamp : 0x450aca51
Time String : 15/09/2006 15:44:17
Product Name : NVIDIA nForce(TM) PCA Driver
File Description : NVIDIA® nForce(TM) SMU Microcontroller Driver
File Version : 5.10.2600.0121 built by: WinDDK
Company : NVIDIA Corporation
Full Path : C:\Windows\system32\drivers\nvsmu.sys
==================================================

==================================================
Filename : usbohci.sys
Address In Stack :
From Address : 0x8b6fa000
To Address : 0x8b704000
Size : 0x0000a000
Time Stamp : 0x49e01fcc
Time String : 11/04/2009 04:42:52
Product Name : Microsoft® Windows® Operating System
File Description : OHCI USB Miniport Driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\usbohci.sys
==================================================

==================================================
Filename : usbehci.sys
Address In Stack :
From Address : 0x8b742000
To Address : 0x8b751000
Size : 0x0000f000
Time Stamp : 0x49e01fcc
Time String : 11/04/2009 04:42:52
Product Name : Microsoft® Windows® Operating System
File Description : EHCI eUSB Miniport Driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\usbehci.sys
==================================================

==================================================
Filename : Afc.sys
Address In Stack :
From Address : 0x8b751000
To Address : 0x8b759000
Size : 0x00008000
Time Stamp : 0x421c29af
Time String : 23/02/2005 06:58:55
Product Name : Arcsoft(R) ASPI Shell
File Description : Arcsoft(R) ASPI Shell
File Version : 1, 0, 0, 2
Company : Arcsoft, Inc.
Full Path : C:\Windows\system32\drivers\Afc.sys
==================================================

==================================================
Filename : cdrom.sys
Address In Stack :
From Address : 0x8b759000
To Address : 0x8b771000
Size : 0x00018000
Time Stamp : 0x49e01ef5
Time String : 11/04/2009 04:39:17
Product Name : Microsoft® Windows® Operating System
File Description : SCSI CD-ROM Driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\cdrom.sys
==================================================

==================================================
Filename : ohci1394.sys
Address In Stack :
From Address : 0x8b771000
To Address : 0x8b780300
Size : 0x0000f300
Time Stamp : 0x49e01fd8
Time String : 11/04/2009 04:43:04
Product Name : Microsoft® Windows® Operating System
File Description : 1394 OpenHCI Port Driver
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ohci1394.sys
==================================================

==================================================
Filename : 1394BUS.SYS
Address In Stack :
From Address : 0x8b781000
To Address : 0x8b78e080
Size : 0x0000d080
Time Stamp : 0x47919057
Time String : 19/01/2008 05:53:27
Product Name : Microsoft® Windows® Operating System
File Description : 1394 Bus Device Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\1394BUS.SYS
==================================================

==================================================
Filename : sdbus.sys
Address In Stack :
From Address : 0x8b78f000
To Address : 0x8b7a9000
Size : 0x0001a000
Time Stamp : 0x49e01a42
Time String : 11/04/2009 04:19:14
Product Name : Microsoft® Windows® Operating System
File Description : SecureDigital Bus Driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\sdbus.sys
==================================================

==================================================
Filename : rimmptsk.sys
Address In Stack :
From Address : 0x8b7a9000
To Address : 0x8b7b7000
Size : 0x0000e000
Time Stamp : 0x455accd7
Time String : 15/11/2006 08:16:23
Product Name : RICOH MMC Driver
File Description : RICOH MMC Driver
File Version : 6.0.1.4
Company : REDC
Full Path : C:\Windows\system32\drivers\rimmptsk.sys
==================================================

==================================================
Filename : rimsptsk.sys
Address In Stack :
From Address : 0x8b7b7000
To Address : 0x8b7cb000
Size : 0x00014000
Time Stamp : 0x455a8cb5
Time String : 15/11/2006 03:42:45
Product Name : Ricoh Memorystick Controller
File Description : RICOH MS Driver
File Version : 6.00.01.04
Company : REDC
Full Path : C:\Windows\system32\drivers\rimsptsk.sys
==================================================

==================================================
Filename : rixdptsk.sys
Address In Stack :
From Address : 0x82d4d000
To Address : 0x82d9e000
Size : 0x00051000
Time Stamp : 0x455a6ed7
Time String : 15/11/2006 01:35:19
Product Name : R5C852 Ricoh xD Controller
File Description : RICOH XD SM Driver
File Version : 6.00.01.05
Company : REDC
Full Path : C:\Windows\system32\drivers\rixdptsk.sys
==================================================

==================================================
Filename : HDAudBus.sys
Address In Stack :
From Address : 0x8b80e000
To Address : 0x8b89b000
Size : 0x0008d000
Time Stamp : 0x49e01fc1
Time String : 11/04/2009 04:42:41
Product Name : Microsoft® Windows® Operating System
File Description : High Definition Audio Bus Driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\HDAudBus.sys
==================================================

==================================================
Filename : nvmfdx32.sys
Address In Stack :
From Address : 0x8b89b000
To Address : 0x8b99a600
Size : 0x000ff600
Time Stamp : 0x489357fd
Time String : 01/08/2008 18:37:49
Product Name : NVIDIA Networking Driver
File Description : NVIDIA MCP Networking Function Driver.
File Version : 1.00.01.06789
Company : NVIDIA Corporation
Full Path : C:\Windows\system32\drivers\nvmfdx32.sys
==================================================

==================================================
Filename : i8042prt.sys
Address In Stack :
From Address : 0x8b99b000
To Address : 0x8b9ae000
Size : 0x00013000
Time Stamp : 0x47918f5d
Time String : 19/01/2008 05:49:17
Product Name : Microsoft® Windows® Operating System
File Description : i8042 Port Driver
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\i8042prt.sys
==================================================

==================================================
Filename : kbdclass.sys
Address In Stack :
From Address : 0x8b9ae000
To Address : 0x8b9b9000
Size : 0x0000b000
Time Stamp : 0x47918f5a
Time String : 19/01/2008 05:49:14
Product Name : Microsoft® Windows® Operating System
File Description : Keyboard Class Driver
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\kbdclass.sys
==================================================

==================================================
Filename : SynTP.sys
Address In Stack :
From Address : 0x8b9b9000
To Address : 0x8b9e3d80
Size : 0x0002ad80
Time Stamp : 0x45d53809
Time String : 16/02/2007 04:50:17
Product Name : Synaptics Pointing Device Driver
File Description : Synaptics Touchpad Driver
File Version : 9.1.17 15Feb07
Company : Synaptics, Inc.
Full Path : C:\Windows\system32\drivers\SynTP.sys
==================================================

==================================================
Filename : USBD.SYS
Address In Stack :
From Address : 0x8b9e4000
To Address : 0x8b9e5700
Size : 0x00001700
Time Stamp : 0x4791904d
Time String : 19/01/2008 05:53:17
Product Name : Microsoft® Windows® Operating System
File Description : Universal Serial Bus Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\USBD.SYS
==================================================

==================================================
Filename : mouclass.sys
Address In Stack :
From Address : 0x8b9e6000
To Address : 0x8b9f1000
Size : 0x0000b000
Time Stamp : 0x47918f5a
Time String : 19/01/2008 05:49:14
Product Name : Microsoft® Windows® Operating System
File Description : Mouse Class Driver
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mouclass.sys
==================================================

==================================================
Filename : CmBatt.sys
Address In Stack :
From Address : 0x8b9f1000
To Address : 0x8b9f4780
Size : 0x00003780
Time Stamp : 0x47918b7f
Time String : 19/01/2008 05:32:47
Product Name : Microsoft® Windows® Operating System
File Description : Control Method Battery Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\CmBatt.sys
==================================================

==================================================
Filename : msiscsi.sys
Address In Stack :
From Address : 0x8b7cb000
To Address : 0x8b7fa000
Size : 0x0002f000
Time Stamp : 0x49e01f27
Time String : 11/04/2009 04:40:07
Product Name : Microsoft® Windows® Operating System
File Description : Microsoft iSCSI Initiator Driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\msiscsi.sys
==================================================

==================================================
Filename : TDI.SYS
Address In Stack :
From Address : 0x8b9f5000
To Address : 0x8ba00000
Size : 0x0000b000
Time Stamp : 0x47919136
Time String : 19/01/2008 05:57:10
Product Name : Microsoft® Windows® Operating System
File Description : TDI Wrapper
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\TDI.SYS
==================================================

==================================================
Filename : rasl2tp.sys
Address In Stack :
From Address : 0x82d9e000
To Address : 0x82db5000
Size : 0x00017000
Time Stamp : 0x47919111
Time String : 19/01/2008 05:56:33
Product Name : Microsoft® Windows® Operating System
File Description : RAS L2TP mini-port/call-manager driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rasl2tp.sys
==================================================

==================================================
Filename : ndistapi.sys
Address In Stack :
From Address : 0x8b800000
To Address : 0x8b80b000
Size : 0x0000b000
Time Stamp : 0x47919108
Time String : 19/01/2008 05:56:24
Product Name : Microsoft® Windows® Operating System
File Description : NDIS 3.0 connection wrapper driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ndistapi.sys
==================================================

==================================================
Filename : ndiswan.sys
Address In Stack :
From Address : 0x82db5000
To Address : 0x82dd8000
Size : 0x00023000
Time Stamp : 0x49e020a7
Time String : 11/04/2009 04:46:31
Product Name : Microsoft® Windows® Operating System
File Description : MS PPP Framing Driver (Strong Encryption)
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ndiswan.sys
==================================================

==================================================
Filename : raspppoe.sys
Address In Stack :
From Address : 0x82dd8000
To Address : 0x82de7000
Size : 0x0000f000
Time Stamp : 0x49e020a6
Time String : 11/04/2009 04:46:30
Product Name : Microsoft® Windows® Operating System
File Description : RAS PPPoE mini-port/call-manager driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\raspppoe.sys
==================================================

==================================================
Filename : raspptp.sys
Address In Stack :
From Address : 0x82de7000
To Address : 0x82dfb000
Size : 0x00014000
Time Stamp : 0x47919112
Time String : 19/01/2008 05:56:34
Product Name : Microsoft® Windows® Operating System
File Description : Peer-to-Peer Tunneling Protocol
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\raspptp.sys
==================================================

==================================================
Filename : rassstp.sys
Address In Stack :
From Address : 0x827ea000
To Address : 0x827ff000
Size : 0x00015000
Time Stamp : 0x49e020b0
Time String : 11/04/2009 04:46:40
Product Name : Microsoft® Windows® Operating System
File Description : RAS SSTP Miniport Call Manager
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rassstp.sys
==================================================

==================================================
Filename : termdd.sys
Address In Stack :
From Address : 0x805d9000
To Address : 0x805e9000
Size : 0x00010000
Time Stamp : 0x49e021c2
Time String : 11/04/2009 04:51:14
Product Name : Microsoft® Windows® Operating System
File Description : Terminal Server Driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\termdd.sys
==================================================

==================================================
Filename : swenum.sys
Address In Stack :
From Address : 0x8b80b000
To Address : 0x8b80c380
Size : 0x00001380
Time Stamp : 0x47918f60
Time String : 19/01/2008 05:49:20
Product Name : Microsoft® Windows® Operating System
File Description : Plug and Play Software Device Enumerator
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\swenum.sys
==================================================

==================================================
Filename : ks.sys
Address In Stack :
From Address : 0x8bc08000
To Address : 0x8bc32000
Size : 0x0002a000
Time Stamp : 0x49e01ed7
Time String : 11/04/2009 04:38:47
Product Name : Microsoft® Windows® Operating System
File Description : Kernel CSA Library
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ks.sys
==================================================

==================================================
Filename : mssmbios.sys
Address In Stack :
From Address : 0x8bc32000
To Address : 0x8bc3c000
Size : 0x0000a000
Time Stamp : 0x47918b87
Time String : 19/01/2008 05:32:55
Product Name : Microsoft® Windows® Operating System
File Description : System Management BIOS Driver
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mssmbios.sys
==================================================

==================================================
Filename : umbus.sys
Address In Stack :
From Address : 0x8bc3c000
To Address : 0x8bc49000
Size : 0x0000d000
Time Stamp : 0x47919064
Time String : 19/01/2008 05:53:40
Product Name : Microsoft® Windows® Operating System
File Description : User-Mode Bus Enumerator
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\umbus.sys
==================================================
 
==================================================
Filename : usbhub.sys
Address In Stack :
From Address : 0x8bc49000
To Address : 0x8bc7e000
Size : 0x00035000
Time Stamp : 0x49e01fe2
Time String : 11/04/2009 04:43:14
Product Name : Microsoft® Windows® Operating System
File Description : Default Hub Driver for USB
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\usbhub.sys
==================================================

==================================================
Filename : NDProxy.SYS
Address In Stack :
From Address : 0x8bc7e000
To Address : 0x8bc8f000
Size : 0x00011000
Time Stamp : 0x4791910c
Time String : 19/01/2008 05:56:28
Product Name : Microsoft® Windows® Operating System
File Description : NDIS Proxy
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\NDProxy.SYS
==================================================

==================================================
Filename : RTKVHDA.sys
Address In Stack :
From Address : 0x8be0e000
To Address : 0x8bfb5540
Size : 0x001a7540
Time Stamp : 0x45d2a808
Time String : 14/02/2007 06:11:20
Product Name : Realtek(r) High Definition Audio Function Driver
File Description : Realtek(r) High Definition Audio Function Driver
File Version : 6.0.1.5374 built by: WinDDK
Company : Realtek Semiconductor Corp.
Full Path : C:\Windows\system32\drivers\RTKVHDA.sys
==================================================

==================================================
Filename : portcls.sys
Address In Stack :
From Address : 0x8bfb6000
To Address : 0x8bfe3000
Size : 0x0002d000
Time Stamp : 0x49e01fc8
Time String : 11/04/2009 04:42:48
Product Name : Microsoft® Windows® Operating System
File Description : Port Class (Class Driver for Port/Miniport Devices)
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\portcls.sys
==================================================

==================================================
Filename : drmk.sys
Address In Stack :
From Address : 0x8bc8f000
To Address : 0x8bcb4000
Size : 0x00025000
Time Stamp : 0x47919e4e
Time String : 19/01/2008 06:53:02
Product Name : Microsoft® Windows® Operating System
File Description : Microsoft Kernel DRM Descrambler Filter
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\drmk.sys
==================================================

==================================================
Filename : MpFilter.sys
Address In Stack :
From Address : 0x8bcb4000
To Address : 0x8bcda800
Size : 0x00026800
Time Stamp : 0x4d9cb033
Time String : 06/04/2011 18:25:55
Product Name : Microsoft Malware Protection
File Description : Microsoft antimalware file system filter driver
File Version : 3.0.8239.0
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\MpFilter.sys
==================================================

==================================================
Filename : Fs_Rec.SYS
Address In Stack :
From Address : 0x8bfe3000
To Address : 0x8bfec000
Size : 0x00009000
Time Stamp : 0x00000000
Time String :
Product Name : Microsoft® Windows® Operating System
File Description : File System Recognizer Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Fs_Rec.SYS
==================================================

==================================================
Filename : Null.SYS
Address In Stack :
From Address : 0x8bfec000
To Address : 0x8bff3000
Size : 0x00007000
Time Stamp : 0x00000000
Time String :
Product Name : Microsoft® Windows® Operating System
File Description : NULL Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Null.SYS
==================================================

==================================================
Filename : Beep.SYS
Address In Stack :
From Address : 0x8bff3000
To Address : 0x8bffa000
Size : 0x00007000
Time Stamp : 0x47918f56
Time String : 19/01/2008 05:49:10
Product Name : Microsoft® Windows® Operating System
File Description : BEEP Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Beep.SYS
==================================================

==================================================
Filename : vga.sys
Address In Stack :
From Address : 0x8be00000
To Address : 0x8be0c000
Size : 0x0000c000
Time Stamp : 0x47919006
Time String : 19/01/2008 05:52:06
Product Name : Microsoft® Windows® Operating System
File Description : VGA/Super VGA Video Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\vga.sys
==================================================

==================================================
Filename : VIDEOPRT.SYS
Address In Stack :
From Address : 0x8bcdb000
To Address : 0x8bcfc000
Size : 0x00021000
Time Stamp : 0x4791900a
Time String : 19/01/2008 05:52:10
Product Name : Microsoft® Windows® Operating System
File Description : Video Port Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\VIDEOPRT.SYS
==================================================

==================================================
Filename : RDPCDD.sys
Address In Stack :
From Address : 0x8bcfc000
To Address : 0x8bd04000
Size : 0x00008000
Time Stamp : 0x47919224
Time String : 19/01/2008 06:01:08
Product Name : Microsoft® Windows® Operating System
File Description : RDP Miniport
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\RDPCDD.sys
==================================================

==================================================
Filename : rdpencdd.sys
Address In Stack :
From Address : 0x8bd04000
To Address : 0x8bd0c000
Size : 0x00008000
Time Stamp : 0x47919225
Time String : 19/01/2008 06:01:09
Product Name : Microsoft® Windows® Operating System
File Description : RDP Miniport
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rdpencdd.sys
==================================================

==================================================
Filename : Msfs.SYS
Address In Stack :
From Address : 0x8bd0c000
To Address : 0x8bd17000
Size : 0x0000b000
Time Stamp : 0x00000000
Time String :
Product Name : Microsoft® Windows® Operating System
File Description : Mailslot driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Msfs.SYS
==================================================

==================================================
Filename : Npfs.SYS
Address In Stack :
From Address : 0x8bd17000
To Address : 0x8bd25000
Size : 0x0000e000
Time Stamp : 0x49e01909
Time String : 11/04/2009 04:14:01
Product Name : Microsoft® Windows® Operating System
File Description : NPFS Driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Npfs.SYS
==================================================

==================================================
Filename : rasacd.sys
Address In Stack :
From Address : 0x8bd25000
To Address : 0x8bd2e000
Size : 0x00009000
Time Stamp : 0x4791910f
Time String : 19/01/2008 05:56:31
Product Name : Microsoft® Windows® Operating System
File Description : RAS Automatic Connection Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rasacd.sys
==================================================

==================================================
Filename : tdx.sys
Address In Stack :
From Address : 0x8bd2e000
To Address : 0x8bd44000
Size : 0x00016000
Time Stamp : 0x49e02084
Time String : 11/04/2009 04:45:56
Product Name : Microsoft® Windows® Operating System
File Description : TDI Translation Driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\tdx.sys
==================================================

==================================================
Filename : smb.sys
Address In Stack :
From Address : 0x8bd44000
To Address : 0x8bd58000
Size : 0x00014000
Time Stamp : 0x49e02062
Time String : 11/04/2009 04:45:22
Product Name : Microsoft® Windows® Operating System
File Description : SMB Transport driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\smb.sys
==================================================

==================================================
Filename : netbt.sys
Address In Stack :
From Address : 0x8bd58000
To Address : 0x8bd8a000
Size : 0x00032000
Time Stamp : 0x49e0206f
Time String : 11/04/2009 04:45:35
Product Name : Microsoft® Windows® Operating System
File Description : MBT Transport driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\netbt.sys
==================================================

==================================================
Filename : afd.sys
Address In Stack :
From Address : 0x8bd8a000
To Address : 0x8bdd2000
Size : 0x00048000
Time Stamp : 0x4db03801
Time String : 21/04/2011 13:58:25
Product Name : Microsoft® Windows® Operating System
File Description : Ancillary Function Driver for WinSock
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\afd.sys
==================================================

==================================================
Filename : ws2ifsl.sys
Address In Stack :
From Address : 0x8bdd2000
To Address : 0x8bddb000
Size : 0x00009000
Time Stamp : 0x47919121
Time String : 19/01/2008 05:56:49
Product Name : Microsoft® Windows® Operating System
File Description : Winsock2 IFS Layer
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ws2ifsl.sys
==================================================

==================================================
Filename : pacer.sys
Address In Stack :
From Address : 0x8bddb000
To Address : 0x8bdf1000
Size : 0x00016000
Time Stamp : 0x49e0207f
Time String : 11/04/2009 04:45:51
Product Name : Microsoft® Windows® Operating System
File Description : QoS Packet Scheduler
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\pacer.sys
==================================================

==================================================
Filename : netbios.sys
Address In Stack :
From Address : 0x8bdf1000
To Address : 0x8bdff000
Size : 0x0000e000
Time Stamp : 0x479190e1
Time String : 19/01/2008 05:55:45
Product Name : Microsoft® Windows® Operating System
File Description : NetBIOS interface driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\netbios.sys
==================================================

==================================================
Filename : wanarp.sys
Address In Stack :
From Address : 0x805e9000
To Address : 0x805fc000
Size : 0x00013000
Time Stamp : 0x4791910f
Time String : 19/01/2008 05:56:31
Product Name : Microsoft® Windows® Operating System
File Description : MS Remote Access and Routing ARP Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\wanarp.sys
==================================================

==================================================
Filename : rdbss.sys
Address In Stack :
From Address : 0x8c20a000
To Address : 0x8c246000
Size : 0x0003c000
Time Stamp : 0x49e01922
Time String : 11/04/2009 04:14:26
Product Name : Microsoft® Windows® Operating System
File Description : Redirected Drive Buffering SubSystem Driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rdbss.sys
==================================================

==================================================
Filename : nsiproxy.sys
Address In Stack :
From Address : 0x8c246000
To Address : 0x8c250000
Size : 0x0000a000
Time Stamp : 0x479190e6
Time String : 19/01/2008 05:55:50
Product Name : Microsoft® Windows® Operating System
File Description : NSI Proxy
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\nsiproxy.sys
==================================================

==================================================
Filename : Hotkey.SYS
Address In Stack :
From Address : 0x8c250000
To Address : 0x8c252120
Size : 0x00002120
Time Stamp : 0x3eac9f88
Time String : 28/04/2003 03:27:04
Product Name :
File Description :
File Version :
Company :
Full Path : C:\Windows\system32\drivers\Hotkey.SYS
==================================================

==================================================
Filename : dfsc.sys
Address In Stack :
From Address : 0x8c253000
To Address : 0x8c26a000
Size : 0x00017000
Time Stamp : 0x4da70bb7
Time String : 14/04/2011 14:59:03
Product Name : Microsoft® Windows® Operating System
File Description : DFS Namespace Client Driver
File Version : 6.0.6002.18451 (vistasp2_gdr.110414-0338)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\dfsc.sys
==================================================

==================================================
Filename : GemCCID.sys
Address In Stack :
From Address : 0x8c26a000
To Address : 0x8c27fe00
Size : 0x00015e00
Time Stamp : 0x4a800d82
Time String : 10/08/2009 12:07:30
Product Name : USB Smart Card Reader
File Description : USB Smart Card Reader Driver
File Version : 4, 0, 8, 0
Company : Gemalto
Full Path : C:\Windows\system32\drivers\GemCCID.sys
==================================================

==================================================
Filename : SMCLIB.SYS
Address In Stack :
From Address : 0x8c280000
To Address : 0x8c28b000
Size : 0x0000b000
Time Stamp : 0x47918f6a
Time String : 19/01/2008 05:49:30
Product Name : Microsoft® Windows® Operating System
File Description : Smard Card Driver Library
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\SMCLIB.SYS
==================================================

==================================================
Filename : crashdmp.sys
Address In Stack :
From Address : 0x8c28b000
To Address : 0x8c298000
Size : 0x0000d000
Time Stamp : 0x49e01ef0
Time String : 11/04/2009 04:39:12
Product Name : Microsoft® Windows® Operating System
File Description : Crash Dump Driver
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\crashdmp.sys
==================================================

==================================================
Filename : dump_diskdump.sys
Address In Stack :
From Address : 0x8c298000
To Address : 0x8c2a2000
Size : 0x0000a000
Time Stamp : 0x49e01eef
Time String : 11/04/2009 04:39:11
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : dump_nvstor32.sys
Address In Stack :
From Address : 0x8c2a2000
To Address : 0x8c2bf000
Size : 0x0001d000
Time Stamp : 0x46bb58d8
Time String : 09/08/2007 18:11:36
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : win32k.sys
Address In Stack :
From Address : 0x94c20000
To Address : 0x94e24000
Size : 0x00204000
Time Stamp : 0x00000000
Time String :
Product Name : Microsoft® Windows® Operating System
File Description : Multi-User Win32 Driver
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\win32k.sys
==================================================

==================================================
Filename : Dxapi.sys
Address In Stack :
From Address : 0x8c3b5000
To Address : 0x8c3bf000
Size : 0x0000a000
Time Stamp : 0x47918c4c
Time String : 19/01/2008 05:36:12
Product Name : Microsoft® Windows® Operating System
File Description : DirectX API Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Dxapi.sys
==================================================

==================================================
Filename : hidusb.sys
Address In Stack :
From Address : 0x8c3bf000
To Address : 0x8c3c8000
Size : 0x00009000
Time Stamp : 0x49e01fc8
Time String : 11/04/2009 04:42:48
Product Name : Microsoft® Windows® Operating System
File Description : USB Miniport Driver for Input Devices
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\hidusb.sys
==================================================

==================================================
Filename : HIDCLASS.SYS
Address In Stack :
From Address : 0x8c3c8000
To Address : 0x8c3d8000
Size : 0x00010000
Time Stamp : 0x49e01fc7
Time String : 11/04/2009 04:42:47
Product Name : Microsoft® Windows® Operating System
File Description : Hid Class Library
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\HIDCLASS.SYS
==================================================

==================================================
Filename : HIDPARSE.SYS
Address In Stack :
From Address : 0x8c3d8000
To Address : 0x8c3de380
Size : 0x00006380
Time Stamp : 0x4791904c
Time String : 19/01/2008 05:53:16
Product Name : Microsoft® Windows® Operating System
File Description : Hid Parsing Library
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\HIDPARSE.SYS
==================================================

==================================================
Filename : snp2uvc.sys
Address In Stack :
From Address : 0x97809000
To Address : 0x979af280
Size : 0x001a6280
Time Stamp : 0x45c9ab5c
Time String : 07/02/2007 10:35:08
Product Name : USB2.0 PC Camera driver
File Description : USB2.0 PC Camera driver
File Version : 0, 1, 2, 1
Company :
Full Path : C:\Windows\system32\drivers\snp2uvc.sys
==================================================

==================================================
Filename : STREAM.SYS
Address In Stack :
From Address : 0x979b0000
To Address : 0x979bcf00
Size : 0x0000cf00
Time Stamp : 0x49e01fc7
Time String : 11/04/2009 04:42:47
Product Name : Microsoft® Windows® Operating System
File Description : WDM CODEC Class Device Driver 2.0
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\STREAM.SYS
==================================================

==================================================
Filename : sncduvc.SYS
Address In Stack :
From Address : 0x979bd000
To Address : 0x979c3d00
Size : 0x00006d00
Time Stamp : 0x4593384e
Time String : 28/12/2006 03:21:50
Product Name : MicrosoftR WindowsR Operating System
File Description : Universal Serial Bus Camera Driver
File Version : 1.1.6.0
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\sncduvc.SYS
==================================================

==================================================
Filename : usbccgp.sys
Address In Stack :
From Address : 0x979c4000
To Address : 0x979db000
Size : 0x00017000
Time Stamp : 0x47919059
Time String : 19/01/2008 05:53:29
Product Name : Microsoft® Windows® Operating System
File Description : USB Common Class Generic Parent Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\usbccgp.sys
==================================================

==================================================
Filename : mouhid.sys
Address In Stack :
From Address : 0x979db000
To Address : 0x979e3000
Size : 0x00008000
Time Stamp : 0x47918f5c
Time String : 19/01/2008 05:49:16
Product Name : Microsoft® Windows® Operating System
File Description : HID Mouse Filter Driver
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mouhid.sys
==================================================

==================================================
Filename : moufiltr.sys
Address In Stack :
From Address : 0x979e3000
To Address : 0x979eb000
Size : 0x00008000
Time Stamp : 0x45a2ee52
Time String : 09/01/2007 01:22:26
Product Name : Chic Mouse
File Description : Mouse Filter Driver
File Version : 5.00.1636.1
Company : Chic
Full Path : C:\Windows\system32\drivers\moufiltr.sys
==================================================

==================================================
Filename : usbscan.sys
Address In Stack :
From Address : 0x979eb000
To Address : 0x979f8000
Size : 0x0000d000
Time Stamp : 0x47919531
Time String : 19/01/2008 06:14:09
Product Name : Microsoft® Windows® Operating System
File Description : USB Scanner Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\usbscan.sys
==================================================

==================================================
Filename : usbprint.sys
Address In Stack :
From Address : 0x8c3df000
To Address : 0x8c3e9000
Size : 0x0000a000
Time Stamp : 0x47919550
Time String : 19/01/2008 06:14:40
Product Name : Microsoft® Windows® Operating System
File Description : USB Printer driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\usbprint.sys
==================================================

==================================================
Filename : monitor.sys
Address In Stack :
From Address : 0x8c3e9000
To Address : 0x8c3f8000
Size : 0x0000f000
Time Stamp : 0x47919013
Time String : 19/01/2008 05:52:19
Product Name : Microsoft® Windows® Operating System
File Description : Monitor Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\monitor.sys
==================================================

==================================================
Filename : TSDDD.dll
Address In Stack :
From Address : 0x94e40000
To Address : 0x94e49000
Size : 0x00009000
Time Stamp : 0x00000000
Time String :
Product Name : Microsoft® Windows® Operating System
File Description : Framebuffer Display Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\TSDDD.dll
==================================================

==================================================
Filename : cdd.dll
Address In Stack :
From Address : 0x94e60000
To Address : 0x94e6e000
Size : 0x0000e000
Time Stamp : 0x00000000
Time String :
Product Name : Microsoft® Windows® Operating System
File Description : Canonical Display Driver
File Version : 7.0.6002.22573 (vistasp2_ldr.110120-0254)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\cdd.dll
==================================================

==================================================
Filename : luafv.sys
Address In Stack :
From Address : 0x82d17000
To Address : 0x82d32000
Size : 0x0001b000
Time Stamp : 0x47918afb
Time String : 19/01/2008 05:30:35
Product Name : Microsoft® Windows® Operating System
File Description : LUA File Virtualization Filter Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\luafv.sys
==================================================

==================================================
Filename : spsys.sys
Address In Stack :
From Address : 0x9d604000
To Address : 0x9d6b4000
Size : 0x000b0000
Time Stamp : 0x49b69f04
Time String : 10/03/2009 17:10:28
Product Name : Microsoft® Windows® Operating System
File Description : security processor
File Version : 6.0.6002.17040 (longhorn(sepbld-s).090310-1002)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\spsys.sys
==================================================

==================================================
Filename : lltdio.sys
Address In Stack :
From Address : 0x9d6b4000
To Address : 0x9d6c4000
Size : 0x00010000
Time Stamp : 0x479190b7
Time String : 19/01/2008 05:55:03
Product Name : Microsoft® Windows® Operating System
File Description : Link-Layer Topology Mapper I/O Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\lltdio.sys
==================================================

==================================================
Filename : ndisuio.sys
Address In Stack :
From Address : 0x9d6ee000
To Address : 0x9d6f8000
Size : 0x0000a000
Time Stamp : 0x479190dc
Time String : 19/01/2008 05:55:40
Product Name : Microsoft® Windows® Operating System
File Description : NDIS User mode I/O driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ndisuio.sys
==================================================

==================================================
Filename : pnarp.sys
Address In Stack :
From Address : 0x9d6f8000
To Address : 0x9d702000
Size : 0x0000a000
Time Stamp : 0x4a2a07a1
Time String : 06/06/2009 06:07:29
Product Name : Pure Networks Platform
File Description : Address Resolution Protocol Driver
File Version : 11.3.09156.1
Company : Cisco Systems, Inc.
Full Path : C:\Windows\system32\drivers\pnarp.sys
==================================================

==================================================
Filename : purendis.sys
Address In Stack :
From Address : 0x9d702000
To Address : 0x9d70c000
Size : 0x0000a000
Time Stamp : 0x4a29f15c
Time String : 06/06/2009 04:32:28
Product Name : Pure Networks Platform
File Description : NDIS Relay Driver
File Version : 11.3.09156.1
Company : Cisco Systems, Inc.
Full Path : C:\Windows\system32\drivers\purendis.sys
==================================================

==================================================
Filename : rspndr.sys
Address In Stack :
From Address : 0x9d70c000
To Address : 0x9d71f000
Size : 0x00013000
Time Stamp : 0x479190b7
Time String : 19/01/2008 05:55:03
Product Name : Microsoft® Windows® Operating System
File Description : Link-Layer Topology Responder Driver for NDIS 6
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rspndr.sys
==================================================

==================================================
Filename : HTTP.sys
Address In Stack :
From Address : 0x9d71f000
To Address : 0x9d78c000
Size : 0x0006d000
Time Stamp : 0x4b804bcb
Time String : 20/02/2010 20:53:31
Product Name : Microsoft® Windows® Operating System
File Description : HTTP Protocol Stack
File Version : 6.0.6002.18136 (vistasp2_gdr.091102-2300)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\HTTP.sys
==================================================

==================================================
Filename : srvnet.sys
Address In Stack :
From Address : 0x9d78c000
To Address : 0x9d7a9000
Size : 0x0001d000
Time Stamp : 0x4dbabc34
Time String : 29/04/2011 13:25:08
Product Name : Microsoft® Windows® Operating System
File Description : Server Network driver
File Version : 6.0.6002.18462 (vistasp2_gdr.110429-0338)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\srvnet.sys
==================================================

==================================================
Filename : bowser.sys
Address In Stack :
From Address : 0x9d7a9000
To Address : 0x9d7c2000
Size : 0x00019000
Time Stamp : 0x4d63b8ea
Time String : 22/02/2011 13:23:54
Product Name : Microsoft® Windows® Operating System
File Description : NT Lan Manager Datagram Receiver Driver
File Version : 6.0.6002.18409 (vistasp2_gdr.110222-0237)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\bowser.sys
==================================================

==================================================
Filename : mpsdrv.sys
Address In Stack :
From Address : 0x9d7c2000
To Address : 0x9d7d7000
Size : 0x00015000
Time Stamp : 0x479190a5
Time String : 19/01/2008 05:54:45
Product Name : Microsoft® Windows® Operating System
File Description : Microsoft Protection Service Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mpsdrv.sys
==================================================

==================================================
Filename : mrxdav.sys
Address In Stack :
From Address : 0x9d7d7000
To Address : 0x9d7f8000
Size : 0x00021000
Time Stamp : 0x49e0192f
Time String : 11/04/2009 04:14:39
Product Name : Microsoft® Windows® Operating System
File Description : Windows NT WebDav Minirdr
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mrxdav.sys
==================================================

==================================================
Filename : mrxsmb.sys
Address In Stack :
From Address : 0x9f60f000
To Address : 0x9f62e000
Size : 0x0001f000
Time Stamp : 0x4dbabc17
Time String : 29/04/2011 13:24:39
Product Name : Microsoft® Windows® Operating System
File Description : Windows NT SMB Minirdr
File Version : 6.0.6002.18462 (vistasp2_gdr.110429-0338)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mrxsmb.sys
==================================================

==================================================
Filename : mrxsmb10.sys
Address In Stack :
From Address : 0x9f62e000
To Address : 0x9f667000
Size : 0x00039000
Time Stamp : 0x4e147fe2
Time String : 06/07/2011 15:31:46
Product Name : Microsoft® Windows® Operating System
File Description : Longhorn SMB Downlevel SubRdr
File Version : 6.0.6002.18490 (vistasp2_gdr.110706-0539)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mrxsmb10.sys
==================================================

==================================================
Filename : mrxsmb20.sys
Address In Stack :
From Address : 0x9f667000
To Address : 0x9f67f000
Size : 0x00018000
Time Stamp : 0x4dbabc19
Time String : 29/04/2011 13:24:41
Product Name : Microsoft® Windows® Operating System
File Description : Longhorn SMB 2.0 Redirector
File Version : 6.0.6002.18462 (vistasp2_gdr.110429-0338)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mrxsmb20.sys
==================================================

==================================================
Filename : srv2.sys
Address In Stack :
From Address : 0x9f67f000
To Address : 0x9f6a7000
Size : 0x00028000
Time Stamp : 0x4dbabc35
Time String : 29/04/2011 13:25:09
Product Name : Microsoft® Windows® Operating System
File Description : Smb 2.0 Server driver
File Version : 6.0.6002.18462 (vistasp2_gdr.110429-0338)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\srv2.sys
==================================================

==================================================
Filename : srv.sys
Address In Stack :
From Address : 0x9f6a7000
To Address : 0x9f6f6000
Size : 0x0004f000
Time Stamp : 0x4d5e7c30
Time String : 18/02/2011 14:03:28
Product Name : Microsoft® Windows® Operating System
File Description : Server driver
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\srv.sys
==================================================

==================================================
Filename : peauth.sys
Address In Stack :
From Address : 0x9f70e000
To Address : 0x9f7ec000
Size : 0x000de000
Time Stamp : 0x453c8384
Time String : 23/10/2006 08:55:32
Product Name : Microsoft® Windows® Operating System
File Description : Protected Environment Authentication and Authorization Export Driver
File Version : 6.0.5840.16385 (VISTA_RTM_CLIENT_akaDMD.061022-1800)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\peauth.sys
==================================================

==================================================
Filename : secdrv.SYS
Address In Stack :
From Address : 0x9f7ec000
To Address : 0x9f7f6000
Size : 0x0000a000
Time Stamp : 0x45080528
Time String : 13/09/2006 13:18:32
Product Name : Macrovision SECURITY Driver
File Description : Macrovision SECURITY Driver
File Version : 4.03.086
Company : Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
Full Path : C:\Windows\system32\drivers\secdrv.SYS
==================================================

==================================================
Filename : tcpipreg.sys
Address In Stack :
From Address : 0x9f600000
To Address : 0x9f60c000
Size : 0x0000c000
Time Stamp : 0x4e7898a3
Time String : 20/09/2011 13:44:03
Product Name : Microsoft® Windows® Operating System
File Description : TCP/IP Registry Compatibility Driver
File Version : 6.0.6002.22719 (vistasp2_ldr.110920-0346)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\tcpipreg.sys
==================================================

==================================================
Filename : ipnat.sys
Address In Stack :
From Address : 0xa320d000
To Address : 0xa3233000
Size : 0x00026000
Time Stamp : 0x4791910c
Time String : 19/01/2008 05:56:28
Product Name : Microsoft® Windows® Operating System
File Description : IP Network Address Translator
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ipnat.sys
==================================================

==================================================
Filename : cdfs.sys
Address In Stack :
From Address : 0xa3233000
To Address : 0xa3249000
Size : 0x00016000
Time Stamp : 0x47918a62
Time String : 19/01/2008 05:28:02
Product Name : Microsoft® Windows® Operating System
File Description : CD-ROM File System Driver
File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\cdfs.sys
==================================================

==================================================
Filename : MpNWMon.sys
Address In Stack :
From Address : 0xa3249000
To Address : 0xa3252200
Size : 0x00009200
Time Stamp : 0x4d9cb032
Time String : 06/04/2011 18:25:54
Product Name : Microsoft Malware Protection
File Description : Network monitor driver
File Version : 3.0.8239.0
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\MpNWMon.sys
==================================================

==================================================
Filename : NisDrvWFP.sys
Address In Stack :
From Address : 0xa3253000
To Address : 0xa3261680
Size : 0x0000e680
Time Stamp : 0x4d9cb056
Time String : 06/04/2011 18:26:30
Product Name : Microsoft Forefront System
File Description : Microsoft Network Inspection System Driver
File Version : 3.0.8239.0
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\NisDrvWFP.sys
==================================================

==================================================
Filename : ATMFD.DLL
Address In Stack :
From Address : 0x94e70000
To Address : 0x94ebd000
Size : 0x0004d000
Time Stamp : 0x00000000
Time String :
Product Name : Adobe Type Manager
File Description : Windows NT OpenType/Type 1 Font Driver
File Version : 5.1 Build 232
Company : Adobe Systems Incorporated
Full Path : C:\Windows\system32\ATMFD.DLL
==================================================
 
Manaed to et it in two parts this time - rouhly 50k each. O/S still tryin to install driver for unidentified device. System seems stable other than that. No crashes since BSOD.txt created.

jsm
 
I don't see any BSOD fro 2012.

As for that installer....

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:

p4436801.gif


Attach the file to your next reply.
 
Back