Inactive Windows Explorer running abnormally slow...

[CMeyers3]

Hello,

This morning I noted that when trying to access any of my drives that the Windows Explorer would spend 5-10minutes trying to locate the drives. Off and on it would hang up and I'd close the program and other times I'd be able to navigate to my drives.

I've had Malwarebytes PRO running and it has detected and deleted the following item:
Trojan.BHO HKCR\fsharproj

Following the sticky here are the logs requested to assist on initial diagnosis:

MBAM:
Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.16.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Erik :: ERIKS-DESKTOP [administrator]

Protection: Enabled

9/16/2012 3:47:07 PM
mbam-log-2012-09-16 (15-47-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 224832
Time elapsed: 3 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[CMeyers3]

GMER:
Thanks for the quick response! GMER was running when I posted earlier. All the requested files should be posted shortly.


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-16 17:08:49
Windows 5.1.2600 Service Pack 3, v.3264 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD5000AAKS-00A7B0 rev.01.03B01
Running: itdd93rk.exe; Driver: C:\DOCUME~1\Erik\LOCALS~1\Temp\kgrcyaog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB47D33C0, 0x9B091A, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2372] USER32.dll!DefWindowProcA + 11A 7E41DE38 7 Bytes JMP 105CDF63 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2372] USER32.dll!SetWindowLongA + 19 7E41DE56 7 Bytes JMP 105CDEF2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2372] USER32.dll!GetWindowInfo 7E41E142 5 Bytes JMP 10414536 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2372] USER32.dll!GetMenuContextHelpId + 1A 7E465311 7 Bytes JMP 10414B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3836] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 011C0C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3836] kernel32.dll!lstrlenW + 43 7C809ADC 7 Bytes JMP 013F7B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3836] kernel32.dll!MapViewOfFileEx + 6A 7C80B990 7 Bytes JMP 013F7B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3836] kernel32.dll!ValidateLocale + B1E8 7C8449F8 7 Bytes JMP 011C3FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3836] GDI32.dll!SetDIBitsToDevice + 208 77F19964 7 Bytes JMP 013F7AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

 

[CMeyers3]

DDS:
DDS (Ver_211-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 10.5.1
Run by Erik at 17:09:28 on 2012-09-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2183 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nlssrv32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe
C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
C:\Documents and Settings\Erik\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
BHO: {1804c938-6d54-4cef-a7c8-e55db3547455} - c:\windows\system32\ATIDEMGX32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [AdobeBridge] "c:\program files\adobe\adobe bridge cs5.1\Bridge.exe" -stealth
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...VXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzI2NDI5OTQwLVhPMTArMi1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzItTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNVRCsxLVMxSSsxLVNVMysxLUREVCs1MDgyNS1GT0krMTEtVFVHKzMtREQxMEYrMS1TVDEwRkFQUCsxLVNUMTJGT0krMS1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1796"&"mid=c35f154a392147d6b534bdb90f70f214-a6f40694ad39c2c1ea12a9f0234794ed061a73bd
StartupFolder: c:\docume~1\erik\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\erik\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spyder~1.lnk - c:\program files\datacolor\spyder3express\utility\Spyder3Utility.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: Interfaces\{50F874C9-8C29-4664-87E1-C1B515958B61} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E83A77B0-930C-4B6B-B7F9-874625AAFBD5} : DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{EADD6193-B872-445C-AD32-0AFF476B7FCF} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\erik\application data\mozilla\firefox\profiles\6oumi61i.default\
FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\documents and settings\erik\application data\mozilla\firefox\profiles\6oumi61i.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\erik\application data\mozilla\firefox\profiles\6oumi61i.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\Npindeo.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-15 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-13 676936]
R2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\system32\nlssrv32.exe [2011-9-22 66560]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-8-31 1262400]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-23 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-13 22856]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2012-8-31 123840]
S0 ysbifayk;ysbifayk;c:\windows\system32\drivers\eiyjyhf.sys --> c:\windows\system32\drivers\eiyjyhf.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-18 250568]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-6-16 1684736]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-15 114144]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2011-9-12 709248]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [2008-9-8 12288]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2012-09-16 20:26:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-16 19:55:23 0 ---ha-w- c:\documents and settings\erik\bohfjbgsas.tmp
2012-09-16 19:23:28 -------- d-sha-r- C:\cmdcons
2012-09-16 19:21:31 -------- d-----w- C:\ComboFix
2012-09-09 15:13:33 -------- d-----w- c:\documents and settings\erik\local settings\application data\Nik Software
2012-09-09 15:13:19 -------- d-----w- c:\program files\Nik Software
2012-09-09 15:13:19 -------- d-----w- c:\documents and settings\all users\application data\Nik Software
2012-09-09 14:55:21 -------- d-----r- c:\documents and settings\erik\application data\Brother
2012-09-06 03:01:37 -------- d-----w- c:\documents and settings\erik\application data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-09-03 01:44:57 -------- d-----w- c:\documents and settings\erik\application data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-09-03 01:44:57 -------- d-----w- c:\documents and settings\erik\application data\Adobe Mini Bridge CS5.1
2012-09-01 13:56:50 -------- d-----w- c:\documents and settings\erik\application data\NVIDIA
2012-09-01 00:20:09 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-09-01 00:19:44 -------- d-----w- c:\documents and settings\erik\local settings\application data\PunkBuster
2012-08-31 23:52:43 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-08-31 23:52:41 138056 ----a-w- c:\documents and settings\erik\application data\PnkBstrK.sys
2012-08-31 23:52:21 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-08-31 23:52:21 270240 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-08-31 23:52:20 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-08-31 23:45:50 -------- d-----w- c:\program files\EA Games
2012-08-31 22:47:18 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-08-31 22:47:15 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-08-31 22:47:15 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-08-31 22:36:29 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation
2012-08-22 02:50:10 -------- d-----w- c:\documents and settings\erik\New Folder
2012-08-20 12:13:46 -------- d-----w- c:\documents and settings\erik\local settings\application data\Sun
2012-08-20 12:12:54 -------- d-----w- c:\program files\Oracle
2012-08-20 12:12:43 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-20 12:12:43 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-19 05:02:22 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe
2012-08-19 03:52:18 -------- d-----w- c:\documents and settings\all users\Adobe Photoshop CS6
2012-08-19 03:24:55 -------- d-----w- c:\documents and settings\erik\Adobe Photoshop CS6
2012-08-19 03:23:46 -------- d-----w- c:\documents and settings\erik\application data\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-08-19 03:23:42 -------- d-----w- c:\program files\Adobe Download Assistant
2012-08-19 00:57:14 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-09-10 02:15:52 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-09-10 02:15:52 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-09-10 02:15:49 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-09-07 22:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-29 11:42:36 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 03:07:08 143872 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH: 17:15:19.50 ===============

 

[CMeyers3]

ATTACH:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/21/2008 12:31:25 PM
System Uptime: 9/16/2012 3:33:42 PM (2 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA74GM-S2
Processor: AMD Phenom(tm) II X4 965 Processor | Socket M2 | 3408/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 412.865 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 233 GiB total, 50.921 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP104: 8/19/2012 11:11:40 AM - System Checkpoint
RP105: 8/20/2012 7:12:16 AM - Installed Java(TM) 7 Update 5
RP106: 8/20/2012 7:12:51 AM - Installed JavaFX 2.1.1
RP107: 8/21/2012 7:52:58 AM - System Checkpoint
RP108: 8/22/2012 8:07:33 AM - System Checkpoint
RP109: 8/23/2012 8:33:00 AM - System Checkpoint
RP110: 8/24/2012 9:21:31 AM - System Checkpoint
RP111: 8/25/2012 10:21:31 AM - System Checkpoint
RP112: 8/26/2012 11:21:29 AM - System Checkpoint
RP113: 8/27/2012 12:21:29 PM - System Checkpoint
RP114: 8/28/2012 1:21:29 PM - System Checkpoint
RP115: 8/29/2012 1:26:19 PM - System Checkpoint
RP116: 8/30/2012 2:26:19 PM - System Checkpoint
RP117: 8/31/2012 3:26:19 PM - System Checkpoint
RP118: 8/31/2012 5:34:47 PM - Update to an unsigned driver
RP119: 9/1/2012 6:09:16 PM - System Checkpoint
RP120: 9/2/2012 6:59:45 PM - System Checkpoint
RP121: 9/3/2012 7:06:33 PM - System Checkpoint
RP122: 9/4/2012 7:58:39 PM - System Checkpoint
RP123: 9/5/2012 10:53:28 PM - System Checkpoint
RP124: 9/6/2012 10:58:40 PM - System Checkpoint
RP125: 9/7/2012 11:58:39 PM - System Checkpoint
RP126: 9/9/2012 12:18:16 AM - System Checkpoint
RP127: 9/10/2012 12:23:00 AM - System Checkpoint
RP128: 9/11/2012 12:27:30 AM - System Checkpoint
RP129: 9/12/2012 1:27:30 AM - System Checkpoint
RP130: 9/13/2012 2:12:58 AM - System Checkpoint
RP131: 9/14/2012 3:12:58 AM - System Checkpoint
RP132: 9/15/2012 4:12:58 AM - System Checkpoint
RP133: 9/16/2012 3:32:18 PM - Installed Microsoft Fix it 50267
.
==== Installed Programs ======================
.
.
AC3Filter 1.62b
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Download Manager
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Photoshop Lightroom 3.6
Adobe Reader 9.5.2
AMD Processor Driver
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
Battlefield Heroes
Battlefield Play4Free
BitLord 1.1
Bonjour
Canon IJ Network Scan Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
Color Efex Pro 4
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Dropbox
getPlus(R) for Adobe
HijackThis 2.0.2
Java Auto Updater
Java(TM) 6 Update 12
Java(TM) 7 Update 5
JavaFX 2.1.1
Kies Air Discovery Service
LightScribe System Software 1.14.17.1
LiveUpdate 3.0 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.65.0.1400
Medialink MWN-USB150N
Microsoft .NET Framework 2.0
Microsoft IntelliType Pro 2.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MobileMe Control Panel
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 14.0 (x86 en-US)
neroxml
NVIDIA Control Panel 301.42
NVIDIA Graphics Driver 301.42
NVIDIA HD Audio Driver 1.3.16.0
NVIDIA Install Application
NVIDIA nView 136.27
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Update 1.8.15
NVIDIA Update Components
PDF Settings CS5
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
RocketDock 1.3.5
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Skins
Software Update for Web Folders
Spyder3Express
System Requirements Lab CYRI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Migration Assistant
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
9/16/2012 3:56:06 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
9/16/2012 3:30:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
9/16/2012 2:13:58 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.
9/15/2012 9:55:26 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
9/12/2012 9:09:47 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
9/12/2012 9:09:25 PM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/12/2012 8:49:07 PM, error: System Error [1003] - Error code 10000050, parameter1 bad0b148, parameter2 00000000, parameter3 805bb44a, parameter4 00000002.
.
==== End Of File ===========================

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

=======================================

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

======================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[CMeyers3]

Just ran TDSS Killer, running the other programs now...

TDSSKiller Report:
17:29:51.0359 1684 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
17:29:51.0656 1684 ============================================================
17:29:51.0656 1684 Current date / time: 2012/09/16 17:29:51.0656
17:29:51.0656 1684 SystemInfo:
17:29:51.0656 1684
17:29:51.0656 1684 OS Version: 5.1.2600 ServicePack: 3.0
17:29:51.0656 1684 Product type: Workstation
17:29:51.0656 1684 ComputerName: ERIKS-DESKTOP
17:29:51.0656 1684 UserName: Erik
17:29:51.0656 1684 Windows directory: C:\WINDOWS
17:29:51.0656 1684 System windows directory: C:\WINDOWS
17:29:51.0656 1684 Processor architecture: Intel x86
17:29:51.0656 1684 Number of processors: 4
17:29:51.0656 1684 Page size: 0x1000
17:29:51.0656 1684 Boot type: Normal boot
17:29:51.0656 1684 ============================================================
17:29:53.0015 1684 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:29:53.0031 1684 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:29:53.0109 1684 ============================================================
17:29:53.0109 1684 \Device\Harddisk0\DR0:
17:29:53.0109 1684 MBR partitions:
17:29:53.0109 1684 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
17:29:53.0109 1684 \Device\Harddisk1\DR1:
17:29:53.0109 1684 MBR partitions:
17:29:53.0109 1684 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
17:29:53.0109 1684 ============================================================
17:29:53.0156 1684 C: <-> \Device\Harddisk0\DR0\Partition1
17:29:53.0187 1684 E: <-> \Device\Harddisk1\DR1\Partition1
17:29:53.0187 1684 ============================================================
17:29:53.0187 1684 Initialize success
17:29:53.0187 1684 ============================================================
17:29:54.0765 1276 ============================================================
17:29:54.0765 1276 Scan started
17:29:54.0765 1276 Mode: Manual;
17:29:54.0765 1276 ============================================================
17:29:55.0765 1276 ================ Scan system memory ========================
17:29:55.0765 1276 System memory - ok
17:29:55.0781 1276 ================ Scan services =============================
17:29:55.0890 1276 Abiosdsk - ok
17:29:55.0890 1276 abp480n5 - ok
17:29:55.0937 1276 [ 15634A4D4371423AD438B93EE0519CB8 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:29:55.0937 1276 ACPI - ok
17:29:55.0968 1276 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:29:55.0968 1276 ACPIEC - ok
17:29:56.0031 1276 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:29:56.0031 1276 AdobeFlashPlayerUpdateSvc - ok
17:29:56.0046 1276 adpu160m - ok
17:29:56.0046 1276 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:29:56.0046 1276 aec - ok
17:29:56.0078 1276 [ 15E655BAA989444F56787EF558823643 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:29:56.0078 1276 AegisP - ok
17:29:56.0093 1276 [ E5D9213212ED08DC5F985049F7C68C09 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:29:56.0093 1276 AFD - ok
17:29:56.0093 1276 Aha154x - ok
17:29:56.0093 1276 aic78u2 - ok
17:29:56.0109 1276 aic78xx - ok
17:29:56.0156 1276 [ EBE1CBD58B24F9385649F1D0304E9E3B ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:29:56.0156 1276 Alerter - ok
17:29:56.0171 1276 [ 62C1E5937E60C8E8926E34389FFCF281 ] ALG C:\WINDOWS\System32\alg.exe
17:29:56.0171 1276 ALG - ok
17:29:56.0171 1276 AliIde - ok
17:29:56.0234 1276 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
17:29:56.0234 1276 Ambfilt - ok
17:29:56.0250 1276 [ 6E58654CB25730B2579E45E1FD116A47 ] amdide C:\WINDOWS\system32\DRIVERS\amdide.sys
17:29:56.0250 1276 amdide - ok
17:29:56.0281 1276 [ EFBB0956BAED786E137351B5CA272AEF ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
17:29:56.0281 1276 AmdK8 - ok
17:29:56.0312 1276 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
17:29:56.0312 1276 AmdPPM - ok
17:29:56.0312 1276 amsint - ok
17:29:56.0328 1276 [ 25AB105529BC14EB63013A0179823724 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:29:56.0328 1276 AppMgmt - ok
17:29:56.0328 1276 asc - ok
17:29:56.0328 1276 asc3350p - ok
17:29:56.0343 1276 asc3550 - ok
17:29:56.0406 1276 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:29:56.0406 1276 aspnet_state - ok
17:29:56.0437 1276 [ 0D4681F78A20B50D691A4F3C9F75EB41 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:29:56.0437 1276 AsyncMac - ok
17:29:56.0437 1276 [ 335BB30ED68CF3DC0EE2BDDB438B6A9B ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:29:56.0437 1276 atapi - ok
17:29:56.0437 1276 Atdisk - ok
17:29:56.0500 1276 [ ECA673779ECD27D674953D692FE070F6 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
17:29:56.0500 1276 Ati HotKey Poller - ok
17:29:56.0546 1276 [ 1428C586BB318E1404575834E428ADDD ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
17:29:56.0546 1276 ATI Smart - ok
17:29:56.0640 1276 [ 15B2FE76E2ECEB98C49ED52311A6F26F ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:29:56.0656 1276 ati2mtag - ok
17:29:56.0687 1276 [ ECF89E5BD58E3A3CC2E7DB0F0D9F6C6C ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:29:56.0687 1276 Atmarpc - ok
17:29:56.0703 1276 [ 1BB95E55B5A8B0D02156D77D95AD4ED8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:29:56.0703 1276 AudioSrv - ok
17:29:56.0734 1276 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:29:56.0734 1276 audstub - ok
17:29:56.0765 1276 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:29:56.0765 1276 Beep - ok
17:29:56.0812 1276 [ 60EEA64022CE15CB3A81CE666D74913F ] BITS C:\WINDOWS\system32\qmgr.dll
17:29:56.0812 1276 BITS - ok
17:29:56.0906 1276 [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:29:56.0906 1276 Bonjour Service - ok
17:29:56.0921 1276 [ 8CD6C9AE12D3EA8930AC1C9D7A5D985E ] Browser C:\WINDOWS\System32\browser.dll
17:29:56.0921 1276 Browser - ok
17:29:56.0953 1276 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\Drivers\BrScnUsb.sys
17:29:56.0953 1276 BrScnUsb - ok
17:29:57.0078 1276 catchme - ok
17:29:57.0109 1276 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:29:57.0109 1276 cbidf2k - ok
17:29:57.0125 1276 [ 6BD9CEFA0AAC17EE93F277E5B9BEF716 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:29:57.0125 1276 CCDECODE - ok
17:29:57.0140 1276 cd20xrnt - ok
17:29:57.0156 1276 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:29:57.0156 1276 Cdaudio - ok
17:29:57.0156 1276 [ B7B2EFD695BB6E937EB3E5B5465B6F47 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:29:57.0156 1276 Cdfs - ok
17:29:57.0187 1276 [ 1F29616B1FC4D66A988CF97531BCF729 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:29:57.0187 1276 Cdrom - ok
17:29:57.0203 1276 Changer - ok
17:29:57.0203 1276 [ CA9FC4595227ECAA22CF29911A218A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:29:57.0203 1276 CiSvc - ok
17:29:57.0203 1276 [ B3D97F1D9725A949B9EB190D8A699D24 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:29:57.0203 1276 ClipSrv - ok
17:29:57.0218 1276 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:29:57.0218 1276 clr_optimization_v2.0.50727_32 - ok
17:29:57.0218 1276 CmdIde - ok
17:29:57.0234 1276 COMSysApp - ok
17:29:57.0250 1276 Cpqarray - ok
17:29:57.0281 1276 [ B81BA41FE68A70C0FC429BBEFC547739 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:29:57.0281 1276 CryptSvc - ok
17:29:57.0281 1276 dac2w2k - ok
17:29:57.0281 1276 dac960nt - ok
17:29:57.0296 1276 [ 70ABA737C26F576BD04F108E22FE8A8A ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:29:57.0312 1276 DcomLaunch - ok
17:29:57.0343 1276 [ 1CCE370E4208B753586C0A1D88DAC6B6 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:29:57.0343 1276 Dhcp - ok
17:29:57.0359 1276 [ 023712144C69E60FCB662CDA2715BF16 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:29:57.0359 1276 Disk - ok
17:29:57.0359 1276 dmadmin - ok
17:29:57.0390 1276 [ 1E5C89A65465F6D9674898EB4989CB86 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:29:57.0390 1276 dmboot - ok
17:29:57.0390 1276 [ 6CF151F832EC417FFAF68F20ED7D39FB ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:29:57.0390 1276 dmio - ok
17:29:57.0390 1276 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:29:57.0390 1276 dmload - ok
17:29:57.0437 1276 [ 8446808AA975A12F1D76B1C03A0B0F13 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:29:57.0437 1276 dmserver - ok
17:29:57.0437 1276 [ C561840C22148F5AFFB659D547EFDBB0 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:29:57.0453 1276 DMusic - ok
17:29:57.0468 1276 [ F0AB10362C34E0FDC03FB8E029D07984 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:29:57.0468 1276 Dnscache - ok
17:29:57.0484 1276 [ 2AFB6DA63E0DB5B0952E57DDD7832A0C ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:29:57.0484 1276 Dot3svc - ok
17:29:57.0484 1276 dpti2o - ok
17:29:57.0500 1276 [ C13EE685AA1A8950146F7F968EB090BD ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:29:57.0500 1276 drmkaud - ok
17:29:57.0515 1276 [ EA946F418A8B152E068991A5ED68CF32 ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:29:57.0531 1276 EapHost - ok
17:29:57.0531 1276 [ D3C4835319F9E6E589F335BCFD261AF4 ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:29:57.0531 1276 ERSvc - ok
17:29:57.0546 1276 [ 76727219614A50B2DB29BD0CDA4260D5 ] Eventlog C:\WINDOWS\system32\services.exe
17:29:57.0546 1276 Eventlog - ok
17:29:57.0546 1276 [ 56F40DEC4F1A4595BE3B092E38B07C07 ] EventSystem C:\WINDOWS\system32\es.dll
17:29:57.0546 1276 EventSystem - ok
17:29:57.0546 1276 [ F696CF49C72F50EA0C1038C2DAA98A00 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:29:57.0546 1276 Fastfat - ok
17:29:57.0578 1276 [ BB897A6E8434984742173BD13CD67CE5 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:29:57.0578 1276 FastUserSwitchingCompatibility - ok
17:29:57.0578 1276 [ 650FA0D37498F9E2B201A09DBCA0B85B ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:29:57.0578 1276 Fdc - ok
17:29:57.0593 1276 FilterService - ok
17:29:57.0593 1276 [ 74947FD2D6A9151C0BB9C72BDAF0E894 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:29:57.0593 1276 Fips - ok
17:29:57.0593 1276 [ 3B8607A2BF5AEC3DAB18CF3612C07C1D ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:29:57.0609 1276 Flpydisk - ok
17:29:57.0625 1276 [ 87EC219A7AE5553144E2086D2D7DAA8A ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:29:57.0625 1276 FltMgr - ok
17:29:57.0625 1276 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:29:57.0625 1276 Fs_Rec - ok
17:29:57.0656 1276 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:29:57.0656 1276 Ftdisk - ok
17:29:57.0656 1276 gdrv - ok
17:29:57.0671 1276 [ F2F431D1573EE632975C524418655B84 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:29:57.0671 1276 GEARAspiWDM - ok
17:29:57.0734 1276 [ 3EE179E233EE2B87047570B233D3284F ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll
17:29:57.0734 1276 getPlusHelper - ok
17:29:57.0734 1276 GMSIPCI - ok
17:29:57.0734 1276 [ 9479C26A5691CCEA495E2438EF11C948 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:29:57.0734 1276 Gpc - ok
17:29:57.0765 1276 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:29:57.0765 1276 HDAudBus - ok
17:29:57.0796 1276 [ 546BCC75CCBFEF49802C9DEF61DE981E ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:29:57.0796 1276 helpsvc - ok
17:29:57.0828 1276 [ E87896EF45AC2E75053A9AFAC343AAFC ] HidServ C:\WINDOWS\System32\hidserv.dll
17:29:57.0828 1276 HidServ - ok
17:29:57.0859 1276 [ 5F845228561E9545EDC6F9EBFA15D338 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:29:57.0859 1276 HidUsb - ok
17:29:57.0875 1276 [ 2E417CA3C2693F7355492B5EDFD0F0AE ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:29:57.0875 1276 hkmsvc - ok
17:29:57.0875 1276 hpn - ok
17:29:57.0906 1276 [ 681AFD0F5D6A12BE948181B11A7F80A6 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:29:57.0921 1276 HTTP - ok
17:29:57.0953 1276 [ 1E01E83A8B0FACE497DCA0D99624501B ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:29:57.0953 1276 HTTPFilter - ok
17:29:57.0953 1276 i2omgmt - ok
17:29:57.0953 1276 i2omp - ok
17:29:57.0953 1276 [ 30ABE7000DF369D8B1C4174429260AAD ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:29:57.0953 1276 i8042prt - ok
17:29:57.0953 1276 [ E32BF30D20B5C162775F9A3451E87B67 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:29:57.0953 1276 Imapi - ok
17:29:58.0000 1276 [ B6028C0C3102A132A7421102B6C2015E ] ImapiService C:\WINDOWS\system32\imapi.exe
17:29:58.0000 1276 ImapiService - ok
17:29:58.0000 1276 ini910u - ok
17:29:58.0140 1276 [ E8656858D8B2DA7C9CF59FB4E5CE32ED ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:29:58.0171 1276 IntcAzAudAddService - ok
17:29:58.0171 1276 IntelIde - ok
17:29:58.0203 1276 [ EF9BB587E33C2C245B5B83E882501FF6 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:29:58.0203 1276 Ip6Fw - ok
17:29:58.0234 1276 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:29:58.0234 1276 IpFilterDriver - ok
17:29:58.0250 1276 [ 30ABA7A3F81E4B76C963CD6CAA23CB49 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:29:58.0250 1276 IpInIp - ok
17:29:58.0265 1276 [ EEB5787BD1445C8DC592F40691781774 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:29:58.0265 1276 IpNat - ok
17:29:58.0265 1276 [ BFEA19DAFF955239A16A80C3CDF64FBE ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:29:58.0265 1276 IPSec - ok
17:29:58.0281 1276 [ 64E28D94089CFF1C3C77F02F99FFAC3F ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:29:58.0281 1276 IRENUM - ok
17:29:58.0281 1276 [ 81A40A1118265DFC09C036F7776EBCC0 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:29:58.0281 1276 isapnp - ok
17:29:58.0359 1276 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
17:29:58.0375 1276 JavaQuickStarterService - ok
17:29:58.0375 1276 [ 4FF969B48F320F6CE0B07247069C4C22 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:29:58.0375 1276 Kbdclass - ok
17:29:58.0406 1276 [ 0CDED60B750CB5023E901F1FE4E15556 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:29:58.0406 1276 kbdhid - ok
17:29:58.0437 1276 [ 55E8D7039254728E9F071118184FF53B ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:29:58.0437 1276 kmixer - ok
17:29:58.0437 1276 [ 23EA4C1A4CA28FD766ED2D3A5BEAEE3F ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:29:58.0437 1276 KSecDD - ok
17:29:58.0468 1276 [ D0546E97612635358B6428008A9C5A6E ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:29:58.0484 1276 lanmanserver - ok
17:29:58.0484 1276 [ 7FC4C7D670CA8B61F500F4A09E5A2EB1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:29:58.0484 1276 lanmanworkstation - ok
17:29:58.0484 1276 lbrtfdc - ok
17:29:58.0546 1276 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:29:58.0546 1276 LightScribeService - ok
17:29:58.0625 1276 [ 89BFFB6A09652DA7D019A387354D0D19 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
17:29:58.0625 1276 LiveUpdate - ok
17:29:58.0640 1276 [ 8173854F8474C3DDAE5562113E99D14E ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:29:58.0640 1276 LmHosts - ok
17:29:58.0640 1276 Lvckap - ok
17:29:58.0671 1276 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
17:29:58.0671 1276 MBAMProtector - ok
17:29:58.0734 1276 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:29:58.0734 1276 MBAMScheduler - ok
17:29:58.0765 1276 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:29:58.0765 1276 MBAMService - ok
17:29:58.0781 1276 [ CDA1A5CAC8C9D090079B93B8A1EC3F2C ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:29:58.0781 1276 Messenger - ok
17:29:58.0843 1276 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:29:58.0843 1276 Microsoft Office Groove Audit Service - ok
17:29:58.0843 1276 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:29:58.0843 1276 mnmdd - ok
17:29:58.0875 1276 [ 9DA90C3AEA0D4467C2193A5FA7F2B111 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:29:58.0875 1276 mnmsrvc - ok
17:29:58.0890 1276 [ ADD0BB36498E4DA9B1B6A3E201B60A18 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:29:58.0890 1276 Modem - ok
17:29:58.0937 1276 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
17:29:58.0953 1276 Monfilt - ok
17:29:58.0953 1276 [ E70558B84CB0CB9C739CC48EAD2A4323 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:29:58.0953 1276 Mouclass - ok
17:29:58.0984 1276 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:29:58.0984 1276 mouhid - ok
17:29:59.0000 1276 [ 07BE8CAFD246A7DFB7FD4A387E936E92 ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:29:59.0000 1276 MountMgr - ok
17:29:59.0046 1276 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:29:59.0046 1276 MozillaMaintenance - ok
17:29:59.0046 1276 mraid35x - ok
17:29:59.0046 1276 [ AC816EFF53BCA79369F0B8643165368C ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:29:59.0046 1276 MRxDAV - ok
17:29:59.0078 1276 [ 73484C0377FEFA76A4DDD48112EC93A3 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:29:59.0078 1276 MRxSmb - ok
17:29:59.0078 1276 [ 508CCBA132DE09156DAABD5DF141923E ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:29:59.0078 1276 MSDTC - ok
17:29:59.0078 1276 [ 4D563545581E72C477AB00741B119853 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:29:59.0078 1276 Msfs - ok
17:29:59.0093 1276 MSIServer - ok
17:29:59.0093 1276 [ B16206732E541C04C1860D84447EF5BF ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:29:59.0093 1276 MSKSSRV - ok
17:29:59.0109 1276 [ BD33CFA58C156CBD5419A87C3A4CD0B2 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:29:59.0109 1276 MSPCLOCK - ok
17:29:59.0109 1276 [ A7EC2F88FAE0F03252A60950660CC3E1 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:29:59.0109 1276 MSPQM - ok
17:29:59.0125 1276 [ F41814FD8811B2BA2A43A79AA8CCE82A ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:29:59.0125 1276 mssmbios - ok
17:29:59.0140 1276 [ 330D6D5DD6A02B8DE42E3E80646B0BF5 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
17:29:59.0140 1276 MSTEE - ok
17:29:59.0156 1276 [ 2BB00D68CC9FBDA1EE3D9BAB9E4FD620 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:29:59.0156 1276 Mup - ok
17:29:59.0171 1276 [ DA2FC70D610C065325612735E7356756 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:29:59.0171 1276 NABTSFEC - ok
17:29:59.0203 1276 [ 1CEC9008BC720274F6BCDD800D934642 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:29:59.0203 1276 napagent - ok
17:29:59.0218 1276 [ D1B364F049EB84A883C8A45D3B92FF3B ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:29:59.0218 1276 NDIS - ok
17:29:59.0250 1276 [ D4C3610766DA2367E0D219969A1BCAEE ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:29:59.0250 1276 NdisIP - ok
17:29:59.0265 1276 [ 7D0D0F2BF199C2DF0A9D1B01406168AC ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:29:59.0265 1276 NdisTapi - ok
17:29:59.0265 1276 [ E8969046DC350ECD1E9209DFE341C170 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:29:59.0265 1276 Ndisuio - ok
17:29:59.0281 1276 [ 266FDED9836490FF227AD13E677BA4FB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:29:59.0281 1276 NdisWan - ok
17:29:59.0281 1276 [ 5AA58D218431C79E36A4878F18414637 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:29:59.0281 1276 NDProxy - ok
17:29:59.0281 1276 [ C70B403D8158E11BF0D43D5B153CBE6B ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:29:59.0281 1276 NetBIOS - ok
17:29:59.0296 1276 [ C181E1F7A2A251B7AF6352DCBD8457F3 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:29:59.0296 1276 NetBT - ok
17:29:59.0328 1276 [ B7FBB08BB1328BB977DDCC533C9F2938 ] NetDDE C:\WINDOWS\system32\netdde.exe
17:29:59.0328 1276 NetDDE - ok
17:29:59.0328 1276 [ B7FBB08BB1328BB977DDCC533C9F2938 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:29:59.0328 1276 NetDDEdsdm - ok
17:29:59.0343 1276 [ 4DD0637AE896EB8E00DF331D1CCCFC5C ] Netlogon C:\WINDOWS\system32\lsass.exe
17:29:59.0343 1276 Netlogon - ok
17:29:59.0390 1276 [ 926F0847887C38D0C6F8C1AEF4E45E98 ] Netman C:\WINDOWS\System32\netman.dll
17:29:59.0390 1276 Netman - ok
17:29:59.0406 1276 [ B826B6672072189E002A27C72C1BDCAC ] Nla C:\WINDOWS\System32\mswsock.dll
17:29:59.0406 1276 Nla - ok
17:29:59.0437 1276 [ B1EF4686961986DFFB7FE8F18E6FCB5B ] nlsX86cc C:\WINDOWS\system32\nlssrv32.exe
17:29:59.0437 1276 nlsX86cc - ok
17:29:59.0437 1276 NMIndexingService - ok
17:29:59.0437 1276 [ 20C123AFC574ABF76BA35D39C26AE6DF ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:29:59.0437 1276 Npfs - ok
17:29:59.0453 1276 [ 34A993D7E519364F5D548B5726917753 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:29:59.0468 1276 Ntfs - ok
17:29:59.0468 1276 [ 4DD0637AE896EB8E00DF331D1CCCFC5C ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:29:59.0468 1276 NtLmSsp - ok
17:29:59.0500 1276 [ 4E1F925E4CBFFC853A96C2D88D0A88E3 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:29:59.0500 1276 NtmsSvc - ok
17:29:59.0515 1276 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:29:59.0515 1276 Null - ok
17:29:59.0828 1276 [ 7B5A17BD54BB9142843DBE99A1CAAED8 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:29:59.0890 1276 nv - ok
17:29:59.0906 1276 [ FB61DB41ABB47FF893A35DCA09628D12 ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys
17:29:59.0906 1276 NVHDA - ok
17:29:59.0937 1276 [ 5150B108EA88831E1C599603D8B89621 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
17:29:59.0953 1276 nvsvc - ok
17:30:00.0031 1276 [ 83E8AB7BB3C8956C53FEC071C94F0BBB ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:30:00.0031 1276 nvUpdatusService - ok
17:30:00.0062 1276 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:30:00.0062 1276 NwlnkFlt - ok
17:30:00.0062 1276 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:30:00.0062 1276 NwlnkFwd - ok
17:30:00.0156 1276 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:30:00.0156 1276 odserv - ok
17:30:00.0203 1276 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:30:00.0218 1276 ose - ok
17:30:00.0234 1276 [ 10572A94D8978619CE4845FE8595C9A5 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:30:00.0234 1276 Parport - ok
17:30:00.0234 1276 [ 67075DA61516ADEDD710A9DA6C6C8ACB ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:30:00.0234 1276 PartMgr - ok
17:30:00.0281 1276 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:30:00.0281 1276 ParVdm - ok
17:30:00.0281 1276 [ F3CEBED46DC3A7F1758745C1D1FA5FCF ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:30:00.0281 1276 PCI - ok
17:30:00.0281 1276 PCIDump - ok
17:30:00.0281 1276 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:30:00.0281 1276 PCIIde - ok
17:30:00.0328 1276 [ 1EC157CB90D06455D67C007ADA4973AC ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:30:00.0328 1276 Pcmcia - ok
17:30:00.0328 1276 PDCOMP - ok
17:30:00.0328 1276 PDFRAME - ok
17:30:00.0328 1276 PDRELI - ok
17:30:00.0328 1276 PDRFRAME - ok
17:30:00.0343 1276 perc2 - ok
17:30:00.0343 1276 perc2hib - ok
17:30:00.0375 1276 [ 76727219614A50B2DB29BD0CDA4260D5 ] PlugPlay C:\WINDOWS\system32\services.exe
17:30:00.0375 1276 PlugPlay - ok
17:30:00.0406 1276 [ 205E1B699FD3F2F9B036EEA2EC30C620 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
17:30:00.0406 1276 PnkBstrA - ok
17:30:00.0421 1276 [ 4DD0637AE896EB8E00DF331D1CCCFC5C ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:30:00.0421 1276 PolicyAgent - ok
17:30:00.0437 1276 [ 87D6A848DC367056778168D40A6F1A70 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:30:00.0437 1276 PptpMiniport - ok
17:30:00.0437 1276 [ 7169253EFD25E3213C432F59350F16A8 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
17:30:00.0437 1276 Processor - ok
17:30:00.0437 1276 [ 4DD0637AE896EB8E00DF331D1CCCFC5C ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:30:00.0437 1276 ProtectedStorage - ok
17:30:00.0437 1276 [ 8DC29E493CCE832784A60BF7C120F132 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:30:00.0453 1276 PSched - ok
17:30:00.0453 1276 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:30:00.0453 1276 Ptilink - ok
17:30:00.0468 1276 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:30:00.0468 1276 PxHelp20 - ok
17:30:00.0468 1276 ql1080 - ok
17:30:00.0468 1276 Ql10wnt - ok
17:30:00.0468 1276 ql12160 - ok
17:30:00.0468 1276 ql1240 - ok
17:30:00.0468 1276 ql1280 - ok
17:30:00.0500 1276 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:30:00.0515 1276 RasAcd - ok
17:30:00.0531 1276 [ F251AA303981CDB9C0DB1D3B4E10AADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:30:00.0546 1276 RasAuto - ok
17:30:00.0562 1276 [ DBC6AEDA3111EDAF60948FC063565006 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:30:00.0562 1276 Rasl2tp - ok
17:30:00.0578 1276 [ 5790FB0CA1E1478172AA00FA365B9AB3 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:30:00.0578 1276 RasMan - ok
17:30:00.0640 1276 [ 96467FC3E135F0B174B8978BD8CE69F9 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:30:00.0640 1276 RasPppoe - ok
17:30:00.0640 1276 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:30:00.0640 1276 Raspti - ok
17:30:00.0656 1276 [ 1116A775BFA71F2C13F3D420DA455FF2 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:30:00.0671 1276 Rdbss - ok
17:30:00.0781 1276 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:30:00.0781 1276 RDPCDD - ok
17:30:00.0843 1276 [ 9B7B9221177C83C7CBFD20B4B67F23DC ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:30:00.0843 1276 rdpdr - ok
17:30:00.0890 1276 [ 0CD1BDA7F6848E4DE4EED3D36874FFB5 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:30:00.0890 1276 RDPWD - ok
17:30:00.0937 1276 [ A06AC4784C970B14631997181E6DADC2 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:30:00.0937 1276 RDSessMgr - ok
17:30:00.0937 1276 [ 11540F52CBC8A4C97467579BBF7FFAE2 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:30:00.0937 1276 redbook - ok
17:30:00.0984 1276 [ 07CEB5F794F9D58DE068E4B50280E993 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:30:00.0984 1276 RemoteAccess - ok
17:30:01.0125 1276 [ 13DA5B9187E209B26D8758B398DFC89A ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:30:01.0125 1276 RemoteRegistry - ok
17:30:01.0171 1276 [ AB1E7F4BF9E0AA25281C8B3EF049257D ] RpcLocator C:\WINDOWS\system32\locator.exe
17:30:01.0171 1276 RpcLocator - ok
17:30:01.0218 1276 [ 70ABA737C26F576BD04F108E22FE8A8A ] RpcSs C:\WINDOWS\System32\rpcss.dll
17:30:01.0218 1276 RpcSs - ok
17:30:01.0281 1276 [ 0E11B35E972796042044BC27CE13B065 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
17:30:01.0281 1276 rspndr - ok
17:30:01.0328 1276 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:30:01.0328 1276 RSVP - ok
17:30:01.0515 1276 [ EE5AD71A1F576D4D58D8D014560EB856 ] rt2870 C:\WINDOWS\system32\DRIVERS\rt2870.sys
17:30:01.0515 1276 rt2870 - ok
17:30:01.0562 1276 [ 53AFD9EFC645C5457A3D8DDD7A441340 ] rtl8185 C:\WINDOWS\system32\DRIVERS\rtl8185.sys
17:30:01.0562 1276 rtl8185 - ok
17:30:01.0609 1276 [ 79B4FE884C18DD82D5449F6B6026D092 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
17:30:01.0609 1276 RTLE8023xp - ok
17:30:01.0609 1276 [ 4DD0637AE896EB8E00DF331D1CCCFC5C ] SamSs C:\WINDOWS\system32\lsass.exe
17:30:01.0609 1276 SamSs - ok
17:30:01.0609 1276 [ B63D9939AB3247FB668C1115AC5B3A25 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:30:01.0609 1276 SCardSvr - ok
17:30:01.0625 1276 [ D79E3CD9BCD39BB2D611F0401418D714 ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:30:01.0640 1276 Schedule - ok
17:30:01.0640 1276 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:30:01.0640 1276 Secdrv - ok
17:30:01.0640 1276 [ 47B0B17D193B9317F2F47AD8EB884098 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:30:01.0656 1276 seclogon - ok
17:30:01.0656 1276 [ F67206DFD3610FECB83AA65E77431192 ] SENS C:\WINDOWS\system32\sens.dll
17:30:01.0656 1276 SENS - ok
17:30:01.0656 1276 [ DE23787927CB72533D4869855E955329 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:30:01.0656 1276 serenum - ok
17:30:01.0671 1276 [ 471168D4B9ADFD1F9E692F8779455188 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:30:01.0671 1276 Serial - ok
17:30:01.0671 1276 [ DC495A349DFD94FBFE4CF0689ED647B2 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:30:01.0671 1276 Sfloppy - ok
17:30:01.0687 1276 [ DA9222DF50B74641658BE5B23B649016 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:30:01.0687 1276 SharedAccess - ok
17:30:01.0703 1276 [ BB897A6E8434984742173BD13CD67CE5 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:30:01.0703 1276 ShellHWDetection - ok
17:30:01.0703 1276 Simbad - ok
17:30:01.0734 1276 [ 70B574953C6062F28C3DCF2394C7DDDE ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:30:01.0734 1276 SLIP - ok
17:30:01.0734 1276 Sparrow - ok
17:30:01.0750 1276 [ E477A633EA2D387788879A30666E5998 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:30:01.0750 1276 splitter - ok
17:30:01.0765 1276 [ 0DD64932B9A6394B53222B7FD294D12A ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:30:01.0765 1276 Spooler - ok
17:30:01.0781 1276 [ 1C63FE706AB797BC3C24813FF969B4DE ] Spyder3 C:\WINDOWS\system32\DRIVERS\Spyder3.sys
17:30:01.0781 1276 Spyder3 - ok
17:30:01.0796 1276 [ 8EC0EC1508D5C0DC9F0A46B264B41BFF ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:30:01.0796 1276 sr - ok
17:30:01.0812 1276 [ 70BF530F3B28242FD6B2E558219316EB ] srservice C:\WINDOWS\system32\srsvc.dll
17:30:01.0812 1276 srservice - ok
17:30:01.0812 1276 [ 388A576B405FD4C8A4886AA872E8E0F1 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:30:01.0812 1276 Srv - ok
17:30:01.0828 1276 [ AC1BC4FC0F1D0AA39DD487A277F90BC8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:30:01.0828 1276 SSDPSRV - ok
17:30:01.0843 1276 [ 12B5747B7B6B951075EE277400828E89 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:30:01.0843 1276 stisvc - ok
17:30:01.0859 1276 [ FC2870338F6A08A562D6BEF72E66F478 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:30:01.0859 1276 streamip - ok
17:30:01.0875 1276 [ A5491F57E70167A10ED40E19D36EDD13 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:30:01.0875 1276 swenum - ok
17:30:02.0000 1276 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:30:02.0000 1276 SwitchBoard - ok
17:30:02.0000 1276 [ 5F8AB2829C52609E03560725EAF167F9 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:30:02.0000 1276 swmidi - ok
17:30:02.0000 1276 SwPrv - ok
17:30:02.0015 1276 symc810 - ok
17:30:02.0015 1276 symc8xx - ok
17:30:02.0015 1276 sym_hi - ok
17:30:02.0015 1276 sym_u3 - ok
17:30:02.0046 1276 [ FEAEE2DF25F435C153756707321BBF46 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:30:02.0046 1276 sysaudio - ok
17:30:02.0125 1276 [ 0213F33C12AD17FCD77AF5F1E854C92C ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:30:02.0125 1276 SysmonLog - ok
17:30:02.0171 1276 [ FF86C8AF96C3FFEEF236C9433401FEC3 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:30:02.0187 1276 TapiSrv - ok
17:30:02.0203 1276 [ 19EBDA988DA80F133DC9E28A50F606E8 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:30:02.0203 1276 Tcpip - ok
17:30:02.0218 1276 [ 76AFDFEA26D4CB16E81FA32A22C34376 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:30:02.0218 1276 TDPIPE - ok
17:30:02.0234 1276 [ 2FC82251C9E895AA48624EBE05E5774E ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:30:02.0234 1276 TDTCP - ok
17:30:02.0250 1276 [ 4E55B6F75AD92F13D6ABBF8D767CBCEC ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:30:02.0250 1276 TermDD - ok
17:30:02.0265 1276 [ 03178DA1A2B7C9B918E5062B2080D732 ] TermService C:\WINDOWS\System32\termsrv.dll
17:30:02.0265 1276 TermService - ok
17:30:02.0265 1276 [ BB897A6E8434984742173BD13CD67CE5 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:30:02.0265 1276 Themes - ok
17:30:02.0296 1276 [ 4C678B7DC9B005A1B12FEDCB3A44E35F ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:30:02.0296 1276 TlntSvr - ok
17:30:02.0296 1276 TosIde - ok
17:30:02.0296 1276 [ 65206F5582D60DB2234A4900F280BDB0 ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:30:02.0296 1276 TrkWks - ok
17:30:02.0328 1276 [ 90374E55F93F2883377902CB9CBFC6DB ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:30:02.0328 1276 Udfs - ok
17:30:02.0328 1276 ultra - ok
17:30:02.0343 1276 [ 9651E5D850B6F6BD7C77C70AA06F02BF ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
17:30:02.0343 1276 UMWdf - ok
17:30:02.0375 1276 [ 415C2A770F4B6932308F9DE7B19B3139 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:30:02.0375 1276 Update - ok
17:30:02.0390 1276 [ 0EE265DBFD98DB023716C50CFE1521F0 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:30:02.0390 1276 upnphost - ok
17:30:02.0406 1276 [ 547DB36696544C3401563AA3772D6376 ] UPS C:\WINDOWS\System32\ups.exe
17:30:02.0406 1276 UPS - ok
17:30:02.0421 1276 USBAAPL - ok
17:30:02.0437 1276 [ B24CFF43DEB7AC8F2AC0F2FB8A4CE16D ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
17:30:02.0437 1276 usbaudio - ok
17:30:02.0453 1276 [ 9A0A8BE756BD7A9BAD4A3D0E9FA7BD79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:30:02.0453 1276 usbccgp - ok
17:30:02.0468 1276 [ D37FEE874B49D951F68E788D40D8C196 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:30:02.0468 1276 usbehci - ok
17:30:02.0484 1276 [ 8167383FE00199108F63269C2B8A99E1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:30:02.0484 1276 usbhub - ok
17:30:02.0484 1276 [ 2E79C58FF52DDA6D066047FC7723625C ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:30:02.0484 1276 usbohci - ok
17:30:02.0515 1276 [ 14CAA438F4EBD12DBD43DB0273BC0FDC ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:30:02.0515 1276 usbprint - ok
17:30:02.0546 1276 [ 5BE9C3F196C607AAA072ED660F9C0423 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:30:02.0562 1276 usbscan - ok
17:30:02.0562 1276 [ E3EEF7AE5105A9F99B1807031EDB4171 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:30:02.0562 1276 USBSTOR - ok
17:30:02.0578 1276 [ CC1F0DD100F577E9B029547FEE285813 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:30:02.0578 1276 VgaSave - ok
17:30:02.0578 1276 ViaIde - ok
17:30:02.0609 1276 [ 5F974FDE801C73952770736BECDE11E7 ] Viewpoint Manager Service C:\Program Files\Viewpoint\Common\ViewpointService.exe
17:30:02.0609 1276 Viewpoint Manager Service - ok
17:30:02.0640 1276 [ 2ABF037F9D447424B58D73706B55B762 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:30:02.0640 1276 VolSnap - ok
17:30:02.0640 1276 [ 8901DA47BC3B7AA2EFE49A6FC265B0F8 ] VSS C:\WINDOWS\System32\vssvc.exe
17:30:02.0640 1276 VSS - ok
17:30:02.0656 1276 [ 64D724F8DD696AE17DC545D9A22C06DC ] W32Time C:\WINDOWS\system32\w32time.dll
17:30:02.0656 1276 W32Time - ok
17:30:02.0671 1276 [ 8794191476E6B93161BAAA136E309454 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:30:02.0671 1276 Wanarp - ok
17:30:02.0703 1276 [ 060E8CB99CC0A6751DB5810C042B0D45 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:30:02.0703 1276 Wdf01000 - ok
17:30:02.0703 1276 WDICA - ok
17:30:02.0718 1276 [ CF66393A0B2E361503BF381AC013B34A ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:30:02.0718 1276 wdmaud - ok
17:30:02.0734 1276 [ 2695100EF6D97E11443EBCED0057F3F1 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:30:02.0734 1276 WebClient - ok
17:30:02.0781 1276 [ C509666623D32AC4CDA3199CE4EB1925 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:30:02.0796 1276 winmgmt - ok
17:30:02.0875 1276 [ CD99C9FEAE87C1963273F6B150251E33 ] WMConnectCDS C:\Program Files\Windows Media Connect 2\wmccds.exe
17:30:02.0875 1276 WMConnectCDS - ok
17:30:02.0906 1276 [ B9715B9C18BC6C8F4B66733D208CC9F7 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
17:30:02.0906 1276 WmdmPmSN - ok
17:30:02.0937 1276 [ B024B2E27C45FCC267B12AFA9DD04822 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:30:02.0937 1276 Wmi - ok
17:30:02.0937 1276 [ 34CD451F120F5E8D8F430184F4E50E7A ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:30:02.0937 1276 WmiApSrv - ok
17:30:02.0968 1276 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:30:02.0968 1276 WS2IFSL - ok
17:30:03.0000 1276 [ E750CD80918C221F7249802A3048A287 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:30:03.0000 1276 wscsvc - ok
17:30:03.0031 1276 [ 330029931EB8E3384CBC4C10880D5B14 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:30:03.0031 1276 WSTCODEC - ok
17:30:03.0062 1276 [ B72508649DAD03BCB5D708EDB1E3E57E ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:30:03.0062 1276 wuauserv - ok
17:30:03.0093 1276 [ A2FC878AB3DAEA806C1E5D1F83EF6E57 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:30:03.0109 1276 WZCSVC - ok
17:30:03.0125 1276 [ 5031DA760DB4864FAE386DDFC1428607 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:30:03.0140 1276 xmlprov - ok
17:30:03.0140 1276 ysbifayk - ok
17:30:03.0156 1276 ================ Scan global ===============================
17:30:03.0187 1276 [ E2C65A667921DDC7B81815836C1DB25D ] C:\WINDOWS\system32\basesrv.dll
17:30:03.0187 1276 [ DEA079254CAAB877ED3FD4A5BE80DE98 ] C:\WINDOWS\system32\winsrv.dll
17:30:03.0203 1276 [ DEA079254CAAB877ED3FD4A5BE80DE98 ] C:\WINDOWS\system32\winsrv.dll
17:30:03.0218 1276 [ 76727219614A50B2DB29BD0CDA4260D5 ] C:\WINDOWS\system32\services.exe
17:30:03.0218 1276 [Global] - ok
17:30:03.0218 1276 ================ Scan MBR ==================================
17:30:03.0234 1276 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:30:03.0468 1276 \Device\Harddisk0\DR0 - ok
17:30:03.0484 1276 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
17:30:03.0718 1276 \Device\Harddisk1\DR1 - ok
17:30:03.0718 1276 ================ Scan VBR ==================================
17:30:03.0718 1276 [ 3EE4CD76B3BA8F50D832355AF75B5BA0 ] \Device\Harddisk0\DR0\Partition1
17:30:03.0718 1276 \Device\Harddisk0\DR0\Partition1 - ok
17:30:03.0718 1276 [ D39574C81217B5983A0617DBF886F3E8 ] \Device\Harddisk1\DR1\Partition1
17:30:03.0718 1276 \Device\Harddisk1\DR1\Partition1 - ok
17:30:03.0718 1276 ============================================================
17:30:03.0718 1276 Scan finished
17:30:03.0718 1276 ============================================================
17:30:03.0718 3920 Detected object count: 0
17:30:03.0718 3920 Actual detected object count: 0

 

[CMeyers3]

RogueKiller Report:
RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3, v.3264) 32 bits version
Started in : Normal mode
User : Erik [Admin rights]
Mode : Scan -- Date : 09/16/2012 17:33:54

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[PROXY FF] 6oumi61i.default\ : -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-00A7B0 +++++
--- User ---
[MBR] ed827af89b6db9e75dc214812528fa11
[BSP] b4ade3e97d8f12170d42da70dd752e8a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD2500JB-55GVC0 +++++
--- User ---
[MBR] 4c35cb575d0687d04dca19f2cf766652
[BSP] ee0e8d64be7340db7e553bc5369771b2 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

 

[CMeyers3]

aswMBR:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-16 17:35:09
-----------------------------
17:35:09.546 OS Version: Windows 5.1.2600 Service Pack 3, v.3264
17:35:09.546 Number of processors: 4 586 0x403
17:35:09.546 ComputerName: ERIKS-DESKTOP UserName: Erik
17:35:11.000 Initialize success
17:36:25.328 AVAST engine defs: 12091400
17:37:38.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:37:38.640 Disk 0 Vendor: WDC_WD5000AAKS-00A7B0 01.03B01 Size: 476940MB BusType: 3
17:37:38.640 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-1b
17:37:38.640 Disk 1 Vendor: WDC_WD2500JB-55GVC0 08.02D08 Size: 238475MB BusType: 3
17:37:38.765 Disk 0 MBR read successfully
17:37:38.765 Disk 0 MBR scan
17:37:38.796 Disk 0 Windows XP default MBR code
17:37:38.828 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
17:37:38.859 Disk 0 scanning sectors +976752000
17:37:38.984 Disk 0 scanning C:\WINDOWS\system32\drivers
17:38:10.468 Service scanning
17:38:13.859 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
17:38:22.390 Modules scanning
17:39:04.093 Disk 0 trace - called modules:
17:39:04.125
17:39:05.203 AVAST engine scan C:\WINDOWS
17:40:44.531 AVAST engine scan C:\WINDOWS\system32
17:40:55.984 File: C:\WINDOWS\system32\ATIDEMGX32.dll **INFECTED** Win32:MalOb-IJ [Cryp]
17:50:15.968 AVAST engine scan C:\WINDOWS\system32\drivers
17:52:34.328 AVAST engine scan C:\Documents and Settings\Erik
17:52:37.750 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Erik\Desktop\MBR.dat"
17:52:37.750 The log file has been saved successfully to "C:\Documents and Settings\Erik\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-16 18:15:13
-----------------------------
18:15:13.796 OS Version: Windows 5.1.2600 Service Pack 3, v.3264
18:15:13.796 Number of processors: 4 586 0x403
18:15:13.796 ComputerName: ERIKS-DESKTOP UserName: Erik
18:15:15.250 Initialze error C000010E - driver not loaded
18:15:15.281 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
18:22:20.578 AVAST engine defs: 12091400
18:22:35.078 Service scanning
18:22:38.375 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
18:22:46.953 Modules scanning
18:22:46.953 Disk 0 trace - called modules:
18:22:46.953
18:22:48.156 AVAST engine scan C:\WINDOWS
18:22:52.750 AVAST engine scan C:\WINDOWS\system32
18:22:55.500 File: C:\WINDOWS\system32\ATIDEMGX32.dll **INFECTED** Win32:MalOb-IJ [Cryp]
18:24:10.218 AVAST engine scan C:\WINDOWS\system32\drivers
18:24:18.140 AVAST engine scan C:\Documents and Settings\Erik
18:35:31.875 AVAST engine scan C:\Documents and Settings\All Users
18:36:48.234 Scan finished successfully
19:04:45.656 The log file has been saved successfully to "C:\Documents and Settings\Erik\Desktop\aswMBR.txt"

 

[Broni]

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- C:\WINDOWS\system32\ATIDEMGX32.dll
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

 

[CMeyers3]

Whatever is on my system won't allow me to utilize the file upload process on virustotal.

It opens up the file selection but then hangs when I attempt to navigate to the file.

Any other options?

 

[CMeyers3]

Disregard my previous post. I was able to navigate to the folder and create a shortcut on the desktop. Seems to prevent access to your drives when launching "My Computer".

Results
SHA256: 8028de8c4cbeb73f1a5d5fd1326adb5bf6a49b5c3ebbaa0b16f895e52946a0b1
SHA1: fdf441ca528b87040cf6bef4d9cb1d79f71fcbc4
MD5: cee5fb7e2a4d894672413d85b226caec
File size: 321.0 KB ( 328704 bytes )
File name: ATIDEMGX32.dll
File type: Win32 DLL
Detection ratio: 23 / 42
Analysis date: 2012-09-17 00:45:40 UTC ( 0 minutes ago )
[RIGHT]

[/RIGHT]
[RIGHT]0[/RIGHT]

[RIGHT]0[/RIGHT]


More details
AntivirusResultUpdate
AhnLab-V3 Trojan/Win32.BHO 20120916
AntiVir TR/Dldr.Tracur.Q.379 20120916
Antiy-AVL - 20120911
Avast Win32:MalOb-IJ [Cryp] 20120917
AVG Generic25.APVB 20120916
BitDefender Gen:Variant.Kazy.34224 20120917
ByteHero - 20120907
CAT-QuickHeal TrojanDownloader.Tracur.q 20120916
ClamAV - 20120917
Commtouch - 20120916
Comodo UnclassifiedMalware 20120916
DrWeb - 20120917
Emsisoft Trojan-Downloader.Win32.Tracur!IK 20120917
eSafe - 20120914
ESET-NOD32 a variant of Win32/Kryptik.RSL 20120916
F-Prot - 20120916
F-Secure Gen:Variant.Kazy.34224 20120916
Fortinet W32/Tracur.IK!tr 20120830
GData Gen:Variant.Kazy.34224 20120917
Ikarus Trojan-Downloader.Win32.Tracur 20120917
Jiangmin - 20120916
K7AntiVirus - 20120915
Kaspersky - 20120917
McAfee Generic Downloader.x!gbd 20120917
McAfee-GW-Edition Generic Downloader.x!gbd 20120916
Microsoft Trojan:Win32/Tracur.Q 20120917
Norman W32/Suspicious_Gen2.SHOIV 20120916
nProtect - 20120916
Panda - 20120916
PCTools 544 20120917
Rising - 20120914
Sophos Mal/Tracur-C 20120916
SUPERAntiSpyware Trojan.Agent/Gen 20120911
Symantec - 20120916
TheHacker - 20120915
TotalDefense - 20120916
TrendMicro TROJ_TRACUR.IK 20120917
TrendMicro-HouseCall TROJ_TRACUR.IK 20120917
VBA32 - 20120914
VIPRE Trojan.Win32.Generic!BT 20120917
ViRobot - 20120916
VirusBuster - 20120916

Additional Information:
ssdeep

6144:vlCSDtZ8cJdAQ46aEhq3Q7Tkd+V4cI9/qF+bvuTHULHgphY:vTD/8cHAQ4Ecg7Tl2/IyqULAY
TrID

Win32 Executable MS Visual C++ (generic) (65.1%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ExifTool

UninitializedDataSize....: 225280
InitializedDataSize......: 340992
ImageVersion.............: 1.0
ProductName..............: BulletStorm
FileVersionNumber........: 1.0.0.0
LanguageCode.............: English (U.S.)
FileFlagsMask............: 0x003f
FileDescription..........: BulletStorm
CharacterSet.............: Unicode
LinkerVersion............: 2.38
FileOS...................: Windows NT 32-bit
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 1.0.0.0
TimeStamp................: 2007:06:12 10:33:04-07:00
FileType.................: Win32 DLL
PEType...................: PE32
InternalName.............: GDF_Info
ProductVersion...........: 1.0.0.0
SubsystemVersion.........: 4.0
OSVersion................: 4.0
OriginalFilename.........: GDF_Info.dll
LegalCopyright...........: 2010, Epic Games, Inc.
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: People Can Fly
CodeSize.................: 40960
FileSubtype..............: 0
ProductVersionNumber.....: 1.0.0.0
EntryPoint...............: 0x839c
ObjectFileType...........: Executable application
Sigcheck

publisher................: People Can Fly
product..................: BulletStorm
internal name............: GDF_Info
copyright................: (c) 2010, Epic Games, Inc.
original name............: GDF_Info.dll
file version.............: 1.0.0.0
description..............: BulletStorm
Portable Executable structural information

Compilation timedatestamp.....: 2007-06-12 17:33:04
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x0000839C

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 40960 37888 6.52 d8dfd502a39c3d92d67338d1b60da9c9
.data 45056 204800 204288 7.46 13e0796bdcfca3706d6475b4a09d1b8b
.rdata 249856 81920 81408 7.49 dbdeeb3a9a90342b86a2fc38af5ce9fd
.bss 331776 225280 0 0.00 d41d8cd98f00b204e9800998ecf8427e
.edata 557056 4096 512 4.81 fc7657111bd3f23feb5503f56c8e0790
.idata 561152 4096 1536 4.71 35a0fe77a2e916a63a8d109290e08bef
.rsrc 565248 4096 1024 2.68 fc4b632277f94ad61a9dc7e778b11653
.reloc 569344 993 1024 5.63 8129b5dea23f1cec9d1401ee3160592a

PE Imports....................:

[[KERNEL32.dll]]
MapViewOfFile, GetModuleHandleA, VirtualFree, ExitProcess, CloseHandle, IsBadStringPtrA, lstrcpynA, GetProcAddress, VirtualAlloc, LoadLibraryA

[[MSVCRT.dll]]
strpbrk, __p__commode, exit, vswprintf

[[ADVAPI32.dll]]
AbortSystemShutdownA, ReportEventA, OpenTraceW, LookupAccountSidW, ElfClearEventLogFileA

[[ole32.dll]]
CoFileTimeNow, IsValidInterface, IsEqualGUID, CoGetMalloc, CreateAntiMoniker

[[USER32.dll]]
MapWindowPoints, VkKeyScanExW, IsCharUpperA, UpdateWindow, IsDialogMessageW, OpenIcon, EnumDesktopsW, WinHelpW, SendMessageA, UnregisterHotKey, GetClassInfoW, GetClassInfoExA, RegisterDeviceNotificationW, CloseClipboard, GetClipboardData, GetAltTabInfoW

[[COMCTL32.dll]]
PropertySheetA, FlatSB_SetScrollRange


PE Exports....................:

BJrpbmyXfrluqwenelyq, FkdwqlzcezsabxSmt, GSelnvkfbohGhJkMuy, bsnhuzqpeoyu, foqUquUebkakjblOg, fwQeEciAGEnlvdrjZQgl, hvCoXfraolgjwlvhf, lTdsdvjjtaiahL, sdsbamvwlayXDhlRBfwj, sxoiBzdqqhyXaKhwLri, vnlmghjvvQfpy, vuqdCpvxwzjs, zchzztoKnaiDfepu, zjbvyktbIlQc

PE Resources..................:

Resource type Number of resources
RT_VERSION 1

Resource language Number of resources
RUSSIAN 1
Symantec Reputation

Suspicious.Insight
ClamAV PUA Engine

Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/support/faq/pua.
First seen by VirusTotal

2011-08-16 02:59:35 UTC ( 1 year, 1 month ago )
Last seen by VirusTotal

2012-09-17 00:45:40 UTC ( 3 minutes ago )
File names (max. 25)

1. ATIDEMGX32.dll
2. GDF_Info
3. AudioSes32.dll
4. atrace32.dll
5. 14803322007362CE04070524D9FD66001AB4CD01.dll
6. GDF_Info.dll

 

[Broni]

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

=================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[CMeyers3]

ComboFix:

ComboFix 12-09-15.02 - Erik 09/16/2012 21:01:55.12.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2358 [GMT -5:00]
Running from: c:\documents and settings\Erik\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{a9767307-fb00-40e4-833f-6b21eeed2171}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{a9767307-fb00-40e4-833f-6b21eeed2171}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{a9767307-fb00-40e4-833f-6b21eeed2171}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{a9767307-fb00-40e4-833f-6b21eeed2171}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{a9767307-fb00-40e4-833f-6b21eeed2171}\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{d645492c-d1b4-4d3b-966f-35a7e1597e4e}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{d645492c-d1b4-4d3b-966f-35a7e1597e4e}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{d645492c-d1b4-4d3b-966f-35a7e1597e4e}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{d645492c-d1b4-4d3b-966f-35a7e1597e4e}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{d645492c-d1b4-4d3b-966f-35a7e1597e4e}\install.rdf
c:\documents and settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{a9767307-fb00-40e4-833f-6b21eeed2171}
c:\documents and settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{a9767307-fb00-40e4-833f-6b21eeed2171}\chrome.manifest
c:\documents and settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{a9767307-fb00-40e4-833f-6b21eeed2171}\chrome\xulcache.jar
c:\documents and settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{a9767307-fb00-40e4-833f-6b21eeed2171}\defaults\preferences\xulcache.js
c:\documents and settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{a9767307-fb00-40e4-833f-6b21eeed2171}\install.rdf
c:\documents and settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{d645492c-d1b4-4d3b-966f-35a7e1597e4e}
c:\documents and settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{d645492c-d1b4-4d3b-966f-35a7e1597e4e}\chrome.manifest
c:\documents and settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{d645492c-d1b4-4d3b-966f-35a7e1597e4e}\chrome\xulcache.jar
c:\documents and settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{d645492c-d1b4-4d3b-966f-35a7e1597e4e}\defaults\preferences\xulcache.js
c:\documents and settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{d645492c-d1b4-4d3b-966f-35a7e1597e4e}\install.rdf
c:\documents and settings\Erik\bohfjbgsas.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-08-17 to 2012-09-17 )))))))))))))))))))))))))))))))
.
.
2012-09-16 20:26 . 2012-09-16 20:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-09 15:13 . 2012-09-09 15:13 -------- d-----w- c:\documents and settings\Erik\Local Settings\Application Data\Nik Software
2012-09-09 15:13 . 2012-09-09 15:13 -------- d-----w- c:\program files\Nik Software
2012-09-09 15:13 . 2012-09-09 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Nik Software
2012-09-09 14:55 . 2012-09-09 14:55 -------- d-----r- c:\documents and settings\Erik\Application Data\Brother
2012-09-06 03:01 . 2012-09-06 03:01 -------- d-----w- c:\documents and settings\Erik\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-09-03 01:44 . 2012-09-03 01:44 -------- d-----w- c:\documents and settings\Erik\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-09-03 01:44 . 2012-09-03 01:44 -------- d-----w- c:\documents and settings\Erik\Application Data\Adobe Mini Bridge CS5.1
2012-09-01 13:56 . 2012-09-01 13:56 -------- d-----w- c:\documents and settings\Erik\Application Data\NVIDIA
2012-09-01 00:20 . 2012-09-14 00:50 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-09-01 00:19 . 2012-09-02 01:18 -------- d-----w- c:\documents and settings\Erik\Local Settings\Application Data\PunkBuster
2012-08-31 23:52 . 2012-09-14 00:51 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-08-31 23:52 . 2012-09-02 01:16 138056 ----a-w- c:\documents and settings\Erik\Application Data\PnkBstrK.sys
2012-08-31 23:52 . 2012-09-14 00:50 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-08-31 23:52 . 2012-09-11 22:57 270240 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-08-31 23:52 . 2012-09-02 01:23 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-08-31 23:45 . 2012-09-02 01:05 -------- d-----w- c:\program files\EA Games
2012-08-31 22:48 . 2012-08-31 22:48 -------- d-----w- c:\documents and settings\UpdatusUser
2012-08-31 22:47 . 2012-04-18 17:08 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-08-31 22:47 . 2012-05-15 10:18 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-08-31 22:47 . 2012-05-15 10:18 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-08-31 22:46 . 2012-08-31 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2012-08-31 22:41 . 2012-08-31 22:41 -------- d-----w- c:\documents and settings\Erik\Application Data\SystemRequirementsLab
2012-08-31 22:36 . 2012-08-31 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2012-08-22 02:50 . 2012-08-22 02:50 -------- d-----w- c:\documents and settings\Erik\New Folder
2012-08-20 12:13 . 2012-08-20 12:13 -------- d-----w- c:\documents and settings\Erik\Local Settings\Application Data\Sun
2012-08-20 12:13 . 2012-08-20 12:13 -------- d-----w- c:\program files\Common Files\Java
2012-08-20 12:12 . 2012-08-20 12:12 -------- d-----w- c:\program files\Oracle
2012-08-20 12:12 . 2012-08-20 12:12 -------- d-----w- c:\documents and settings\Erik\Application Data\Oracle
2012-08-20 12:12 . 2012-07-06 03:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-20 12:12 . 2012-07-06 03:06 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-19 05:02 . 2012-08-19 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2012-08-19 03:52 . 2012-08-19 04:16 -------- d-----w- c:\documents and settings\All Users\Adobe Photoshop CS6
2012-08-19 03:24 . 2012-09-08 14:12 -------- d-----w- c:\documents and settings\Erik\Adobe Photoshop CS6
2012-08-19 03:23 . 2012-08-19 03:23 -------- d-----w- c:\documents and settings\Erik\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-08-19 03:23 . 2012-08-19 03:23 -------- d-----w- c:\program files\Adobe Download Assistant
2012-08-19 00:57 . 2012-08-29 11:42 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 22:04 . 2012-08-13 12:12 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-29 11:42 . 2011-09-13 03:49 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 03:07 . 2009-03-16 00:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-08 01:28 . 2012-09-08 01:28 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-09-16_19.30.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-16 20:34 . 2012-09-16 20:34 16384 c:\windows\Temp\Perflib_Perfdata_768.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1804C938-6D54-4CEF-A7C8-E55DB3547455}]
2011-08-16 16:51 328704 ----a-w- c:\windows\system32\ATIDEMGX32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Erik\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Erik\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Erik\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Erik\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS5.1\Bridge.exe" [2011-03-03 12008296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-unins...f214-a6f40694ad39c2c1ea12a9f0234794ed061a73bd" [?]
.
c:\documents and settings\Erik\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Erik\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Spyder3Utility.lnk - c:\program files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe [2009-8-11 6798714]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Erik^Start Menu^Programs^Startup^Canon IJ Status Monitor Canon MX340 series Printer (Copy 1).lnk]
path=c:\documents and settings\Erik\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MX340 series Printer (Copy 1).lnk
backup=c:\windows\pss\Canon IJ Status Monitor Canon MX340 series Printer (Copy 1).lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 17:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2009-09-15 17:31 140640 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Medialink Utilty]
2009-08-21 20:44 2170904 ----a-w- c:\program files\Medialink\MWN-USB150N\UI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 23:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-29 22:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Erik\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Windows Migration Assistant\\MigrationAssistant.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/15/2012 8:33 AM 399432]
R2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\system32\nlssrv32.exe [9/22/2011 11:30 AM 66560]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [8/31/2012 5:48 PM 1262400]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/23/2008 7:04 PM 24652]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [8/31/2012 5:34 PM 123840]
S0 ysbifayk;ysbifayk;c:\windows\system32\drivers\eiyjyhf.sys --> c:\windows\system32\drivers\eiyjyhf.sys [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/13/2012 7:12 AM 676936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [8/18/2012 7:57 PM 250568]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/16/2010 8:08 AM 1684736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/13/2012 7:12 AM 22856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [8/15/2012 10:03 PM 114144]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [9/8/2008 5:26 PM 12288]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 30368343
*NewlyCreated* - ASWMBR
*NewlyCreated* - KGRCYAOG
*NewlyCreated* - TRUESIGHT
*Deregistered* - 30368343
*Deregistered* - aswMBR
*Deregistered* - kgrcyaog
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 16:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-19 11:42]
.
2012-09-16 c:\windows\Tasks\AdobeAAMUpdater-1.0-ERIKS-DESKTOP-Erik.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-09 22:42]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\
FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/
FF - prefs.js: network.proxy.type - 1
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
SafeBoot-39772120.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-16 21:05
Windows 5.1.2600 Service Pack 3, v.3264 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-09-16 21:06:30
ComboFix-quarantined-files.txt 2012-09-17 02:06
ComboFix2.txt 2012-09-16 19:32
ComboFix3.txt 2011-09-20 02:46
ComboFix4.txt 2011-09-16 04:43
ComboFix5.txt 2012-09-17 01:58
.
Pre-Run: 443,164,217,344 bytes free
Post-Run: 443,219,111,936 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 91FD28AC148145F313ED93BCB401E424

 

[Broni]

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\ATIDEMGX32.dll
c:\windows\system32\drivers\eiyjyhf.sys

Folder::

Driver::
ysbifayk

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1804C938-6D54-4CEF-A7C8-E55DB3547455}]

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[CMeyers3]

ComboFix:
ComboFix 12-09-16.01 - Erik 09/16/2012 21:45:00.13.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2379 [GMT -5:00]
Running from: c:\documents and settings\Erik\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Erik\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\system32\ATIDEMGX32.dll"
"c:\windows\system32\drivers\eiyjyhf.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\ATIDEMGX32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ysbifayk
.
.
((((((((((((((((((((((((( Files Created from 2012-08-17 to 2012-09-17 )))))))))))))))))))))))))))))))
.
.
2012-09-16 20:26 . 2012-09-16 20:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-09 15:13 . 2012-09-09 15:13 -------- d-----w- c:\documents and settings\Erik\Local Settings\Application Data\Nik Software
2012-09-09 15:13 . 2012-09-09 15:13 -------- d-----w- c:\program files\Nik Software
2012-09-09 15:13 . 2012-09-09 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Nik Software
2012-09-09 14:55 . 2012-09-09 14:55 -------- d-----r- c:\documents and settings\Erik\Application Data\Brother
2012-09-06 03:01 . 2012-09-06 03:01 -------- d-----w- c:\documents and settings\Erik\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-09-03 01:44 . 2012-09-03 01:44 -------- d-----w- c:\documents and settings\Erik\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-09-03 01:44 . 2012-09-03 01:44 -------- d-----w- c:\documents and settings\Erik\Application Data\Adobe Mini Bridge CS5.1
2012-09-01 13:56 . 2012-09-01 13:56 -------- d-----w- c:\documents and settings\Erik\Application Data\NVIDIA
2012-09-01 00:20 . 2012-09-14 00:50 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-09-01 00:19 . 2012-09-02 01:18 -------- d-----w- c:\documents and settings\Erik\Local Settings\Application Data\PunkBuster
2012-08-31 23:52 . 2012-09-14 00:51 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-08-31 23:52 . 2012-09-02 01:16 138056 ----a-w- c:\documents and settings\Erik\Application Data\PnkBstrK.sys
2012-08-31 23:52 . 2012-09-14 00:50 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-08-31 23:52 . 2012-09-11 22:57 270240 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-08-31 23:52 . 2012-09-02 01:23 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-08-31 23:45 . 2012-09-02 01:05 -------- d-----w- c:\program files\EA Games
2012-08-31 22:48 . 2012-08-31 22:48 -------- d-----w- c:\documents and settings\UpdatusUser
2012-08-31 22:47 . 2012-04-18 17:08 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-08-31 22:47 . 2012-05-15 10:18 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-08-31 22:47 . 2012-05-15 10:18 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-08-31 22:46 . 2012-08-31 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2012-08-31 22:41 . 2012-08-31 22:41 -------- d-----w- c:\documents and settings\Erik\Application Data\SystemRequirementsLab
2012-08-31 22:36 . 2012-08-31 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2012-08-22 02:50 . 2012-08-22 02:50 -------- d-----w- c:\documents and settings\Erik\New Folder
2012-08-20 12:13 . 2012-08-20 12:13 -------- d-----w- c:\documents and settings\Erik\Local Settings\Application Data\Sun
2012-08-20 12:13 . 2012-08-20 12:13 -------- d-----w- c:\program files\Common Files\Java
2012-08-20 12:12 . 2012-08-20 12:12 -------- d-----w- c:\program files\Oracle
2012-08-20 12:12 . 2012-08-20 12:12 -------- d-----w- c:\documents and settings\Erik\Application Data\Oracle
2012-08-20 12:12 . 2012-07-06 03:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-20 12:12 . 2012-07-06 03:06 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-19 05:02 . 2012-08-19 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2012-08-19 03:52 . 2012-08-19 04:16 -------- d-----w- c:\documents and settings\All Users\Adobe Photoshop CS6
2012-08-19 03:24 . 2012-09-08 14:12 -------- d-----w- c:\documents and settings\Erik\Adobe Photoshop CS6
2012-08-19 03:23 . 2012-08-19 03:23 -------- d-----w- c:\documents and settings\Erik\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-08-19 03:23 . 2012-08-19 03:23 -------- d-----w- c:\program files\Adobe Download Assistant
2012-08-19 00:57 . 2012-08-29 11:42 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 22:04 . 2012-08-13 12:12 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-29 11:42 . 2011-09-13 03:49 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 03:07 . 2009-03-16 00:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-08 01:28 . 2012-09-08 01:28 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-09-16_19.30.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-17 02:49 . 2012-09-17 02:49 16384 c:\windows\Temp\Perflib_Perfdata_7a8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Erik\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Erik\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Erik\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Erik\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS5.1\Bridge.exe" [2011-03-03 12008296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-unins...f214-a6f40694ad39c2c1ea12a9f0234794ed061a73bd" [?]
.
c:\documents and settings\Erik\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Erik\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Spyder3Utility.lnk - c:\program files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe [2009-8-11 6798714]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Erik^Start Menu^Programs^Startup^Canon IJ Status Monitor Canon MX340 series Printer (Copy 1).lnk]
path=c:\documents and settings\Erik\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MX340 series Printer (Copy 1).lnk
backup=c:\windows\pss\Canon IJ Status Monitor Canon MX340 series Printer (Copy 1).lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 17:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2009-09-15 17:31 140640 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Medialink Utilty]
2009-08-21 20:44 2170904 ----a-w- c:\program files\Medialink\MWN-USB150N\UI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 23:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-29 22:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Erik\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Windows Migration Assistant\\MigrationAssistant.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/15/2012 8:33 AM 399432]
R2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\system32\nlssrv32.exe [9/22/2011 11:30 AM 66560]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [8/31/2012 5:48 PM 1262400]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/23/2008 7:04 PM 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/13/2012 7:12 AM 22856]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [8/31/2012 5:34 PM 123840]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/13/2012 7:12 AM 676936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [8/18/2012 7:57 PM 250568]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/16/2010 8:08 AM 1684736]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [8/15/2012 10:03 PM 114144]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [9/8/2008 5:26 PM 12288]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 16:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-19 11:42]
.
2012-09-16 c:\windows\Tasks\AdobeAAMUpdater-1.0-ERIKS-DESKTOP-Erik.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-09 22:42]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\
FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/
FF - prefs.js: network.proxy.type - 1
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-16 21:51
Windows 5.1.2600 Service Pack 3, v.3264 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1288)
c:\program files\RocketDock\RocketDock.dll
c:\documents and settings\Erik\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\RunDLL32.exe
.
**************************************************************************
.
Completion time: 2012-09-16 21:53:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-17 02:53
ComboFix2.txt 2012-09-17 02:06
ComboFix3.txt 2012-09-16 19:32
ComboFix4.txt 2011-09-20 02:46
ComboFix5.txt 2012-09-17 02:43
.
Pre-Run: 443,233,669,120 bytes free
Post-Run: 443,109,773,312 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - A241F4E7808328A5F53C25847572FD2F

 

[Broni]

Looks good.

How is computer doing?

================================

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.

==================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[CMeyers3]

Still hanging when trying to load MyComputer or even right clicking on the Desktop to get to properties.

Running OTL now.

 

[CMeyers3]

OTL.txt:

OTL logfile created on: 9/16/2012 10:04:59 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Erik\Desktop
Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 82.84% Memory free
4.84 Gb Paging File | 4.48 Gb Available in Paging File | 92.54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 412.72 Gb Free Space | 88.61% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 50.92 Gb Free Space | 21.87% Space Free | Partition Type: NTFS

Computer Name: ERIKS-DESKTOP | User Name: Erik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/16 21:58:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erik\Desktop\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Erik\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/05/15 05:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011/09/22 11:30:58 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\nlssrv32.exe
PRC - [2011/03/02 21:35:24 | 012,008,296 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe
PRC - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
PRC - [2009/08/11 10:19:48 | 006,798,714 | ---- | M] () -- C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
PRC - [2007/12/01 00:26:26 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/02 21:34:56 | 002,748,416 | ---- | M] () -- C:\Program Files\Adobe\Adobe Bridge CS5.1\libmysqld.dll
MOD - [2011/03/02 21:34:56 | 000,073,728 | ---- | M] () -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Symlib.dll
MOD - [2009/08/11 10:19:48 | 006,798,714 | ---- | M] () -- C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
MOD - [2009/08/11 10:19:48 | 000,897,024 | ---- | M] () -- C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\RBScript.dll
MOD - [2009/08/11 10:19:48 | 000,762,368 | ---- | M] () -- C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\XML.dll
MOD - [2009/08/11 10:19:48 | 000,335,872 | ---- | M] () -- C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\CGamma.dll
MOD - [2009/08/11 10:19:48 | 000,147,456 | ---- | M] () -- C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\RegEx.dll
MOD - [2009/08/11 10:19:48 | 000,135,168 | ---- | M] () -- C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\Appearance Pak.dll
MOD - [2009/08/11 10:19:48 | 000,131,072 | ---- | M] () -- C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\CSensor.dll
MOD - [2009/08/11 10:19:48 | 000,098,304 | ---- | M] () -- C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\Shell.dll
MOD - [2009/08/11 10:19:48 | 000,028,672 | ---- | M] () -- C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll
MOD - [2009/08/11 10:19:48 | 000,025,600 | ---- | M] () -- C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2004/09/08 20:51:54 | 000,121,344 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2012/09/07 20:28:58 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/29 06:42:37 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/05/15 05:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/09/22 11:30:58 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\nlssrv32.exe -- (nlsX86cc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/03 11:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/02/23 12:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2005/10/06 18:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvcflt.sys -- (FilterService)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/18 12:08:05 | 000,123,840 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009/08/18 04:32:00 | 005,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009/06/29 06:59:14 | 000,142,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/03/04 17:30:14 | 000,709,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/12/01 04:13:42 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/09/08 17:26:22 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Spyder3.sys -- (Spyder3)
DRV - [2008/08/05 07:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/10/11 20:40:12 | 000,009,096 | R--- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\amdide.sys -- (amdide)
DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/04 02:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 38 C9 04 18 54 6D EF 4C A7 C8 E5 5D B3 54 74 55 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:64364

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 38 C9 04 18 54 6D EF 4C A7 C8 E5 5D B3 54 74 55 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:64364

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 38 C9 04 18 54 6D EF 4C A7 C8 E5 5D B3 54 74 55 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 38 C9 04 18 54 6D EF 4C A7 C8 E5 5D B3 54 74 55 [binary data]

IE - HKU\S-1-5-21-1957994488-115176313-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 38 C9 04 18 54 6D EF 4C A7 C8 E5 5D B3 54 74 55 [binary data]
IE - HKU\S-1-5-21-1957994488-115176313-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1957994488-115176313-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1957994488-115176313-725345543-1003\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4e53...e&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKU\S-1-5-21-1957994488-115176313-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1957994488-115176313-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-21-1957994488-115176313-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://espn.go.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.1
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6c4908b0-aeaa-4d7c-8c5c-465a6811a9bf}:1.0
FF - prefs.js..extensions.enabledItems: {48f92fac-75b3-4701-adfe-debb1f4ef472}:1.0
FF - prefs.js..network.proxy.type: 1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/07 15:34:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/07 15:34:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 20:28:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 20:28:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/08/12 09:06:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/12/22 18:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Erik\Application Data\Mozilla\Extensions
[2012/09/16 21:04:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions
[2012/08/12 09:14:44 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/11/04 15:43:31 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2009/01/10 13:16:36 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/09/13 00:59:16 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012/08/31 18:45:31 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\battlefieldheroespatcher@ea.com
[2012/09/01 20:04:54 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\battlefieldplay4free@ea.com
[2009/01/05 21:46:07 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\searchplugins\imdb.xml
[2009/01/05 22:40:45 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\searchplugins\mozilla-add-ons.xml
[2011/08/24 00:31:12 | 000,002,057 | ---- | M] () -- C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\searchplugins\youtube-video-search.xml
[2012/09/07 20:28:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/19 20:51:06 | 000,011,119 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ERIK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6OUMI61I.DEFAULT\EXTENSIONS\FF-ADDON@LOUDTRONIX.COM.XPI
[2012/08/16 19:23:36 | 000,012,373 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ERIK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6OUMI61I.DEFAULT\EXTENSIONS\SUMEETKPATEL@GMAIL.COM.XPI
[2012/09/07 20:28:59 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2012/09/01 12:14:43 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/01 12:14:43 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: No name found = C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: No name found = C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\
CHR - Extension: No name found = C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: No name found = C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2012/09/16 21:50:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1957994488-115176313-725345543-1003..\Run: [AdobeBridge] C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-1957994488-115176313-725345543-1003..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1957994488-115176313-725345543-1005..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Spyder3Utility.lnk = C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe ()
O4 - Startup: C:\Documents and Settings\Erik\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Erik\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-115176313-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1957994488-115176313-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1957994488-115176313-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1957994488-115176313-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1957994488-115176313-725345543-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1957994488-115176313-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CFF78F0-99AB-4B86-B1CF-1C0E32E67E75}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50F874C9-8C29-4664-87E1-C1B515958B61}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E83A77B0-930C-4B6B-B7F9-874625AAFBD5}: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EADD6193-B872-445C-AD32-0AFF476B7FCF}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Erik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Erik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/21 13:29:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1957994488-115176313-725345543-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/16 21:58:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Erik\Desktop\OTL.exe
[2012/09/16 21:50:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/16 21:43:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/09/16 21:43:08 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/16 20:53:13 | 004,751,448 | R--- | C] (Swearware) -- C:\Documents and Settings\Erik\Desktop\ComboFix.exe
[2012/09/16 17:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\Desktop\RK_Quarantine
[2012/09/16 15:26:50 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/09 10:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\Local Settings\Application Data\Nik Software
[2012/09/09 10:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Nik Software
[2012/09/09 10:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nik Software
[2012/09/09 09:55:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Erik\Application Data\Brother
[2012/09/08 09:48:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\My Documents\Photoshop_13_LS16
[2012/09/08 09:40:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\My Documents\Patch
[2012/09/07 20:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/05 22:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/09/02 20:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/09/02 20:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\Application Data\Adobe Mini Bridge CS5.1
[2012/09/01 20:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\My Documents\Battlefield Play4Free
[2012/09/01 08:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\Application Data\NVIDIA
[2012/08/31 19:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\Local Settings\Application Data\PunkBuster
[2012/08/31 19:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\My Documents\Battlefield Heroes
[2012/08/31 18:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EA Games
[2012/08/31 18:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games
[2012/08/31 17:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2012/08/31 17:41:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\Application Data\SystemRequirementsLab
[2012/08/31 17:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2012/08/31 17:34:26 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2012/08/31 17:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/08/31 17:34:01 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/08/21 21:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\New Folder
[2012/08/20 07:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\Local Settings\Application Data\Sun
[2012/08/20 07:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/08/20 07:13:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/20 07:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/08/20 07:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\Application Data\Oracle
[2012/08/19 00:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/08/18 22:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Adobe Photoshop CS6
[2012/08/18 22:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\Adobe Photoshop CS6
[2012/08/18 22:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/08/18 22:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2012/08/18 08:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\My Documents\Carl's
[2011/08/10 13:59:52 | 000,101,376 | ---- | C] (CANON INC.) -- C:\Documents and Settings\Erik\cnmss Canon MX340 series Printer (Copy 1) (Local).dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Erik\Desktop\*.tmp files -> C:\Documents and Settings\Erik\Desktop\*.tmp -> ]

 

[CMeyers3]

========== Files - Modified Within 30 Days ==========

[2012/09/16 22:00:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/16 21:58:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erik\Desktop\OTL.exe
[2012/09/16 21:50:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/09/16 21:43:50 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2012/09/16 21:42:30 | 004,751,448 | R--- | M] (Swearware) -- C:\Documents and Settings\Erik\Desktop\ComboFix.exe
[2012/09/16 21:31:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/16 21:00:26 | 000,000,339 | ---- | M] () -- C:\Boot.bak
[2012/09/16 19:44:50 | 000,109,568 | ---- | M] () -- C:\Documents and Settings\Erik\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/16 19:44:48 | 000,000,378 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\Shortcut to WINDOWS.lnk
[2012/09/16 17:52:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\MBR.dat
[2012/09/16 14:30:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.old
[2012/09/16 02:00:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-ERIKS-DESKTOP-Erik.job
[2012/09/15 08:41:21 | 000,001,908 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Spyder3Utility.lnk
[2012/09/15 08:41:21 | 000,001,780 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\Spyder3Express 4.0.1.lnk
[2012/09/15 08:34:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/13 19:51:03 | 000,139,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/09/13 19:50:55 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2012/09/11 17:57:19 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2012/09/09 21:15:52 | 001,074,636 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/09/09 21:15:52 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/09/09 21:15:49 | 001,074,636 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/09/09 21:10:34 | 003,610,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/09 09:55:22 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2012/09/08 09:46:29 | 1207,595,878 | ---- | M] () -- C:\Documents and Settings\Erik\My Documents\Photoshop_13_LS16.7z
[2012/09/08 08:37:03 | 001,292,060 | ---- | M] () -- C:\Documents and Settings\Erik\My Documents\Adobe Photoshop CS6 (Patch + Instructions).rar
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/05 22:33:47 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Erik\Application Data\Adobe PNG Format CS5 Prefs
[2012/09/05 22:01:48 | 000,064,292 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/09/01 20:16:58 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\Erik\Application Data\PnkBstrK.sys
[2012/08/31 17:34:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012/08/31 17:32:32 | 000,395,530 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/31 17:32:32 | 000,059,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/31 17:32:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/20 07:11:25 | 000,001,822 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\Kies Air Discovery Service.lnk
[2012/08/18 22:23:42 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Erik\Desktop\*.tmp files -> C:\Documents and Settings\Erik\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/16 19:44:48 | 000,000,378 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\Shortcut to WINDOWS.lnk
[2012/09/16 17:52:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\MBR.dat
[2012/09/15 08:41:21 | 000,001,780 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\Spyder3Express 4.0.1.lnk
[2012/09/09 08:28:29 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-ERIKS-DESKTOP-Erik.job
[2012/09/09 08:18:43 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2012/09/09 08:15:43 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2012/09/09 08:15:22 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2012/09/09 08:14:07 | 000,001,026 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2012/09/09 08:13:59 | 000,001,176 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2012/09/08 09:40:10 | 1207,595,878 | ---- | C] () -- C:\Documents and Settings\Erik\My Documents\Photoshop_13_LS16.7z
[2012/09/08 08:36:50 | 001,292,060 | ---- | C] () -- C:\Documents and Settings\Erik\My Documents\Adobe Photoshop CS6 (Patch + Instructions).rar
[2012/09/01 08:57:57 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Erik\Application Data\Adobe PNG Format CS5 Prefs
[2012/08/31 19:20:09 | 000,270,240 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2012/08/31 18:52:43 | 000,139,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/08/31 18:52:41 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Erik\Application Data\PnkBstrK.sys
[2012/08/31 18:52:21 | 000,270,240 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012/08/31 18:52:21 | 000,270,240 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2012/08/31 18:52:20 | 000,076,888 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012/08/31 17:47:15 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/08/31 17:34:56 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/08/31 17:34:53 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/08/31 17:34:53 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/08/31 17:34:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012/08/31 17:34:26 | 002,293,138 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2012/08/31 17:34:26 | 000,010,264 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2012/08/31 17:32:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/20 07:11:25 | 000,001,822 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\Kies Air Discovery Service.lnk
[2012/08/18 23:58:48 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help.lnk
[2012/08/18 22:23:42 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Download Assistant.lnk
[2012/08/18 22:23:42 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk
[2012/08/18 19:57:15 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/15 18:51:19 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012/08/15 18:51:19 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD7020.DAT
[2012/08/15 18:44:06 | 000,270,108 | ---- | C] () -- C:\Documents and Settings\Erik\brumf04b.dl_
[2012/08/15 18:44:06 | 000,249,574 | ---- | C] () -- C:\Documents and Settings\Erik\brmsl08f.ic_
[2012/08/15 18:44:06 | 000,145,970 | ---- | C] () -- C:\Documents and Settings\Erik\bromf04b.dl_
[2012/08/15 18:44:06 | 000,087,611 | ---- | C] () -- C:\Documents and Settings\Erik\brtwdscn.dl_
[2012/08/15 18:44:06 | 000,070,293 | ---- | C] () -- C:\Documents and Settings\Erik\brtwdsui.dl_
[2012/08/15 18:44:06 | 000,069,479 | ---- | C] () -- C:\Documents and Settings\Erik\brtwds.dl_
[2012/08/15 18:44:06 | 000,066,652 | ---- | C] () -- C:\Documents and Settings\Erik\brwia04b.dl_
[2012/08/15 18:44:06 | 000,054,220 | ---- | C] () -- C:\Documents and Settings\Erik\brms304b.dl_
[2012/08/15 18:44:06 | 000,050,952 | ---- | C] () -- C:\Documents and Settings\Erik\bromf04b.hl_
[2012/08/15 18:44:06 | 000,049,273 | ---- | C] () -- C:\Documents and Settings\Erik\brmfbipp.dl_
[2012/08/15 18:44:06 | 000,040,074 | ---- | C] () -- C:\Documents and Settings\Erik\brqikmon.ex_
[2012/08/15 18:44:06 | 000,039,031 | ---- | C] () -- C:\Documents and Settings\Erik\brtwdspa.dl_
[2012/08/15 18:44:06 | 000,038,997 | ---- | C] () -- C:\Documents and Settings\Erik\brtwdger.dl_
[2012/08/15 18:44:06 | 000,038,964 | ---- | C] () -- C:\Documents and Settings\Erik\brtwdfre.dl_
[2012/08/15 18:44:06 | 000,038,962 | ---- | C] () -- C:\Documents and Settings\Erik\brtwdpor.dl_
[2012/08/15 18:44:06 | 000,038,861 | ---- | C] () -- C:\Documents and Settings\Erik\brtwdita.dl_
[2012/08/15 18:44:06 | 000,038,374 | ---- | C] () -- C:\Documents and Settings\Erik\brtwdnor.dl_
[2012/08/15 18:44:06 | 000,038,325 | ---- | C] () -- C:\Documents and Settings\Erik\brtwddut.dl_
[2012/08/15 18:44:06 | 000,038,243 | ---- | C] () -- C:\Documents and Settings\Erik\brtwdswe.dl_
[2012/08/15 18:44:06 | 000,038,206 | ---- | C] () -- C:\Documents and Settings\Erik\brtwdeng.dl_
[2012/08/15 18:44:06 | 000,038,205 | ---- | C] () -- C:\Documents and Settings\Erik\brtwdusa.dl_
[2012/08/15 18:44:06 | 000,035,541 | ---- | C] () -- C:\Documents and Settings\Erik\brtwdfe.ds_
[2012/08/15 18:44:06 | 000,033,925 | ---- | C] () -- C:\Documents and Settings\Erik\brcolm32.dl_
[2012/08/15 18:44:06 | 000,032,513 | ---- | C] () -- C:\Documents and Settings\Erik\brtwdhun.dl_
[2012/08/15 18:44:06 | 000,032,462 | ---- | C] () -- C:\Documents and Settings\Erik\brtwdpol.dl_
[2012/08/15 18:44:06 | 000,032,408 | ---- | C] () -- C:\Documents and Settings\Erik\brtwdrus.dl_
[2012/08/15 18:44:06 | 000,031,739 | ---- | C] () -- C:\Documents and Settings\Erik\brtwdjpn.dl_
[2012/08/15 18:44:06 | 000,029,116 | ---- | C] () -- C:\Documents and Settings\Erik\brimall2.cat
[2012/08/15 18:44:06 | 000,027,121 | ---- | C] () -- C:\Documents and Settings\Erik\brqikmon.hl_
[2012/08/15 18:44:06 | 000,026,195 | ---- | C] () -- C:\Documents and Settings\Erik\brmfbags.ex_
[2012/08/15 18:44:06 | 000,024,695 | ---- | C] () -- C:\Documents and Settings\Erik\brmfbagp.ex_
[2012/08/15 18:44:06 | 000,023,407 | ---- | C] () -- C:\Documents and Settings\Erik\brmfusb.dl_
[2012/08/15 18:44:06 | 000,020,430 | ---- | C] () -- C:\Documents and Settings\Erik\brmd04.ex_
[2012/08/15 18:44:06 | 000,019,485 | ---- | C] () -- C:\Documents and Settings\Erik\brlmf04b.dl_
[2012/08/15 18:44:06 | 000,018,742 | ---- | C] () -- C:\Documents and Settings\Erik\brmfrsmg.ex_
[2012/08/15 18:44:06 | 000,018,717 | ---- | C] () -- C:\Documents and Settings\Erik\brusi04b.dl_
[2012/08/15 18:44:06 | 000,017,640 | ---- | C] () -- C:\Documents and Settings\Erik\brmflpt.dl_
[2012/08/15 18:44:06 | 000,017,187 | ---- | C] () -- C:\Documents and Settings\Erik\brprall2.cat
[2012/08/15 18:44:06 | 000,015,228 | ---- | C] () -- C:\Documents and Settings\Erik\brmfall2.cat
[2012/08/15 18:44:06 | 000,014,033 | ---- | C] () -- C:\Documents and Settings\Erik\brmfpmbd.dl_
[2012/08/15 18:44:06 | 000,013,650 | ---- | C] () -- C:\Documents and Settings\Erik\brrsi04b.dl_
[2012/08/15 18:44:06 | 000,011,411 | ---- | C] () -- C:\Documents and Settings\Erik\brimall2.inf
[2012/08/15 18:44:06 | 000,011,086 | ---- | C] () -- C:\Documents and Settings\Erik\brbidiif.dl_
[2012/08/15 18:44:06 | 000,009,145 | ---- | C] () -- C:\Documents and Settings\Erik\brb7204b.dl_
[2012/08/15 18:44:06 | 000,009,142 | ---- | C] () -- C:\Documents and Settings\Erik\brb7304b.dl_
[2012/08/15 18:44:06 | 000,008,239 | ---- | C] () -- C:\Documents and Settings\Erik\brmfbidi.dl_
[2012/08/15 18:44:06 | 000,007,552 | ---- | C] () -- C:\Documents and Settings\Erik\brmsl08f.cm_
[2012/08/15 18:44:06 | 000,007,532 | ---- | C] () -- C:\Documents and Settings\Erik\bp7025.in_
[2012/08/15 18:44:06 | 000,007,532 | ---- | C] () -- C:\Documents and Settings\Erik\bp7020.in_
[2012/08/15 18:44:06 | 000,007,480 | ---- | C] () -- C:\Documents and Settings\Erik\brusbser.sy_
[2012/08/15 18:44:06 | 000,007,000 | ---- | C] () -- C:\Documents and Settings\Erik\brevif.dl_
[2012/08/15 18:44:06 | 000,006,381 | ---- | C] () -- C:\Documents and Settings\Erik\brcinsv2.dl_
[2012/08/15 18:44:06 | 000,006,223 | ---- | C] () -- C:\Documents and Settings\Erik\brmfall2.inf
[2012/08/15 18:44:06 | 000,004,604 | ---- | C] () -- C:\Documents and Settings\Erik\brprall2.inf
[2012/08/15 18:44:06 | 000,003,755 | ---- | C] () -- C:\Documents and Settings\Erik\bp7025.pp_
[2012/08/15 18:44:06 | 000,003,556 | ---- | C] () -- C:\Documents and Settings\Erik\bp7020.pp_
[2012/08/15 18:44:06 | 000,003,318 | ---- | C] () -- C:\Documents and Settings\Erik\rsmgrstr.dl_
[2012/08/15 18:44:06 | 000,000,517 | ---- | C] () -- C:\Documents and Settings\Erik\twdc7025p.in_
[2012/08/15 18:44:06 | 000,000,514 | ---- | C] () -- C:\Documents and Settings\Erik\twdc7020p.in_
[2012/08/15 18:44:06 | 000,000,510 | ---- | C] () -- C:\Documents and Settings\Erik\twdc7025u.in_
[2012/08/15 18:44:06 | 000,000,510 | ---- | C] () -- C:\Documents and Settings\Erik\twdc7025n.in_
[2012/08/15 18:44:06 | 000,000,510 | ---- | C] () -- C:\Documents and Settings\Erik\twdc7020u.in_
[2012/08/15 18:44:06 | 000,000,510 | ---- | C] () -- C:\Documents and Settings\Erik\twdc7020n.in_
[2012/08/15 18:44:06 | 000,000,503 | ---- | C] () -- C:\Documents and Settings\Erik\dc7025u.in_
[2012/08/15 18:44:06 | 000,000,503 | ---- | C] () -- C:\Documents and Settings\Erik\dc7025n.in_
[2012/08/15 18:44:06 | 000,000,503 | ---- | C] () -- C:\Documents and Settings\Erik\dc7020u.in_
[2012/08/15 18:44:06 | 000,000,503 | ---- | C] () -- C:\Documents and Settings\Erik\dc7020n.in_
[2012/08/15 18:44:06 | 000,000,496 | ---- | C] () -- C:\Documents and Settings\Erik\dc7025p.in_
[2012/08/15 18:44:06 | 000,000,493 | ---- | C] () -- C:\Documents and Settings\Erik\dc7020p.in_
[2012/08/15 18:44:06 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Erik\bp7020.da_
[2012/08/15 18:44:06 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Erik\bp7025.da_
[2012/08/15 18:44:06 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\Erik\bw7025.in_
[2012/08/15 18:44:06 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\Erik\bw7020.in_
[2012/08/15 18:44:06 | 000,000,068 | ---- | C] () -- C:\Documents and Settings\Erik\brmfbagp.in_
[2012/08/15 18:44:06 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\Erik\be7025.da_
[2012/08/15 18:44:06 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\Erik\be7020.da_
[2012/08/15 18:44:06 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Erik\brmfbipp.da_
[2012/08/15 18:44:06 | 000,000,047 | ---- | C] () -- C:\Documents and Settings\Erik\brmfbags.in_
[2012/08/15 18:44:05 | 000,484,554 | ---- | C] () -- C:\Documents and Settings\Erik\brs04hun.hl_
[2012/08/15 18:44:05 | 000,477,820 | ---- | C] () -- C:\Documents and Settings\Erik\brs04por.hl_
[2012/08/15 18:44:05 | 000,474,654 | ---- | C] () -- C:\Documents and Settings\Erik\brs04cze.hl_
[2012/08/15 18:44:05 | 000,473,608 | ---- | C] () -- C:\Documents and Settings\Erik\brs04pol.hl_
[2012/08/15 18:44:05 | 000,136,975 | ---- | C] () -- C:\Documents and Settings\Erik\brs04chn.hl_
[2012/08/15 18:44:05 | 000,107,262 | ---- | C] () -- C:\Documents and Settings\Erik\brs04jpn.hl_
[2012/08/15 18:44:05 | 000,101,391 | ---- | C] () -- C:\Documents and Settings\Erik\brs04fre.hl_
[2012/08/15 18:44:05 | 000,101,225 | ---- | C] () -- C:\Documents and Settings\Erik\brs04rus.hl_
[2012/08/15 18:44:05 | 000,099,366 | ---- | C] () -- C:\Documents and Settings\Erik\brs04spa.hl_
[2012/08/15 18:44:05 | 000,099,125 | ---- | C] () -- C:\Documents and Settings\Erik\brs04ita.hl_
[2012/08/15 18:44:05 | 000,097,706 | ---- | C] () -- C:\Documents and Settings\Erik\brs04swe.hl_
[2012/08/15 18:44:05 | 000,097,592 | ---- | C] () -- C:\Documents and Settings\Erik\brs04ger.hl_
[2012/08/15 18:44:05 | 000,097,577 | ---- | C] () -- C:\Documents and Settings\Erik\brs04nor.hl_
[2012/08/15 18:44:05 | 000,097,128 | ---- | C] () -- C:\Documents and Settings\Erik\brs04dut.hl_
[2012/08/15 18:44:05 | 000,096,928 | ---- | C] () -- C:\Documents and Settings\Erik\brs04dan.hl_
[2012/08/15 18:44:05 | 000,095,696 | ---- | C] () -- C:\Documents and Settings\Erik\brs04eng.hl_
[2012/08/15 18:44:05 | 000,095,528 | ---- | C] () -- C:\Documents and Settings\Erik\brs04usa.hl_
[2012/08/15 18:44:05 | 000,038,314 | ---- | C] () -- C:\Documents and Settings\Erik\brtwddan.dl_
[2012/08/15 18:44:05 | 000,035,749 | ---- | C] () -- C:\Documents and Settings\Erik\brscndev.dl_
[2012/08/15 18:44:05 | 000,032,403 | ---- | C] () -- C:\Documents and Settings\Erik\brtwdcze.dl_
[2012/08/15 18:44:05 | 000,031,989 | ---- | C] () -- C:\Documents and Settings\Erik\brserwdm.sy_
[2012/08/15 18:44:05 | 000,031,462 | ---- | C] () -- C:\Documents and Settings\Erik\brtwdchn.dl_
[2012/08/15 18:44:05 | 000,031,077 | ---- | C] () -- C:\Documents and Settings\Erik\brserif.sy_
[2012/08/15 18:44:05 | 000,015,346 | ---- | C] () -- C:\Documents and Settings\Erik\brstiif.dl_
[2012/08/15 18:44:05 | 000,010,713 | ---- | C] () -- C:\Documents and Settings\Erik\brscnusb.sy_
[2012/08/15 18:44:05 | 000,005,317 | ---- | C] () -- C:\Documents and Settings\Erik\brserif.dl_
[2012/08/15 18:44:05 | 000,002,684 | ---- | C] () -- C:\Documents and Settings\Erik\brscnrsm.dl_
[2012/08/12 07:39:34 | 000,000,256 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2011/09/22 11:31:04 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\ColorEfexPro4FC32.dll
[2011/09/12 21:16:01 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/09/12 21:16:01 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\drivers\RaCoInst.dat
[2011/08/29 23:52:19 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/29 23:52:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/29 23:52:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/29 23:52:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/29 23:52:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/05 13:10:50 | 000,003,921 | ---- | C] () -- C:\Documents and Settings\Erik\Application Data\FB1E.372
[2011/06/22 01:00:51 | 000,008,570 | -HS- | C] () -- C:\Documents and Settings\Erik\Local Settings\Application Data\2sj84r4yr1d5210755e
[2011/06/22 01:00:51 | 000,008,476 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2sj84r4yr1d5210755e
[2010/09/29 10:11:39 | 000,064,292 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/01/14 17:16:47 | 000,002,135 | ---- | C] () -- C:\Documents and Settings\Erik\Application Data\evpro32.prf
[2009/01/11 17:04:31 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/12/23 18:50:09 | 000,109,568 | ---- | C] () -- C:\Documents and Settings\Erik\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2008/12/23 19:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2011/09/01 22:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/09/15 23:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/08/12 07:34:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/12/13 20:36:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/01/11 17:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2010/01/14 10:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/07/27 18:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/09/15 23:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/09/09 10:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nik Software
[2012/08/19 00:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/08/12 07:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/06/14 01:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/18 17:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/08 21:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/16 19:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/11 14:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/12/13 20:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\AVG10
[2011/09/12 21:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\AVG2012
[2012/08/12 07:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\Canon
[2012/09/05 22:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/08/18 22:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/02/09 18:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\ContentGuard
[2012/09/16 22:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\Dropbox
[2011/02/26 19:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\FMZilla
[2012/08/20 07:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\Oracle
[2012/09/02 20:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/08/31 17:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\SystemRequirementsLab
[2012/08/12 09:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\Thunderbird
[2009/04/30 21:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/01/16 00:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\Viewpoint

========== Purity Check ==========



< End of report >

 

[CMeyers3]

EXTRAS.txt

OTL Extras logfile created on: 9/16/2012 10:04:59 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Erik\Desktop
Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 82.84% Memory free
4.84 Gb Paging File | 4.48 Gb Available in Paging File | 92.54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 412.72 Gb Free Space | 88.61% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 50.92 Gb Free Space | 21.87% Space Free | Partition Type: NTFS

Computer Name: ERIKS-DESKTOP | User Name: Erik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1957994488-115176313-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- (www.BitLord.com)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Erik\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Erik\Application Data\Dropbox\bin\Dropbox.exe:*:Enabledropbox -- (Dropbox, Inc.)
"C:\Program Files\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe" = C:\Program Files\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe:*:Enabled:Migration Assistant -- (Apple Inc.)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabledaemonu.exe -- (NVIDIA Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E1C21CD-72E7-4CE4-3D1D-99D8EEE0461A}" = ccc-core-preinstall
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13D70D56-F630-F75C-F539-D7ABDD2B0E01}" = Catalyst Control Center Graphics Full New
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{34E93A7F-599F-4BBB-B2A1-4FCE77971AB9}" = Medialink MWN-USB150N
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43CE5094-E271-1324-3485-55D8B65A11C9}" = Catalyst Control Center HydraVision Full
"{481C3B08-AC10-6F0B-4C2A-245677794AED}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AC1F66E-6ECD-0D6C-B1BE-AE3E8511DC3A}" = Catalyst Control Center Graphics Light
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE006A5-B384-4EDE-A760-0F217136B9EA}" = Microsoft IntelliType Pro 2.2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AB4641A9-0406-3E11-10D9-B60BB1CC9487}" = Catalyst Control Center Graphics Previews Common
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{ADF87E23-1B68-9043-C154-9162489A9125}" = Catalyst Control Center Graphics Full Existing
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C182D467-6F0A-418A-8B38-788F376F7502}" = Windows Migration Assistant
"{C19F299F-3B32-3930-12D3-FDF1394EE6AB}" = ccc-core-static
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0ACE207-0F90-402C-8CFA-2CB3D44CE689}" = Adobe Photoshop Lightroom 3.6
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D4CBDA3F-E1AF-489C-6BE7-CF3B75D55580}" = Catalyst Control Center Core Implementation
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E74BF7D6-8F76-0E37-8B11-0FA9DD0C4419}" = ccc-utility
"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5D1F753-A87A-5799-3676-FD81070C66D8}" = Skins
"AC3Filter_is1" = AC3Filter 1.62b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BitLord" = BitLord 1.1
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Color Efex Pro 4" = Color Efex Pro 4
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"Mozilla Thunderbird 14.0 (x86 en-US)" = Mozilla Thunderbird 14.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PunkBusterSvc" = PunkBuster Services
"RocketDock_is1" = RocketDock 1.3.5
"Spyder3Express" = Spyder3Express
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1957994488-115176313-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Kies Air Discovery Service" = Kies Air Discovery Service

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/29/2012 8:24:04 AM | Computer Name = ERIKS-DESKTOP | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 9/15/2012 9:17:15 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application uTorrent.exe, version 3.2.0.27708, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 12:26:20 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3264, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 12:27:48 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.62.0.140, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 12:28:40 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.62.0.140, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 4:19:47 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application appRemoverCore.exe, version 2.2.29.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 8:34:40 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 15.0.1.4631, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 8:36:25 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3264, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 9:56:59 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application appRemoverCore.exe, version 2.2.29.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 10:59:08 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 15.0.1.4631, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 8/29/2012 8:24:04 AM | Computer Name = ERIKS-DESKTOP | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 9/15/2012 9:17:15 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application uTorrent.exe, version 3.2.0.27708, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 12:26:20 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3264, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 12:27:48 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.62.0.140, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 12:28:40 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.62.0.140, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 4:19:47 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application appRemoverCore.exe, version 2.2.29.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 8:34:40 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 15.0.1.4631, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 8:36:25 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3264, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 9:56:59 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application appRemoverCore.exe, version 2.2.29.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 10:59:08 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 15.0.1.4631, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 9/16/2012 8:39:06 PM | Computer Name = ERIKS-DESKTOP | Source = DCOM | ID = 10010
Description = The server {A1F4E726-8CF1-11D1-BF92-0060081ED811} did not register
with DCOM within the required timeout.

Error - 9/16/2012 8:41:06 PM | Computer Name = ERIKS-DESKTOP | Source = DCOM | ID = 10010
Description = The server {A1F4E726-8CF1-11D1-BF92-0060081ED811} did not register
with DCOM within the required timeout.

Error - 9/16/2012 8:43:06 PM | Computer Name = ERIKS-DESKTOP | Source = DCOM | ID = 10010
Description = The server {A1F4E726-8CF1-11D1-BF92-0060081ED811} did not register
with DCOM within the required timeout.

Error - 9/16/2012 8:46:28 PM | Computer Name = ERIKS-DESKTOP | Source = DCOM | ID = 10010
Description = The server {A1F4E726-8CF1-11D1-BF92-0060081ED811} did not register
with DCOM within the required timeout.

Error - 9/16/2012 8:48:29 PM | Computer Name = ERIKS-DESKTOP | Source = DCOM | ID = 10010
Description = The server {A1F4E726-8CF1-11D1-BF92-0060081ED811} did not register
with DCOM within the required timeout.

Error - 9/16/2012 10:43:16 PM | Computer Name = ERIKS-DESKTOP | Source = DCOM | ID = 10010
Description = The server {A1F4E726-8CF1-11D1-BF92-0060081ED811} did not register
with DCOM within the required timeout.

Error - 9/16/2012 10:49:34 PM | Computer Name = ERIKS-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 9/16/2012 10:51:15 PM | Computer Name = ERIKS-DESKTOP | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 9/16/2012 11:00:36 PM | Computer Name = ERIKS-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 9/16/2012 11:01:59 PM | Computer Name = ERIKS-DESKTOP | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.


< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
  SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
  IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
  IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:64364
  IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
  IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:64364
  IE - HKU\S-1-5-21-1957994488-115176313-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
  FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
  [2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
  O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
  O4 - HKU\S-1-5-21-1957994488-115176313-725345543-1005..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" File not found
  [2011/06/22 01:00:51 | 000,008,570 | -HS- | C] () -- C:\Documents and Settings\Erik\Local Settings\Application Data\2sj84r4yr1d5210755e
  [2011/06/22 01:00:51 | 000,008,476 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2sj84r4yr1d5210755e
  [2009/06/14 01:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
  [2009/01/16 00:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\Viewpoint
  
  :Services
  
  :Reg
  
  :Files
  C:\Program Files\Viewpoint
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

==========================================

You can reinstall AVG now.

Next...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Search.
• A logfile will automatically open after the scan has finished.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[R1].txt as well.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[CMeyers3]

OTL Log:

All processes killed
========== OTL ==========
No active process named ViewpointService.exe was found!
Service Viewpoint Manager Service stopped successfully!
Service Viewpoint Manager Service deleted successfully!
C:\Program Files\Viewpoint\Common\ViewpointService.exe moved successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-1957994488-115176313-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1957994488-115176313-725345543-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce\\NeroHomeFirstStart deleted successfully.
C:\Documents and Settings\Erik\Local Settings\Application Data\2sj84r4yr1d5210755e moved successfully.
C:\Documents and Settings\All Users\Application Data\2sj84r4yr1d5210755e moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\Erik\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\Erik\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\Erik\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\Erik\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\Erik\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
C:\Documents and Settings\Erik\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Documents and Settings\Erik\Application Data\Viewpoint folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell\AOL9 folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\Components folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Program Files\Viewpoint\Common folder moved successfully.
C:\Program Files\Viewpoint folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 21843377 bytes
->Flash cache emptied: 405 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56478 bytes

User: Erik
->Temp folder emptied: 927270 bytes
->Temporary Internet Files folder emptied: 390996 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 78501458 bytes
->Google Chrome cache emptied: 46423756 bytes
->Flash cache emptied: 62564 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1671302 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 2494 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 11094 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56478 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 53047 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 145.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Erik
->Java cache emptied: 0 bytes

User: LocalService
->Java cache emptied: 0 bytes

User: NetworkService
->Java cache emptied: 0 bytes

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Erik
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 09162012_225220

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[CMeyers3]

Security Check:

Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 4 x86
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Spyder3Express
Malwarebytes Anti-Malware version 1.65.0.1400
HijackThis 2.0.2
JavaFX 2.1.1
Java(TM) 6 Update 12
Java(TM) 7 Update 5
Java version out of Date!
Adobe Flash Player 11.4.402.265
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
Mozilla Thunderbird 14.0. Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

[CMeyers3]

FSS:

Farbar Service Scanner Version: 06-08-2012
Ran by Erik (administrator) on 16-09-2012 at 22:59:06
Running from "C:\Documents and Settings\Erik\Desktop"
Microsoft Windows XP Professional Service Pack 3, v.3264 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2007-02-18 16:37] - [2007-12-01 00:25] - 0126976 ____A (Microsoft Corporation) 1CCE370E4208B753586C0A1D88DAC6B6

C:\WINDOWS\system32\Drivers\afd.sys
[2004-08-03 17:14] - [2007-11-30 18:17] - 0138112 ____A (Microsoft Corporation) E5D9213212ED08DC5F985049F7C68C09

C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-03 17:14] - [2007-11-30 18:19] - 0162816 ____A (Microsoft Corporation) C181E1F7A2A251B7AF6352DCBD8457F3

C:\WINDOWS\system32\Drivers\tcpip.sys
[2007-02-18 16:39] - [2007-11-30 18:18] - 0361344 ____A (Microsoft Corporation) 19EBDA988DA80F133DC9E28A50F606E8

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-03 17:14] - [2007-11-30 18:17] - 0075264 ____A (Microsoft Corporation) BFEA19DAFF955239A16A80C3CDF64FBE

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-03 18:56] - [2007-12-01 00:25] - 0045568 ____A (Microsoft Corporation) F0AB10362C34E0FDC03FB8E029D07984

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-03 18:56] - [2007-12-01 00:25] - 0331264 ____A (Microsoft Corporation) DA9222DF50B74641658BE5B23B649016

C:\WINDOWS\system32\netman.dll
[2007-02-18 16:38] - [2007-12-01 00:25] - 0198144 ____A (Microsoft Corporation) 926F0847887C38D0C6F8C1AEF4E45E98

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-12-21 13:24] - [2007-12-01 00:26] - 0144896 ____A (Microsoft Corporation) C509666623D32AC4CDA3199CE4EB1925

C:\WINDOWS\system32\srsvc.dll
[2008-12-21 13:26] - [2007-12-01 00:26] - 0171008 ____A (Microsoft Corporation) 70BF530F3B28242FD6B2E558219316EB

C:\WINDOWS\system32\Drivers\sr.sys
[2008-12-21 13:26] - [2007-11-30 17:39] - 0073472 ____A (Microsoft Corporation) 8EC0EC1508D5C0DC9F0A46B264B41BFF

C:\WINDOWS\system32\wscsvc.dll
[2007-02-18 16:39] - [2007-12-01 00:26] - 0080896 ____A (Microsoft Corporation) E750CD80918C221F7249802A3048A287

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-12-21 13:24] - [2007-12-01 00:26] - 0144896 ____A (Microsoft Corporation) C509666623D32AC4CDA3199CE4EB1925

C:\WINDOWS\system32\wuauserv.dll
[2008-12-21 13:26] - [2007-02-18 16:39] - 0018392 ____A (Microsoft Corporation) B72508649DAD03BCB5D708EDB1E3E57E

C:\WINDOWS\system32\qmgr.dll
[2008-12-21 13:26] - [2007-12-01 00:25] - 0409088 ____A (Microsoft Corporation) 60EEA64022CE15CB3A81CE666D74913F

C:\WINDOWS\system32\es.dll
[2007-02-18 16:37] - [2007-12-01 00:25] - 0246272 ____A (Microsoft Corporation) 56F40DEC4F1A4595BE3B092E38B07C07

C:\WINDOWS\system32\cryptsvc.dll
[2007-02-18 16:37] - [2007-12-01 00:25] - 0062464 ____A (Microsoft Corporation) B81BA41FE68A70C0FC429BBEFC547739

C:\WINDOWS\system32\svchost.exe
[2004-08-03 18:56] - [2007-12-01 00:26] - 0014336 ____A (Microsoft Corporation) 0C82B0AE50BB2BC8A96A753F4EDC495F

C:\WINDOWS\system32\rpcss.dll
[2007-02-18 16:38] - [2007-12-01 00:25] - 0399360 ____A (Microsoft Corporation) 70ABA737C26F576BD04F108E22FE8A8A

C:\WINDOWS\system32\services.exe
[2004-08-03 18:56] - [2007-12-01 00:26] - 0108544 ____A (Microsoft Corporation) 76727219614A50B2DB29BD0CDA4260D5


Extra List:
=======
AegisP(12) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0E0000000400000001000000020000000300000008000000090000000A0000000B0000000D0000000E0000000500000006000000070000000C000000
IpSec Tag value is correct.

**** End of log ****