View Full Version : Need Help with System Tool
Before I begin, please be patient with me as I am not too computer savvy. My computer somehow got System Tool in late 2010, however I used system restore at that time to go back and didn't have any problems again until March 2011. I don't know if System Tool was still hiding in my computer since 2010 despite the system restore or if it came back when another user of my computer downloaded some programs two weeks ago. Since I noticed System Tool a few days ago, I tried once again to use system restore, however it would not go back far enough to before the new downloads. So the computer was ok for about two days and then System Tool popped back up and here I am forced to start the computer up in safe mode. Today I downloaded Spybot, Hijackthis, and Malwarebytes. I ran them all, and used spybot and malwarebytes to "fix" some of the problems, however have not used hijackthis to fix anything yet. I also ran erunt as your forum requested. Here is my DDS:.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Larry at 14:23:10.62 on Mon 03/07/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1012.337 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Larry\Desktop\OTL.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JZ1FSI4\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
uSearch Page =
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80016
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\consumer input\dca-bho.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: @c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: MyPoints Point Finder: {89a2510a-b4b6-4683-bec9-1b96700bc7f1} - c:\program files\mypoints point finder\Toolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [PPWebCap] c:\program files\scansoft\paperport\PPWebCap.exe
uRun: [lphc78sj0ej1h] c:\windows\system32\lphc78sj0ej1h.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [ATT-SST] c:\program files\att-sst\mccibrowser.exe -appkey=att-sst -url=file://c:\program files\att-sst\ocb\4f166975-fb23-45c3-9f1f-a45824649e35\Start.htm?VendorID=ATT-SST,isHidden=false,ConnectivityRequired=true,flowId=HOMEPAGE,FlowParams=
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [SpybotDeletingB9396] command.com /c del "c:\program files\free offers from freeze.com\dolphinico.ico"
uRunOnce: [SpybotDeletingD8206] cmd.exe /c del "c:\program files\free offers from freeze.com\dolphinico.ico"
uRunOnce: [SpybotDeletingB251] command.com /c del "c:\program files\free offers from freeze.com\wfallsaw.ico"
uRunOnce: [SpybotDeletingD5128] cmd.exe /c del "c:\program files\free offers from freeze.com\wfallsaw.ico"
uRunOnce: [SpybotDeletingB6297] command.com /c del "c:\windows\BMUpdate.ini"
uRunOnce: [SpybotDeletingD808] cmd.exe /c del "c:\windows\BMUpdate.ini"
uRunOnce: [SpybotDeletingB8315] command.com /c del "c:\program files\free offers from freeze.com\dolphinico.ico"
uRunOnce: [SpybotDeletingD105] cmd.exe /c del "c:\program files\free offers from freeze.com\dolphinico.ico"
uRunOnce: [SpybotDeletingB5469] command.com /c del "c:\program files\free offers from freeze.com\wfallsaw.ico"
uRunOnce: [SpybotDeletingD9285] cmd.exe /c del "c:\program files\free offers from freeze.com\wfallsaw.ico"
uRunOnce: [SpybotDeletingB6858] command.com /c del "c:\windows\BMUpdate.ini"
uRunOnce: [SpybotDeletingD671] cmd.exe /c del "c:\windows\BMUpdate.ini"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [lphc78sj0ej1h] c:\windows\system32\lphc78sj0ej1h.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [ISW.exe] "c:\program files\at&t\internet security wizard\ISW.exe" /AUTORUN
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [TVEService] "c:\program files\cyberlink\tv enhance\TVEService.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\larry\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wincin~1.lnk - c:\program files\sandisk\common\bin\WinCinemaMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn111\wpn111.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\remote~1.lnk - c:\program files\indtube\utility\remotetool\inDtube.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: motive.com\patttbc.att
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-15 136176]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\cyberlink\tv enhance\kernel\tv\TVECapSvc.exe [2010-1-29 344159]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\cyberlink\tv enhance\kernel\tv\TVESched.exe [2010-1-29 118877]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-1-20 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-1-20 251904]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2008-7-7 362944]
.
=============== Created Last 30 ================
.
2011-03-07 17:35:22 -------- d-----w- c:\users\larry\appdata\roaming\Malwarebytes
2011-03-07 17:33:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-07 17:33:18 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-07 17:33:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-07 17:33:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-07 17:17:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-07 17:17:43 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-03-07 16:53:38 -------- d-----w- c:\progra~2\jHaJlMl06300
2011-03-05 16:54:59 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-03-05 16:50:43 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-03-05 16:50:42 40448 ----a-w- c:\windows\system32\winrs.exe
2011-03-05 16:50:42 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-03-05 16:50:32 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-03-05 16:50:32 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-03-05 16:50:22 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2011-03-05 16:50:22 79872 ----a-w- c:\windows\system32\wecutil.exe
2011-03-05 16:50:22 56320 ----a-w- c:\windows\system32\wecapi.dll
2011-03-05 16:50:22 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-03-05 16:50:22 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-03-05 16:50:22 146944 ----a-w- c:\windows\system32\wecsvc.dll
2011-03-05 16:49:49 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-03-05 16:49:44 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-03-05 16:49:43 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-03-05 16:49:43 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-03-05 16:49:43 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-03-05 16:49:43 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-03-05 16:49:42 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-03-04 20:26:55 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{7ce7d421-6bdc-487b-8987-b44ba3215988}\mpengine.dll
2011-03-04 18:21:05 -------- d-----w- c:\progra~2\lFnDdMo06300
2011-02-23 18:38:37 -------- d-----w- c:\users\larry\appdata\local\HP
2011-02-22 20:46:04 -------- d-----w- c:\progra~2\WEBREG
2011-02-22 20:31:35 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-02-22 19:49:09 897024 ----a-w- c:\windows\system32\SET3887.tmp
2011-02-22 19:49:09 675840 ----a-w- c:\windows\system32\SET2F70.tmp
2011-02-22 19:49:09 303104 ----a-w- c:\windows\system32\hpovst01.dll
2011-02-22 19:49:09 258048 ----a-w- c:\windows\system32\hpzids01.dll
2011-02-06 19:14:14 -------- d-----w- c:\users\larry\appdata\local\IsolatedStorage
.
==================== Find3M ====================
.
2011-02-03 01:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
============= FINISH: 14:25:09.90 ===============
Also, here is the Attach. txt
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
I am still seeing some malware on your system
With Vista, when running these programs you need to Right Click on the program and select RUN AS ADMINISTRATOR
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Here is the Malwarebytes log...yesterday when I scanned the computer with malwarebytes I was using a different user account (in safe mode) that hadn't been attacked by System Tool yet , today when I scanned and produced this log I was under my own user account which had been attacked by System Tools on the same computer.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5981
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19019
3/8/2011 9:02:13 AM
mbam-log-2011-03-08 (09-02-13).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 381881
Time elapsed: 1 hour(s), 30 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8BCB5337-EC01-4E38-840C-A964F174255B} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} (Adware.SmartShopper) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\jHaJlMl06300 (Rogue.SystemTool.M) -> Value: jHaJlMl06300 -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\programdata\jhajlml06300\jhajlml06300.exe (Rogue.SystemTool.M) -> Quarantined and deleted successfully.
Hi,
Reboot your computer and lets run a couple of programs, the first will check for a Rootkit and the second will give a more indepth look at your system.
With Vista you need to right click on the program and select RUN AS ADMINISTRATOR
Scan With RootKitUnHooker
Please choose one link and download Rootkit Unhooker and save it to your desktop.
Link 1 (http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE)
Link 2 (http://www.kernelmode.info/ARKs/RKUnhookerLE.zip)
Link 3 (http://www.kernelmode.info/ARKs/RkU3.8.388.590.rar)
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers and Stealth
Uncheck the rest. then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished and then click File > Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in your next reply.
Note** you may get the following warning, just click OK and continue.
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8A200000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7065600 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x8244C000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x8244C000 PnpManager 3907584 bytes
0x8244C000 RAW 3907584 bytes
0x8244C000 WMIxWDM 3907584 bytes
0x8B60C000 C:\Windows\system32\drivers\RTKVHDA.sys 2150400 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x92870000 Win32k 2109440 bytes
0x92870000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8660A000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x82A7C000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8B003000 C:\Windows\system32\DRIVERS\HSX_DP.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x86402000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D2000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA8801000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8B105000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x922DF000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8A8BD000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8A969000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x9220C000 C:\Windows\system32\DRIVERS\emBDA.sys 536576 bytes (eMPIA Technology, Inc., USB 28xx BDA Driver)
0x8060F000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82A0B000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80408000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xA6C0A000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA6D7B000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x8658A000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 311296 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x80734000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8B90B000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80698000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80491000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8B23A000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8653D000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8B9BC000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x82BB2000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xA6D02000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8671A000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8B32C000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82419000 ACPI_HAL 208896 bytes
0x82419000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x807C9000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8B953000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B20B000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8B819000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82B87000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x865D6000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x923C1000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xA6D53000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8676A000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806EF000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8B846000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8B2A8000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x867A2000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA6CC2000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8B88E000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA6CE3000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x807AB000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x92393000 C:\Windows\system32\DRIVERS\irda.sys 122880 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xA6C77000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x86516000 C:\Windows\system32\DRIVERS\Rtlh86.sys 114688 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver )
0x864EC000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x922C4000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA6C94000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x805C2000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA6D3B000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8B372000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8B286000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xA88FF000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8B985000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8B8E1000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xA6CAD000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8B2EE000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8B2DA000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8B8F7000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8B1C7000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8B3AB000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8B9A9000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x86791000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8B361000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80478000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x805B2000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x923B1000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80793000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8B303000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x86507000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x9229E000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8675B000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80716000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8B2CB000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8657B000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80725000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x92AB0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8B99B000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8B8CA000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80785000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8B389000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8B1BA000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8B31F000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x922B7000 C:\Windows\system32\DRIVERS\usbscan.sys 53248 bytes (Microsoft Corporation, USB Scanner Driver)
0x8068B000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA88E9000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8B882000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8A95D000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8B396000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8B1E5000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8B1DA000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8B8BF000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8B29D000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8B27B000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x867EC000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x86532000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x92294000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8B3A1000 C:\Windows\system32\DRIVERS\emOEM.sys 40960 bytes (eMPIA Technology, Inc., USB 28xx BDA Lower filter)
0x8B315000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x923EB000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8B600000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA88DF000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x922AD000 C:\Windows\system32\DRIVERS\usbprint.sys 40960 bytes (Microsoft Corporation, USB Printer driver)
0x867C3000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8B86B000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xA8917000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8B8D8000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x92A90000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x867F7000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806DE000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8B1F0000 C:\Windows\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft(R) ASPI Shell)
0x807A3000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80489000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8B9F8000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x806E7000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8B8AF000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8B8B7000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x86753000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xA88F5000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8B87B000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8077E000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x80401000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8B874000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8A9F6000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x9238F000 C:\Windows\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xA6DC9000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x9228F000 C:\Windows\system32\DRIVERS\BdaSup.SYS 12288 bytes (Microsoft Corporation, Microsoft BDA Driver Support Library)
0x8B1F8000 C:\Windows\system32\drivers\iviaspi.sys 12288 bytes (InterVideo, Inc., InterVideo ASPI Shell)
0xA8915000 C:\Windows\system32\drivers\MSPQM.sys 8192 bytes (Microsoft Corporation, MS Proxy Quality Manager)
0x8B313000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x92292000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x06640000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x84323428 ] PID: 5744, 1077248 bytes
0x059D0000 Hidden Image-->Intuit.Spc.Oip.Messaging.Client.Core.dll [ EPROCESS 0x84323428 ] PID: 5744, 126976 bytes
0x06D80000 Hidden Image-->Intuit.Spc.Oip.Messaging.Client.Protocol.dll [ EPROCESS 0x84323428 ] PID: 5744, 233472 bytes
0x06B10000 Hidden Image-->log4net.dll [ EPROCESS 0x84323428 ] PID: 5744, 282624 bytes
0x06DF0000 Hidden Image-->BackgroundCopyManager.dll [ EPROCESS 0x84323428 ] PID: 5744, 28672 bytes
0x03E10000 Hidden Image-->Intuit.Spc.Foundations.Portability.dll [ EPROCESS 0x84323428 ] PID: 5744, 471040 bytes
0x05390000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x84323428 ] PID: 5744, 479232 bytes
0x031C0000 Hidden Image-->Intuit.Spc.Foundations.Primary.Logging.dll [ EPROCESS 0x84323428 ] PID: 5744, 53248 bytes
0x04CE0000 Hidden Image-->Intuit.Spc.Oip.Messaging.Client.ExternalApi.dll [ EPROCESS 0x84323428 ] PID: 5744, 69632 bytes
0x03EC0000 Hidden Image-->Intuit.Spc.Foundations.Primary.ExceptionHandling.dll [ EPROCESS 0x84323428 ] PID: 5744, 77824 bytes
0x04990000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x84323428 ] PID: 5744, 778240 bytes
0x03EE0000 Hidden Image-->Intuit.Spc.Foundations.Primary.Config.dll [ EPROCESS 0x84323428 ] PID: 5744, 86016 bytes
0x06F60000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x84323428 ] PID: 5744, 872448 bytes
OTL logfile created on: 3/9/2011 8:31:37 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Lauren & Sineca\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,012.00 Mb Total Physical Memory | 325.00 Mb Available Physical Memory | 32.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.92 Gb Total Space | 47.59 Gb Free Space | 16.47% Space Free | Partition Type: NTFS
Drive D: | 9.17 Gb Total Space | 1.12 Gb Free Space | 12.19% Space Free | Partition Type: NTFS
Computer Name: LARRY-PC | User Name: Lauren & Sineca | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Lauren & Sineca\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Windows\System32\consent.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
PRC - C:\Program Files\Consumer Input\dca-ua.exe (Compete, Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\inDtube\Utility\RemoteTool\inDtube.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe ()
PRC - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe ()
PRC - C:\Program Files\CyberLink\TV Enhance\TVEService.exe (CyberLink Corp.)
PRC - C:\Program Files\AT&T\Internet Security Wizard\ISW.exe (AT&T)
PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
PRC - C:\Program Files\ScanSoft\PaperPort\PPWEBCAP.EXE (Scansoft Inc.)
PRC - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
PRC - C:\Program Files\Microsoft Office\Office\OSA.EXE ()
========== Modules (SafeList) ==========
MOD - C:\Users\Lauren & Sineca\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe ()
SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe ()
========== Driver Services (SafeList) ==========
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (JL2005C) -- C:\Windows\System32\drivers\jl2005c.sys (Windows (R) 2000 DDK provider)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (mr7910) -- C:\Windows\System32\drivers\mr7910.sys (Mars Semiconductor Corp.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (WPN111) -- C:\Windows\System32\drivers\WPN111.sys (NETGEAR, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80016
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
IE - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/11 10:24:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/11 10:24:12 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Consumer Input\dca-bho.dll (Compete, Inc.)
O3 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - File not found
O3 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\..\Toolbar\WebBrowser: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - File not found
O3 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [ISW.exe] C:\Program Files\AT&T\Internet Security Wizard\ISW.exe (AT&T)
O4 - HKLM..\Run: [lphc78sj0ej1h] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] File not found
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [TVEService] C:\Program Files\CyberLink\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001..\Run: [Consumer Input Update] C:\Program Files\Consumer Input\dca-ua.exe (Compete, Inc.)
O4 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001..\Run: [CSmileys] File not found
O4 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001..\Run: [DW6] File not found
O4 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001..\Run: [Exetender] File not found
O4 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001..\Run: [lphc78sj0ej1h] File not found
O4 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001..\Run: [PPWebCap] C:\Program Files\ScanSoft\PaperPort\PPWEBCAP.EXE (Scansoft Inc.)
O4 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lauren & Sineca\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lauren & Sineca\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/21 07:56:44 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/03/09 08:20:40 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Lauren & Sineca\Desktop\OTL.exe
[2011/03/08 07:29:15 | 000,000,000 | ---D | C] -- C:\Users\Lauren & Sineca\AppData\Roaming\Malwarebytes
[2011/03/07 14:22:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/07 14:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/03/07 14:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/07 09:33:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/07 09:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/07 09:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/07 09:33:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/07 09:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/07 09:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/03/07 09:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/03/07 09:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/03/07 08:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\jHaJlMl06300
[2011/03/05 09:04:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/03/05 08:54:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/03/05 08:50:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/03/05 08:50:42 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/03/05 08:50:42 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/03/05 08:50:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/03/05 08:50:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/03/05 08:50:22 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/03/05 08:50:22 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/03/05 08:50:22 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/03/05 08:50:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/03/05 08:50:22 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/03/05 08:49:44 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/03/05 08:49:43 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/03/05 08:49:43 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/03/05 08:49:43 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/03/05 08:49:43 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/03/04 10:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\lFnDdMo06300
[2011/02/23 08:37:31 | 000,000,000 | ---D | C] -- C:\Users\Lauren & Sineca\AppData\Roaming\HP
[2011/02/22 12:46:04 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011/02/22 12:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/02/22 11:49:09 | 000,303,104 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpovst01.dll
[2011/02/22 11:49:09 | 000,258,048 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2011/02/09 15:39:36 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/09 15:39:33 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/09 15:39:33 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/09 15:39:23 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/02/09 15:39:23 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/02/09 15:39:22 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/02/09 15:39:22 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/02/09 15:39:22 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/09 15:39:22 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/02/09 15:39:22 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/02/09 15:39:22 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/09 15:39:22 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/02/09 15:39:21 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/02/09 15:39:21 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/02/09 15:39:21 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/02/09 15:39:20 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/02/09 15:39:20 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/02/09 15:39:20 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/02/09 15:39:19 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/02/09 15:39:19 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/02/09 15:39:19 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/02/09 15:39:19 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/02/09 15:39:19 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/02/09 15:39:19 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/02/09 15:39:18 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/02/09 15:39:18 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/02/09 15:39:17 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/02/09 15:37:52 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/02/09 15:37:52 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/09 15:37:52 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/09 15:37:51 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/09 15:37:51 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/09 15:37:51 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/09 15:37:51 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/02/09 15:37:51 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/02/09 15:37:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/02/09 15:37:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/02/09 15:37:50 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/02/09 15:37:50 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/02/09 15:37:50 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/09 15:37:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/09 15:37:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/02/09 15:37:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/09 15:37:49 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/09 15:37:36 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/09 15:37:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/03/09 08:34:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/09 08:32:35 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EEF8D868-263D-407E-B401-21B46E05761C}.job
[2011/03/09 08:30:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AA3C5D03-265C-4D2F-9F97-272B964147BB}.job
[2011/03/09 08:20:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lauren & Sineca\Desktop\OTL.exe
[2011/03/09 07:16:08 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/09 07:15:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/09 07:15:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/09 07:15:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/09 07:15:13 | 1062,395,904 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/08 18:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/03/08 07:11:48 | 000,027,648 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2011/03/07 15:43:32 | 000,000,680 | ---- | M] () -- C:\Users\Lauren & Sineca\Desktop\ERUNT.lnk
[2011/03/07 12:05:09 | 000,000,447 | ---- | M] () -- C:\Windows\wininit.ini
[2011/03/07 09:33:19 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/06 10:52:13 | 000,033,280 | ---- | M] () -- C:\Users\Lauren & Sineca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/04 11:40:46 | 000,001,978 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/02/22 12:46:55 | 000,148,952 | ---- | M] () -- C:\Windows\hpoins19.dat
[2011/02/21 16:34:18 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/21 16:34:18 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/10 09:25:24 | 000,372,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/03/08 09:03:21 | 1062,395,904 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/07 15:43:32 | 000,000,680 | ---- | C] () -- C:\Users\Lauren & Sineca\Desktop\ERUNT.lnk
[2011/03/07 10:25:21 | 000,000,447 | ---- | C] () -- C:\Windows\wininit.ini
[2011/03/07 09:33:19 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/05 08:49:49 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/03/05 08:49:49 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/03/05 08:49:49 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/22 12:36:43 | 000,000,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/02/22 12:32:05 | 000,001,978 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/02/22 11:49:29 | 000,148,952 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/02/22 11:49:07 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/11/04 16:22:58 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010/11/04 16:22:57 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/11/03 14:56:40 | 009,079,808 | ---- | C] () -- C:\Windows\System32\alltoall.exe
[2010/08/09 15:39:19 | 000,000,070 | ---- | C] () -- C:\Users\Lauren & Sineca\AppData\Roaming\wklnhst.dat
[2010/06/14 08:12:17 | 000,000,680 | ---- | C] () -- C:\Users\Lauren & Sineca\AppData\Local\d3d9caps.dat
[2010/06/11 13:08:59 | 000,000,552 | ---- | C] () -- C:\Users\Lauren & Sineca\AppData\Local\d3d8caps.dat
[2010/05/13 07:50:18 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/04/08 13:33:27 | 079,471,648 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2010/02/12 11:36:38 | 000,306,688 | ---- | C] () -- C:\Windows\System32\LFFPX7.DLL
[2010/02/12 11:36:38 | 000,302,592 | ---- | C] () -- C:\Windows\System32\pgp.dll
[2010/02/12 11:36:38 | 000,095,232 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL
[2010/02/12 11:36:38 | 000,093,184 | ---- | C] () -- C:\Windows\System32\keydb.dll
[2010/02/12 11:36:38 | 000,070,656 | ---- | C] () -- C:\Windows\System32\simple.dll
[2010/02/12 11:36:38 | 000,065,024 | ---- | C] () -- C:\Windows\System32\bn.dll
[2009/12/19 13:52:29 | 000,000,068 | ---- | C] () -- C:\Windows\C4WREL7.INI
[2009/12/19 13:51:27 | 000,032,256 | ---- | C] () -- C:\Windows\System32\lng32mai.dll
[2009/12/19 13:51:27 | 000,016,384 | ---- | C] () -- C:\Windows\System32\REGMOD.DLL
[2009/12/19 13:51:26 | 003,288,064 | ---- | C] () -- C:\Windows\System32\C4WSA32.DLL
[2009/12/19 13:51:26 | 000,311,808 | ---- | C] () -- C:\Windows\System32\C4WTIL32.DLL
[2009/12/19 13:51:26 | 000,139,776 | ---- | C] () -- C:\Windows\System32\C4WICN32.DLL
[2009/12/19 13:51:26 | 000,061,952 | ---- | C] () -- C:\Windows\System32\C4WRES32.DLL
[2009/12/19 13:51:26 | 000,051,200 | ---- | C] () -- C:\Windows\System32\DWSW32.DLL
[2009/12/19 13:51:26 | 000,033,280 | ---- | C] () -- C:\Windows\System32\lng32ss.dll
[2009/12/19 13:51:25 | 000,031,744 | ---- | C] () -- C:\Windows\System32\C4WErr32.dll
[2009/11/22 13:12:44 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2009/09/18 09:42:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 09:42:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/30 09:04:31 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2008/12/27 19:23:12 | 000,000,664 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/10/13 12:28:59 | 000,000,155 | ---- | C] () -- C:\Windows\CDFACE32.INI
[2008/09/11 09:03:51 | 000,033,280 | ---- | C] () -- C:\Users\Lauren & Sineca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/04 06:28:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/18 14:12:30 | 000,000,611 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/07/18 14:12:30 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini
[2008/07/18 14:12:29 | 000,000,957 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/07/18 12:54:44 | 000,000,090 | ---- | C] () -- C:\Windows\calera.ini
[2008/07/18 12:54:35 | 000,269,312 | ---- | C] () -- C:\Windows\System32\FPXIG.DLL
[2008/07/18 12:54:35 | 000,068,096 | ---- | C] () -- C:\Windows\System32\IGFPX32P.DLL
[2008/07/18 12:54:35 | 000,065,024 | ---- | C] () -- C:\Windows\System32\JPEGACC.DLL
[2008/07/18 12:54:24 | 000,101,376 | ---- | C] () -- C:\Windows\System32\WELSOF32.DLL
[2008/07/07 14:09:44 | 000,651,264 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2008/07/07 14:09:44 | 000,192,512 | R--- | C] () -- C:\Windows\System32\AegisI5.exe
[2008/07/07 14:09:44 | 000,149,392 | ---- | C] () -- C:\Windows\System32\drivers\ar5523.bin
[2008/07/07 14:09:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2008/03/25 08:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2008/03/25 08:42:46 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/03/25 08:42:46 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/03/25 08:42:46 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/02/21 07:57:04 | 000,000,068 | ---- | C] () -- C:\Windows\System32\Compaq_Demo.ini
[2008/02/21 07:45:41 | 000,102,451 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/02/21 07:41:27 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2008/02/21 07:39:16 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/02/21 07:39:16 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/02/21 07:30:17 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/02/21 07:30:17 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/02/21 07:30:17 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/02/21 07:30:17 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,372,504 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1997/07/10 23:00:00 | 000,047,104 | ---- | C] () -- C:\Windows\System32\WRKGADM.EXE
[1997/07/10 23:00:00 | 000,031,232 | ---- | C] () -- C:\Windows\System32\XLREC.DLL
[1997/07/10 23:00:00 | 000,025,600 | ---- | C] () -- C:\Windows\System32\RECNCL.DLL
[1997/07/10 23:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL
[1997/07/10 23:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997/07/10 23:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
========== LOP Check ==========
[2009/06/25 21:09:10 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\AT&T
[2010/12/11 10:24:15 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\ATTToolbar
[2008/12/27 19:58:08 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Canon
[2010/05/20 18:56:25 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Costco Photo Organizer
[2010/05/30 09:03:14 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Costco Photo Viewer US
[2011/02/23 11:55:31 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Image Zone Express
[2008/10/13 09:32:22 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\LimeWire
[2008/07/31 13:06:29 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\MSNInstaller
[2008/11/28 19:57:55 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\NCH Swift Sound
[2011/02/22 13:04:05 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Printer Info Cache
[2008/11/17 14:18:39 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Recordpad
[2008/12/27 19:22:49 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\ScanSoft
[2008/09/12 16:14:26 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\SmartDraw
[2008/07/07 13:41:13 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Snapfish
[2008/08/11 19:12:28 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Template
[2008/07/08 21:07:18 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\WinBatch
[2008/11/18 10:44:48 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\acccore
[2009/06/26 07:38:50 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\AT&T
[2009/01/21 11:02:48 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\Canon
[2010/05/24 15:36:12 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\Costco Photo Organizer
[2010/05/20 16:01:26 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\Costco Photo Viewer US
[2008/11/18 09:49:54 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\NCH Swift Sound
[2008/11/18 09:49:52 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\Recordpad
[2011/03/08 09:37:55 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\Snapfish
[2010/08/09 15:39:22 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\Template
[2011/03/08 18:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2011/03/08 19:40:40 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/03/09 08:30:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{AA3C5D03-265C-4D2F-9F97-272B964147BB}.job
[2011/03/09 08:32:35 | 000,000,412 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EEF8D868-263D-407E-B401-21B46E05761C}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
OTL Extras logfile created on: 3/9/2011 8:31:37 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Lauren & Sineca\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,012.00 Mb Total Physical Memory | 325.00 Mb Available Physical Memory | 32.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.92 Gb Total Space | 47.59 Gb Free Space | 16.47% Space Free | Partition Type: NTFS
Drive D: | 9.17 Gb Total Space | 1.12 Gb Free Space | 12.19% Space Free | Partition Type: NTFS
Computer Name: LARRY-PC | User Name: Lauren & Sineca | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{31177906-F51F-4A94-BC4C-2736B0B30FF9}" = lport=137 | protocol=17 | dir=in | app=system |
"{3326C752-C47B-4696-8EEB-FDB7C15956C4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4A74D432-D3F3-4507-9E1C-CFB612992110}" = rport=139 | protocol=6 | dir=out | app=system |
"{532EB5C5-BEA9-4C26-8836-1322551E507B}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{5F53F1FB-D0B1-4737-A75B-0D0DB278FDA0}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{643529C6-85E1-4313-BDF2-2CAE271617D1}" = rport=138 | protocol=17 | dir=out | app=system |
"{774B7EE6-513A-4846-8773-16C090AF4ACC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{97AAF3E7-D62D-440B-AB04-B5003C682B31}" = lport=139 | protocol=6 | dir=in | app=system |
"{A5FC48CA-F9EC-4CE3-90CA-2C9F4B21D894}" = rport=137 | protocol=17 | dir=out | app=system |
"{C16EFFB1-D270-4168-AF55-C74B3D5D99A7}" = lport=445 | protocol=6 | dir=in | app=system |
"{C1B8E435-71F3-4628-8EDF-EDB09ED127CA}" = rport=445 | protocol=6 | dir=out | app=system |
"{FD99B846-2DB4-4CC4-AD17-BA7D8B7BA06E}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C5842F-9523-443D-BCC9-D29BC7DF181C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0F374204-8555-46AC-B64D-1416F6C90BB8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{17735802-2F6D-4635-B22B-ABCDCC5FF573}" = dir=in | app=c:\program files\cyberlink\tv enhance\tveservice.exe |
"{1D21E4F5-7DFA-4BD9-AFA7-6B205BAC2C7D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1ECC7D8B-0B30-47B0-97E5-8CD458ED1946}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{229ADBD7-93B4-4B46-B502-450F8BFD5D21}" = dir=in | app=c:\program files\cyberlink\tv enhance\tvenhance.exe |
"{2A6BA80D-A070-449B-8F15-8695BD4F175F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{33DCF51E-F81B-4B98-B2CB-BB4D5BD37B9A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{362F6F12-14C9-429A-A467-B5F9D0FFC8F7}" = protocol=6 | dir=in | app=c:\program files\mypoints point finder\toolbarupdate.exe |
"{3E838B06-2F52-4654-BA60-3B155E75CD79}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{45265472-6E9D-40B9-BFEF-3F43832940A1}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{5E8BE8C2-42E0-49F8-91C3-18E8A00DE634}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{6431E17B-A1F1-4EF3-B289-4F9CB6970FBC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6945130F-1A14-42B5-8A69-F20BE2CE7AE1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{822A9797-A453-444C-A4DB-482AD79BC067}" = protocol=17 | dir=in | app=c:\program files\mypoints point finder\toolbarupdate.exe |
"{8E1CB7A1-20D1-4B12-83B9-0033B23D0BBE}" = protocol=17 | dir=in | app=c:\program files\mypoints point finder\troubleshooter.exe |
"{8FDD9FF6-96D8-4A67-A0B2-B444482D5191}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{98021B7E-4328-401D-9F6B-8BCDE8EAF26D}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{A17025AD-3C75-48E7-AB36-A5D1EE620649}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{A8AC7D20-5A86-41DB-87C0-DB52ED7AAC19}" = protocol=6 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
"{A8C418DB-C5C8-4FC5-85F6-7010501E9237}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{AD71E7EB-A27D-45DA-A564-11EE5E622120}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B5AB27C2-C520-4B24-AD5C-7A6D41B1C482}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D74662A8-D363-40E4-9C17-C1A3F22F9378}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DDA2F7F6-4234-4EE8-859E-C955790010DA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DF627884-8F0D-4A05-A973-0C855B853386}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E28102C8-4E63-4848-A8C8-69DE8126C183}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{EB58E0D2-4ADD-41C2-B2E8-615F6AEE54FF}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F4D0D333-B693-45E3-BEFB-30ED6A6D13BC}" = protocol=17 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
"{F5E8F9C8-D75E-4D57-B4D7-ACD128155FA5}" = protocol=6 | dir=in | app=c:\program files\mypoints point finder\troubleshooter.exe |
"{FB4239D0-A65F-473A-8539-086DCD2B19EF}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"TCP Query User{66DD20B8-86B4-420C-A0A0-05C8E6C1E794}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A0BBD519-F92A-4907-9485-C460E1F8E6BB}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{A8B4A762-510C-4136-8BF0-3E48789B7330}C:\program files\scansoft\paperport\navbrowser.exe" = protocol=6 | dir=in | app=c:\program files\scansoft\paperport\navbrowser.exe |
"UDP Query User{33B11585-A691-4E40-B8FB-D70B43AA8C1A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{76425767-6FAA-4604-9572-A25A0CD481B7}C:\program files\scansoft\paperport\navbrowser.exe" = protocol=17 | dir=in | app=c:\program files\scansoft\paperport\navbrowser.exe |
"UDP Query User{F3039F4B-5CA3-4F05-9652-0171BCE0183B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02EE107B-8D95-4949-8935-4DEBE8F08BE3}" = Bing Bar Platform
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{25771101-7948-4591-ABF3-B1ECE7A7F45F}" = HP Update
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{31B2D73B-4311-4D95-A131-32FB2194D1CB}" = Microsoft UI Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{48A34EA8-695B-48BE-B900-C0C44D5D518A}" = Photo Viewer
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{582E9125-32B6-4CBA-AB48-3E33CE3DB389}" = NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66F2E34E-A7D4-49AF-8D4A-2F6D8760EFAD}" = LightScribe Template Designs - Celebration Pack 1
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{788B97E8-D825-419A-8558-1C0B344C5371}" = Costco Photo Organizer
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7D9B77E1-0078-0001-4447-ADD4C0A93D1D}" = Sansa Media Converter
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{7F2B6338-4C07-49A0-BDF0-AD92E3124A7E}" = Compaq Demo
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84B01A13-F78F-4281-9224-C96FB3530A2C}" = LightScribe Template Designs - Seasonal Pack 1
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6C766E9-B26D-4D54-A22B-A52B069C6C14}" = LightScribe Template Designs - Special Occasion Pack 1
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BCC5DC79-2275-4171-8CEA-39F0DD9ADF58}" = EVGA in D tube Driver
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C45EB9E5-7165-4FB0-8C31-77FC4743362F}" = Manual CanoScan LiDE 25
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CDEE9830-92A2-4A65-8ED7-6804C865BA2F}" = ArcSoft PhotoImpression 5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF736FF-8133-42F3-8E18-BDFE293B87FF}" = LightScribe Template Designs - Holiday Pack 1
"{DB3A97C0-EEC1-43FE-AB56-E2EA972CF111}" = 1600
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E35A1183-F6D8-4DCA-A111-296AFFA00A5C}" = LightScribe Template Designs - Tattoo Pack 1
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EA79DC46-98B0-4A26-A76F-448A032E5E4D}" = 1600Trb
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB7A2041-6A16-4BAC-8079-43B985673C2C}" = Avery Wizard 3.1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F35FE9BC-FC41-4A22-8545-4FB15E8BCD0C}" = BSL 3.7
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FEA5A8ED-93A1-44EE-9A7D-43103DB3F78D}" = 1600_Help
"{fef8097e-662d-49b3-aa77-2919db3746d7}" = HP Total Care Advisor
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Arthur's Wilderness Rescue" = Arthur's Wilderness Rescue
"ATT-SST" = AT&T Self Support Tool
"ATTToolbar" = AT&T Toolbar
"Christmas for Windows Release 7" = Christmas for Windows Release 7
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"CreataCard Plus 2" = CreataCard Plus 2
"Digital Binoculars_is1" = Uninstall Digital Binoculars Driver
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ImageJ_is1" = ImageJ 1.42q
"InstallShield_{BCC5DC79-2275-4171-8CEA-39F0DD9ADF58}" = EVGA in D tube Driver
"InstallShield_{EB7A2041-6A16-4BAC-8079-43B985673C2C}" = Avery Wizard 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSNINST" = MSN
"MyPoints Point Finder" = MyPoints Point Finder
"Neato MediaFACE" = Neato MediaFACE
"Office8.0" = Microsoft Office 97, Professional Edition
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PaperPort 7.02" = PaperPort 7.02
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"RadialpointClientGateway_is1" = AT&T Internet Security Wizard 1.5.11
"The Print Shop Deluxe" = The Print Shop Deluxe III
"TurboTax 2008" = TurboTax 2008
"TurboTax 2010" = TurboTax 2010
"Ultra WinCleaner 2002_is1" = Ultra WinCleaner 2002 Version 8.0
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1560622230-470757469-4093761788-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Consumer Input Software" = Consumer Input Software (remove only)
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Hi,
There maybe a problem with Event Log, lets run this program and see if it fixes it.
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
ComboFix 11-03-08.09 - Lauren & Sineca 03/09/2011 9:52.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1012.387 [GMT -8:00]
Running from: c:\users\Lauren & Sineca\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Larry\AppData\Roaming\aezxgtcz.dll
c:\windows\system32\jusched.exe
c:\windows\system32\spool\prtprocs\w32x86\Ppbiproc.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-02-09 to 2011-03-09 )))))))))))))))))))))))))))))))
.
.
2011-03-09 18:08 . 2011-03-09 18:08 -------- d-----w- c:\users\Larry\AppData\Local\temp
2011-03-09 18:06 . 2011-03-09 18:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-09 17:42 . 2011-03-09 17:44 -------- d-----w- C:\32788R22FWJFW
2011-03-08 17:20 . 2011-02-23 17:35 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2AF07538-FF57-4F31-AF7E-A04C8B997AD5}\mpengine.dll
2011-03-08 15:29 . 2011-03-08 15:29 -------- d-----w- c:\users\Lauren & Sineca\AppData\Roaming\Malwarebytes
2011-03-07 22:21 . 2011-03-07 23:44 -------- d-----w- c:\program files\ERUNT
2011-03-07 17:35 . 2011-03-07 17:35 -------- d-----w- c:\users\Larry\AppData\Roaming\Malwarebytes
2011-03-07 17:33 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-07 17:33 . 2011-03-07 17:33 -------- d-----w- c:\programdata\Malwarebytes
2011-03-07 17:33 . 2011-03-08 17:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-07 17:33 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-07 17:17 . 2011-03-07 22:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-03-07 17:17 . 2011-03-07 17:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-07 16:53 . 2011-03-08 17:02 -------- d-----w- c:\programdata\jHaJlMl06300
2011-03-05 16:54 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-03-05 16:50 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-03-05 16:50 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-03-05 16:50 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-03-05 16:50 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-03-05 16:50 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-03-05 16:50 . 2009-10-09 21:56 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-03-05 16:50 . 2009-10-09 21:55 79872 ----a-w- c:\windows\system32\wecutil.exe
2011-03-05 16:50 . 2009-10-09 21:55 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-03-05 16:50 . 2009-10-09 21:55 146944 ----a-w- c:\windows\system32\wecsvc.dll
2011-03-05 16:50 . 2009-10-09 21:55 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2011-03-05 16:50 . 2009-10-09 21:55 56320 ----a-w- c:\windows\system32\wecapi.dll
2011-03-05 16:49 . 2009-08-01 06:27 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-03-05 16:49 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-03-05 16:49 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-03-05 16:49 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-03-05 16:49 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-03-05 16:49 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-03-05 16:49 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-03-04 18:21 . 2011-03-04 18:21 -------- d-----w- c:\programdata\lFnDdMo06300
2011-02-23 18:38 . 2011-02-23 18:38 -------- d-----w- c:\users\Larry\AppData\Local\HP
2011-02-23 16:37 . 2011-02-23 16:37 -------- d-----w- c:\users\Lauren & Sineca\AppData\Roaming\HP
2011-02-22 21:04 . 2011-02-23 19:55 -------- d-----w- c:\users\Larry\AppData\Roaming\Image Zone Express
2011-02-22 20:46 . 2011-02-22 20:46 -------- d-----w- c:\programdata\WEBREG
2011-02-22 20:31 . 2011-02-22 20:31 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-02-22 19:49 . 2006-12-16 06:19 675840 ----a-w- c:\windows\system32\SET2F70.tmp
2011-02-22 19:49 . 2006-12-16 06:19 303104 ----a-w- c:\windows\system32\hpovst01.dll
2011-02-22 19:49 . 2006-12-16 06:19 897024 ----a-w- c:\windows\system32\SET3887.tmp
2011-02-22 19:49 . 2006-11-20 21:36 258048 ----a-w- c:\windows\system32\hpzids01.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 01:11 . 2009-11-27 00:39 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 15:55 . 2011-01-12 18:27 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-12 18:27 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-01-19 942080]
"PPWebCap"="c:\program files\ScanSoft\PaperPort\PPWebCap.exe" [2001-10-15 43008]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-03-17 2387968]
"Consumer Input Update"="c:\program files\Consumer Input\dca-ua.exe" [2010-05-14 179896]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-01 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-01 133656]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 1573888]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"TVEService"="c:\program files\CyberLink\TV Enhance\TVEService.exe" [2008-01-09 163840]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2009-1-13 303104]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-11-4 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-7-10 111376]
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2008-7-7 884838]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-10 51984]
Remote TSR.lnk - c:\program files\inDtube\Utility\RemoteTool\inDtube.exe [2008-2-26 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-15 136176]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2008-01-21 251904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys [2005-09-26 362944]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2008-01-09 344159]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2008-01-09 118877]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NORMANDY
*Deregistered* - Normandy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-15 20:23]
.
2011-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-15 20:23]
.
2011-03-09 c:\windows\Tasks\User_Feed_Synchronization-{AA3C5D03-265C-4D2F-9F97-272B964147BB}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
2011-03-09 c:\windows\Tasks\User_Feed_Synchronization-{EEF8D868-263D-407E-B401-21B46E05761C}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
Trusted Zone: motive.com\patttbc.att
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
WebBrowser-{89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - c:\program files\MyPoints Point Finder\Toolbar.dll
HKCU-Run-Aim6 - c:\program files\AIM6\aim6.exe
HKCU-Run-lphc78sj0ej1h - c:\windows\system32\lphc78sj0ej1h.exe
HKCU-Run-CSmileys - c:\progra~1\Crawler\Smileys\CSmileysIM.exe
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKCU-Run-Exetender - c:\program files\Free Ride Games\GPlayer.exe
HKLM-Run-lphc78sj0ej1h - c:\windows\system32\lphc78sj0ej1h.exe
HKLM-Run-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-09 10:14
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-03-09 10:20:39
ComboFix-quarantined-files.txt 2011-03-09 18:20
.
Pre-Run: 52,698,529,792 bytes free
Post-Run: 56,838,262,784 bytes free
.
- - End Of File - - 1BE1A2DB25F86AE6057BEE2E905D4143
Looking good but I want to look over your log a bit closer and I still want to check on eventlog, in the meantime run this free online virus scanner
Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic
I want to thank you for helping me, I really appreciate it. Yesterday after running spybot, malwarebytes, etc., all of the scans came back clean. Today however, I was starting up the eset scan and I went to look up something on google. I was redirected to a site and almost immediately some "thing" took over my browser window calling itself 'system analysis' and pretending to scan my system and alerting me that my computer was heavily infected. I went to task manager to close it and it ended up closing itself and my eset scan. I then restarted my eset scan and then later I used spybot and malwarebytes to scan again. Malwarebytes found nothing, however spybot listed 6 problems which were called "browser" under the kind column. I clicked for it to fix the problem and then rescanned only to find the same 6 problems. I clicked fix and rescanned a third time and this time it found 1 problem. I wish that I knew how to keep my computer safe from all this, as it is very alarming and frustrating. Anyhow here is my eset log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=51a6957e03435048a0fc8a4fcfd19e0b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-10 01:25:16
# local_time=2011-03-09 05:25:16 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 18480 136313661 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=197908
# found=0
# cleaned=0
# scan_time=14184
Good Morning,
freeze.com <-- If you havent done so already remove this program via Programs and Features in the Control Panel.
Lets go back to square one, run DDS and post a fresh log please
Download DDS from one of the links below to your desktop
Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)
Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files) (http://windows.microsoft.com/en-us/windows-vista/Compress-and-uncompress-files-zip-files)
I believe that freeze.com..whatever it was...is gone.
Here is my DDS:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Lauren & Sineca at 9:49:34.84 on Thu 03/10/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1012.346 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\CyberLink\TV Enhance\TVEService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ScanSoft\PaperPort\PPWEBCAP.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\inDtube\Utility\RemoteTool\inDtube.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lauren & Sineca\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: @c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [PPWebCap] c:\program files\scansoft\paperport\PPWebCap.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [ISW.exe] "c:\program files\at&t\internet security wizard\ISW.exe" /AUTORUN
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [TVEService] "c:\program files\cyberlink\tv enhance\TVEService.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wincin~1.lnk - c:\program files\sandisk\common\bin\WinCinemaMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn111\wpn111.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\remote~1.lnk - c:\program files\indtube\utility\remotetool\inDtube.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Crawler Search - tbr:iemenu
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: motive.com\patttbc.att
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-03-09 19:57:41 -------- d-----w- c:\program files\ESET
2011-03-09 18:20:50 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-09 17:44:34 98816 ----a-w- c:\windows\sed.exe
2011-03-09 17:44:34 89088 ----a-w- c:\windows\MBR.exe
2011-03-09 17:44:34 256512 ----a-w- c:\windows\PEV.exe
2011-03-09 17:44:34 161792 ----a-w- c:\windows\SWREG.exe
2011-03-09 15:27:29 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 15:27:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 15:27:28 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 15:27:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 15:27:26 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 15:27:25 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 17:20:52 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{2af07538-ff57-4f31-af7e-a04c8b997ad5}\mpengine.dll
2011-03-08 15:29:15 -------- d-----w- c:\users\lauren~1\appdata\roaming\Malwarebytes
2011-03-07 17:33:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-07 17:33:18 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-07 17:33:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-07 17:33:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-07 17:17:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-07 17:17:43 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-03-07 16:53:38 -------- d-----w- c:\progra~2\jHaJlMl06300
2011-03-05 16:54:59 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-03-05 16:50:43 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-03-05 16:50:42 40448 ----a-w- c:\windows\system32\winrs.exe
2011-03-05 16:50:42 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-03-05 16:50:32 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-03-05 16:50:32 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-03-05 16:50:22 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2011-03-05 16:50:22 79872 ----a-w- c:\windows\system32\wecutil.exe
2011-03-05 16:50:22 56320 ----a-w- c:\windows\system32\wecapi.dll
2011-03-05 16:50:22 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-03-05 16:50:22 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-03-05 16:50:22 146944 ----a-w- c:\windows\system32\wecsvc.dll
2011-03-05 16:49:49 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-03-05 16:49:44 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-03-05 16:49:43 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-03-05 16:49:43 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-03-05 16:49:43 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-03-05 16:49:43 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-03-05 16:49:42 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-03-04 18:21:05 -------- d-----w- c:\progra~2\lFnDdMo06300
2011-02-22 20:46:04 -------- d-----w- c:\progra~2\WEBREG
2011-02-22 20:31:35 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-02-22 19:49:09 897024 ----a-w- c:\windows\system32\SET3887.tmp
2011-02-22 19:49:09 675840 ----a-w- c:\windows\system32\SET2F70.tmp
2011-02-22 19:49:09 303104 ----a-w- c:\windows\system32\hpovst01.dll
2011-02-22 19:49:09 258048 ----a-w- c:\windows\system32\hpzids01.dll
.
==================== Find3M ====================
.
2011-02-03 01:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
============= FINISH: 9:52:40.33 ===============
Hey,
You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)
Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again
c:\windows\system32\SET3887.tmp<--This file
If the site is busy you can try this one
http://virusscan.jotti.org/en
Run Malwarebytes again, make sure you check for updates first , remove what it finds and post the log
Hey,
I hope this is what you meant by the virus total report:
File name: SET3887.tmp
Submission date: 2011-03-10 20:28:23 (UTC)
Current status: queued (#1) queued (#1) analysing finished
Result: 0/ 43 (0.0%)
VT Community
not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.03.11.00 2011.03.10 -
AntiVir 7.11.4.163 2011.03.10 -
Antiy-AVL 2.0.3.7 2011.03.09 -
Avast 4.8.1351.0 2011.03.10 -
Avast5 5.0.677.0 2011.03.10 -
AVG 10.0.0.1190 2011.03.10 -
BitDefender 7.2 2011.03.10 -
CAT-QuickHeal 11.00 2011.03.10 -
ClamAV 0.96.4.0 2011.03.10 -
Commtouch 5.2.11.5 2011.03.10 -
Comodo 7934 2011.03.10 -
DrWeb 5.0.2.03300 2011.03.10 -
Emsisoft 5.1.0.2 2011.03.10 -
eSafe 7.0.17.0 2011.03.10 -
eTrust-Vet 36.1.8209 2011.03.10 -
F-Prot 4.6.2.117 2011.03.10 -
F-Secure 9.0.16440.0 2011.03.10 -
Fortinet 4.2.254.0 2011.03.10 -
GData 21 2011.03.10 -
Ikarus T3.1.1.97.0 2011.03.10 -
Jiangmin 13.0.900 2011.03.10 -
K7AntiVirus 9.92.4076 2011.03.10 -
Kaspersky 7.0.0.125 2011.03.10 -
McAfee 5.400.0.1158 2011.03.10 -
McAfee-GW-Edition 2010.1C 2011.03.10 -
Microsoft 1.6603 2011.03.10 -
NOD32 5943 2011.03.10 -
Norman 6.07.03 2011.03.10 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.03.10 -
PCTools 7.0.3.5 2011.03.10 -
Prevx 3.0 2011.03.10 -
Rising 23.48.03.05 2011.03.10 -
Sophos 4.63.0 2011.03.10 -
SUPERAntiSpyware 4.40.0.1006 2011.03.10 -
Symantec 20101.3.0.103 2011.03.10 -
TheHacker 6.7.0.1.147 2011.03.10 -
TrendMicro 9.200.0.1012 2011.03.10 -
TrendMicro-HouseCall 9.200.0.1012 2011.03.10 -
VBA32 3.12.14.3 2011.03.10 -
VIPRE 8660 2011.03.10 -
ViRobot 2011.3.10.4351 2011.03.10 -
VirusBuster 13.6.245.0 2011.03.10 -
Additional informationShow all
MD5 : 5fb27e238d980103c50edec26f10403a
SHA1 : 3c7c30d7bde5503628ac7ecff9093d502f49dddf
SHA256: 901a00ee5c7063279e3d7ac50dafa729d393db0d0df9fdcbe7f2eeb4ed5935c3
ssdeep: 12288:BpqnrYGei0xQGmN75Nw9UPcPAEi2oxa8pTJ0eGHkel3xaPYe33dG4ubcjdqijq:2nrELy
NkKzEi2oxFpT8l354ubEdqij
File size : 897024 bytes
First seen: 2010-01-28 13:28:41
Last seen : 2011-03-10 20:28:23
TrID:
DirectShow filter (52.6%)
Windows OCX File (32.2%)
Win32 Executable MS Visual C++ (generic) (9.8%)
Win32 Executable Generic (2.2%)
Win32 Dynamic Link Library (generic) (1.9%)
sigcheck:
publisher....: Hewlett-Packard Co.
copyright....: Copyright (C) Hewlett-Packard Co. 1995-2005
product......: hp digital imaging - hp all-in-one series
description..: HP AiO Scan Driver - hpotiop1
original name: hpotiop1.DLL
internal name: hpotiop1
file version.: 82.0.175.000
comments.....: HP AiO Scan Driver - hpotiop1
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x5FAEB
timedatestamp....: 0x457FA1EE (Wed Dec 13 06:47:10 2006)
machinetype......: 0x14c (I386)
[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x8C9B9, 0x8D000, 6.70, ac0b3ddea0ef9a4584aceb713f6b32f1
.rdata, 0x8E000, 0x301A5, 0x31000, 5.58, baac8b7a150a27796d96b654371b8e59
.data, 0xBF000, 0x101C4, 0x6000, 4.67, 1d15b33cc0a2c88882486f6371bccdf9
TulipLog, 0xD0000, 0x8, 0x1000, 0.00, 620f0b67a91f7f74151bc5be745b7110
.rsrc, 0xD1000, 0x643C, 0x7000, 4.70, 3da9571728ac2c5f960dabc031411601
.reloc, 0xD8000, 0xDDAE, 0xE000, 6.30, a9451ededd33c03d6a878c926300b08c
[[ 8 import(s) ]]
SETUPAPI.dll: SetupDiOpenClassRegKey
KERNEL32.dll: lstrcmpiA, GetModuleFileNameA, DisableThreadLibraryCalls, IsDBCSLeadByte, FreeLibrary, SizeofResource, LoadResource, FindResourceA, LoadLibraryExA, GetModuleHandleA, CreateSemaphoreA, GetCurrentProcessId, WaitForSingleObject, ReleaseSemaphore, CloseHandle, GetCurrentThreadId, GetTempPathA, GetProcAddress, LoadLibraryA, InterlockedExchangeAdd, GetTickCount, OutputDebugStringA, InterlockedExchange, GetVersionExA, lstrlenA, Sleep, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, SetThreadPriority, CreateThread, CreateMutexA, ReleaseMutex, CreateEventA, WaitForMultipleObjects, FindNextChangeNotification, ResetEvent, SetEvent, GetOverlappedResult, GetThreadLocale, SetEnvironmentVariableA, InterlockedDecrement, InterlockedIncrement, GetLastError, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, RaiseException, lstrlenW, WideCharToMultiByte, MultiByteToWideChar, GetCPInfo, CreateFileW, CompareStringW, CompareStringA, SetEndOfFile, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, ReadFile, HeapSize, SetLastError, GetStdHandle, WriteFile, HeapCreate, HeapDestroy, VirtualFree, GetConsoleMode, IsValidCodePage, IsValidLocale, EnumSystemLocalesA, GetUserDefaultLCID, GetStringTypeW, GetStringTypeA, GetLocaleInfoW, GetLocaleInfoA, CreateFileA, SetStdHandle, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, SetFilePointer, FlushFileBuffers, GetConsoleCP, GetStartupInfoA, GetFileType, SetHandleCount, GetTimeZoneInformation, LCMapStringW, LCMapStringA, GetOEMCP, HeapAlloc, HeapFree, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, RtlUnwind, HeapReAlloc, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCommandLineA, GetProcessHeap, ExitProcess, SetConsoleCtrlHandler, GetACP
USER32.dll: wsprintfA, CharNextA, UnregisterClassA
ADVAPI32.dll: RegEnumKeyA, RegOpenKeyA, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegQueryValueExA, RegEnumKeyExA, RegQueryInfoKeyA, RegSetValueExA, RegOpenKeyExA, RegCreateKeyExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA
ole32.dll: CoTaskMemFree, StringFromGUID2, CoCreateInstance, StringFromIID, CoTaskMemAlloc, CoTaskMemRealloc
OLEAUT32.dll: -, -, -, -, -, -, -, -
RPCRT4.dll: UuidCreate
WS2_32.dll: WSAEventSelect, WSACloseEvent, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
[[ 4 export(s) ]]
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
Does it matter what user account I scan with malwarebytes? Also, after I scan malwarebytes should I go back and hide my temp files and operating system files?
The Virus Total Report was just fine, you did well and that file is ok.
Malwarebytes will scan your entire system so just log on to your usual account
Yes you can go ahead and redhide system files
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6012
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
3/10/2011 3:49:18 PM
mbam-log-2011-03-10 (15-49-18).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 354703
Time elapsed: 1 hour(s), 7 minute(s), 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I just want to also say a random note that after I finished running malwarebytes which came back clean, I went ahead and ran spybot just cause, and it found 2 problems (casalemedia and doubleclick) which are listed as browser under the kind column. I saw these in my previous spybot scan, but apparently they didn't get fixed yet.
Hi,
casalemedia and doubleclick <-- These are just tracking cookies
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
2011/03/10 17:49:41.0747 5156 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/10 17:49:42.0277 5156 ================================================================================
2011/03/10 17:49:42.0277 5156 SystemInfo:
2011/03/10 17:49:42.0277 5156
2011/03/10 17:49:42.0277 5156 OS Version: 6.0.6002 ServicePack: 2.0
2011/03/10 17:49:42.0277 5156 Product type: Workstation
2011/03/10 17:49:42.0277 5156 ComputerName: LARRY-PC
2011/03/10 17:49:42.0277 5156 UserName: Larry
2011/03/10 17:49:42.0277 5156 Windows directory: C:\Windows
2011/03/10 17:49:42.0277 5156 System windows directory: C:\Windows
2011/03/10 17:49:42.0277 5156 Processor architecture: Intel x86
2011/03/10 17:49:42.0277 5156 Number of processors: 2
2011/03/10 17:49:42.0277 5156 Page size: 0x1000
2011/03/10 17:49:42.0277 5156 Boot type: Normal boot
2011/03/10 17:49:42.0277 5156 ================================================================================
2011/03/10 17:49:44.0727 5156 Initialize success
2011/03/10 17:49:55.0740 4272 ================================================================================
2011/03/10 17:49:55.0740 4272 Scan started
2011/03/10 17:49:55.0740 4272 Mode: Manual;
2011/03/10 17:49:55.0740 4272 ================================================================================
2011/03/10 17:49:59.0796 4272 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/03/10 17:49:59.0859 4272 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/03/10 17:49:59.0905 4272 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/03/10 17:49:59.0952 4272 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/03/10 17:49:59.0983 4272 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/03/10 17:50:00.0233 4272 AegisP (18e0e08f3490eb8760a6b24f85a66c17) C:\Windows\system32\DRIVERS\AegisP.sys
2011/03/10 17:50:00.0405 4272 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
2011/03/10 17:50:00.0514 4272 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/03/10 17:50:00.0607 4272 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/03/10 17:50:00.0685 4272 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/10 17:50:00.0732 4272 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/03/10 17:50:00.0763 4272 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/03/10 17:50:00.0795 4272 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/03/10 17:50:00.0841 4272 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/03/10 17:50:00.0904 4272 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/03/10 17:50:00.0982 4272 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/03/10 17:50:01.0029 4272 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/03/10 17:50:01.0060 4272 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/10 17:50:01.0107 4272 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/03/10 17:50:01.0231 4272 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/10 17:50:01.0341 4272 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/03/10 17:50:01.0434 4272 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/10 17:50:01.0512 4272 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/10 17:50:01.0590 4272 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/10 17:50:01.0637 4272 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/10 17:50:01.0684 4272 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/10 17:50:01.0731 4272 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/10 17:50:01.0793 4272 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/10 17:50:01.0824 4272 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/10 17:50:02.0089 4272 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/10 17:50:02.0183 4272 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/10 17:50:02.0245 4272 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/03/10 17:50:02.0370 4272 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/03/10 17:50:02.0448 4272 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/03/10 17:50:02.0479 4272 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/03/10 17:50:02.0511 4272 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/03/10 17:50:02.0542 4272 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/03/10 17:50:02.0713 4272 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/03/10 17:50:02.0838 4272 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/03/10 17:50:02.0963 4272 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/03/10 17:50:02.0994 4272 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/03/10 17:50:03.0041 4272 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/03/10 17:50:03.0166 4272 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/10 17:50:03.0400 4272 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/10 17:50:03.0509 4272 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/10 17:50:03.0571 4272 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/03/10 17:50:03.0681 4272 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/03/10 17:50:03.0774 4272 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/03/10 17:50:03.0868 4272 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/03/10 17:50:03.0946 4272 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/03/10 17:50:03.0977 4272 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/10 17:50:04.0055 4272 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/10 17:50:04.0133 4272 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/10 17:50:04.0149 4272 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/10 17:50:04.0227 4272 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/03/10 17:50:04.0289 4272 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/10 17:50:04.0336 4272 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/10 17:50:04.0414 4272 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/03/10 17:50:04.0539 4272 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/10 17:50:04.0570 4272 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/10 17:50:04.0601 4272 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/10 17:50:04.0695 4272 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/10 17:50:04.0773 4272 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/03/10 17:50:04.0897 4272 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
2011/03/10 17:50:04.0991 4272 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/03/10 17:50:05.0085 4272 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/03/10 17:50:05.0194 4272 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/03/10 17:50:05.0241 4272 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/10 17:50:05.0319 4272 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/03/10 17:50:05.0631 4272 igfx (62f534791ae488a475a3e508d92af4cc) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/10 17:50:05.0755 4272 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/10 17:50:05.0896 4272 IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/10 17:50:06.0021 4272 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/03/10 17:50:06.0052 4272 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/10 17:50:06.0130 4272 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/10 17:50:06.0192 4272 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/10 17:50:06.0223 4272 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/10 17:50:06.0286 4272 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2011/03/10 17:50:06.0317 4272 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/10 17:50:06.0411 4272 irsir (5896b5ff6332ab2be1582523e9656a67) C:\Windows\system32\DRIVERS\irsir.sys
2011/03/10 17:50:06.0426 4272 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/03/10 17:50:06.0473 4272 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/10 17:50:06.0504 4272 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/10 17:50:06.0567 4272 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/10 17:50:06.0598 4272 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\Windows\system32\drivers\iviaspi.sys
2011/03/10 17:50:06.0691 4272 JL2005C (4974d83c18642355c00287286cf33939) C:\Windows\system32\Drivers\jl2005c.sys
2011/03/10 17:50:06.0723 4272 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/10 17:50:06.0754 4272 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/03/10 17:50:06.0801 4272 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/10 17:50:06.0863 4272 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/10 17:50:06.0941 4272 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/10 17:50:06.0957 4272 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/10 17:50:07.0003 4272 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/10 17:50:07.0035 4272 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/10 17:50:07.0113 4272 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/03/10 17:50:07.0206 4272 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/03/10 17:50:07.0269 4272 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/03/10 17:50:07.0315 4272 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/10 17:50:07.0393 4272 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/10 17:50:07.0425 4272 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/10 17:50:07.0440 4272 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
2011/03/10 17:50:07.0503 4272 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/10 17:50:07.0534 4272 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/03/10 17:50:07.0581 4272 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/10 17:50:07.0659 4272 mr7910 (d805cc36f02afe93e3236d5bf91a8dc7) C:\Windows\system32\DRIVERS\mr7910.sys
2011/03/10 17:50:07.0705 4272 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/10 17:50:07.0846 4272 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/03/10 17:50:08.0017 4272 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/03/10 17:50:08.0220 4272 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/10 17:50:08.0283 4272 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/10 17:50:08.0314 4272 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/10 17:50:08.0329 4272 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/10 17:50:08.0376 4272 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/03/10 17:50:08.0407 4272 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/03/10 17:50:08.0454 4272 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/10 17:50:08.0517 4272 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/10 17:50:08.0595 4272 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/10 17:50:08.0626 4272 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/10 17:50:08.0657 4272 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/10 17:50:08.0719 4272 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/03/10 17:50:08.0751 4272 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/10 17:50:08.0782 4272 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/10 17:50:08.0813 4272 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/03/10 17:50:08.0938 4272 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/10 17:50:09.0031 4272 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/03/10 17:50:09.0063 4272 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/10 17:50:09.0094 4272 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/10 17:50:09.0172 4272 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/10 17:50:09.0187 4272 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/10 17:50:09.0219 4272 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/10 17:50:09.0297 4272 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/10 17:50:09.0359 4272 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/10 17:50:09.0406 4272 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/03/10 17:50:09.0453 4272 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/10 17:50:09.0562 4272 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/03/10 17:50:09.0624 4272 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/10 17:50:09.0640 4272 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/10 17:50:09.0687 4272 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/03/10 17:50:09.0718 4272 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/03/10 17:50:09.0765 4272 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/03/10 17:50:09.0858 4272 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/03/10 17:50:09.0905 4272 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/10 17:50:09.0952 4272 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/03/10 17:50:09.0983 4272 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/10 17:50:10.0030 4272 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/03/10 17:50:10.0061 4272 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/03/10 17:50:10.0108 4272 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/10 17:50:10.0186 4272 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/10 17:50:10.0373 4272 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/10 17:50:10.0404 4272 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/03/10 17:50:10.0498 4272 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/10 17:50:10.0591 4272 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/03/10 17:50:10.0654 4272 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/10 17:50:10.0716 4272 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/10 17:50:10.0763 4272 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/10 17:50:10.0810 4272 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/10 17:50:10.0888 4272 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/10 17:50:10.0966 4272 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/10 17:50:11.0044 4272 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/10 17:50:11.0122 4272 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/10 17:50:11.0184 4272 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/03/10 17:50:11.0215 4272 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/10 17:50:11.0262 4272 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/03/10 17:50:11.0356 4272 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/10 17:50:11.0434 4272 RTL8169 (c347a3cde57077056e7e73d3498f7d7d) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/03/10 17:50:11.0481 4272 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/10 17:50:11.0527 4272 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/10 17:50:11.0559 4272 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/10 17:50:11.0605 4272 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/10 17:50:11.0652 4272 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/10 17:50:11.0699 4272 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/03/10 17:50:11.0715 4272 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/10 17:50:11.0777 4272 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/10 17:50:11.0793 4272 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/10 17:50:11.0839 4272 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/03/10 17:50:11.0855 4272 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/03/10 17:50:11.0886 4272 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/03/10 17:50:11.0980 4272 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/03/10 17:50:12.0027 4272 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/10 17:50:12.0105 4272 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/03/10 17:50:12.0136 4272 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/10 17:50:12.0183 4272 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/10 17:50:12.0276 4272 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/03/10 17:50:12.0339 4272 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/10 17:50:12.0370 4272 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/10 17:50:12.0432 4272 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/10 17:50:12.0448 4272 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/10 17:50:12.0541 4272 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/03/10 17:50:12.0604 4272 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/10 17:50:12.0666 4272 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/10 17:50:12.0697 4272 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/10 17:50:12.0744 4272 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/10 17:50:12.0791 4272 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/10 17:50:12.0822 4272 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/10 17:50:12.0900 4272 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/10 17:50:12.0963 4272 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/10 17:50:13.0041 4272 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/10 17:50:13.0087 4272 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/03/10 17:50:13.0150 4272 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/10 17:50:13.0228 4272 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/10 17:50:13.0259 4272 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/03/10 17:50:13.0306 4272 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/10 17:50:13.0353 4272 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/10 17:50:13.0384 4272 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/10 17:50:13.0493 4272 USB28xxBGA (1c7f361921f187836a6917edaf9da3db) C:\Windows\system32\DRIVERS\emBDA.sys
2011/03/10 17:50:13.0571 4272 USB28xxOEM (88d64bc35460909fccc174a62c2ac64d) C:\Windows\system32\DRIVERS\emOEM.sys
2011/03/10 17:50:13.0602 4272 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/03/10 17:50:13.0696 4272 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/10 17:50:13.0727 4272 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/10 17:50:13.0774 4272 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/10 17:50:13.0836 4272 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/10 17:50:13.0883 4272 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/03/10 17:50:13.0945 4272 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/10 17:50:13.0992 4272 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/10 17:50:14.0055 4272 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/10 17:50:14.0070 4272 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/10 17:50:14.0148 4272 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/10 17:50:14.0179 4272 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/10 17:50:14.0211 4272 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/03/10 17:50:14.0226 4272 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/03/10 17:50:14.0273 4272 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/03/10 17:50:14.0304 4272 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/10 17:50:14.0382 4272 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/03/10 17:50:14.0445 4272 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/03/10 17:50:14.0507 4272 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/03/10 17:50:14.0554 4272 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
2011/03/10 17:50:14.0647 4272 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/03/10 17:50:14.0725 4272 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/10 17:50:14.0757 4272 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/10 17:50:14.0803 4272 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/10 17:50:14.0866 4272 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/03/10 17:50:14.0913 4272 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/10 17:50:15.0022 4272 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/03/10 17:50:15.0131 4272 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/03/10 17:50:15.0193 4272 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/10 17:50:15.0303 4272 WPN111 (75a833b635e093c728f5027b01f8cbb7) C:\Windows\system32\DRIVERS\WPN111.sys
2011/03/10 17:50:15.0334 4272 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/10 17:50:15.0381 4272 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/10 17:50:15.0459 4272 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/03/10 17:50:15.0739 4272 ================================================================================
2011/03/10 17:50:15.0739 4272 Scan finished
2011/03/10 17:50:15.0739 4272 ================================================================================
2011/03/10 17:51:45.0611 4648 ================================================================================
2011/03/10 17:51:45.0611 4648 Scan started
2011/03/10 17:51:45.0611 4648 Mode: Manual;
2011/03/10 17:51:45.0611 4648 ================================================================================
2011/03/10 17:51:46.0079 4648 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/03/10 17:51:46.0141 4648 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/03/10 17:51:46.0173 4648 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/03/10 17:51:46.0219 4648 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/03/10 17:51:46.0266 4648 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/03/10 17:51:46.0313 4648 AegisP (18e0e08f3490eb8760a6b24f85a66c17) C:\Windows\system32\DRIVERS\AegisP.sys
2011/03/10 17:51:46.0360 4648 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
2011/03/10 17:51:46.0438 4648 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/03/10 17:51:46.0469 4648 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/03/10 17:51:46.0500 4648 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/10 17:51:46.0531 4648 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/03/10 17:51:46.0563 4648 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/03/10 17:51:46.0578 4648 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/03/10 17:51:46.0609 4648 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/03/10 17:51:46.0625 4648 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/03/10 17:51:46.0687 4648 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/03/10 17:51:46.0719 4648 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/03/10 17:51:46.0750 4648 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/10 17:51:46.0797 4648 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/03/10 17:51:46.0828 4648 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/10 17:51:46.0875 4648 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/03/10 17:51:46.0906 4648 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/10 17:51:46.0937 4648 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/10 17:51:46.0968 4648 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/10 17:51:46.0999 4648 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/10 17:51:47.0015 4648 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/10 17:51:47.0046 4648 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/10 17:51:47.0077 4648 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/10 17:51:47.0124 4648 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/10 17:51:47.0249 4648 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/10 17:51:47.0327 4648 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/10 17:51:47.0358 4648 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/03/10 17:51:47.0436 4648 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/03/10 17:51:47.0467 4648 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/03/10 17:51:47.0499 4648 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/03/10 17:51:47.0530 4648 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/03/10 17:51:47.0545 4648 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/03/10 17:51:47.0639 4648 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/03/10 17:51:47.0701 4648 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/03/10 17:51:47.0764 4648 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/03/10 17:51:47.0779 4648 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/03/10 17:51:47.0826 4648 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/03/10 17:51:47.0857 4648 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/10 17:51:47.0935 4648 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/10 17:51:47.0998 4648 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/10 17:51:48.0060 4648 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/03/10 17:51:48.0123 4648 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/03/10 17:51:48.0169 4648 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/03/10 17:51:48.0263 4648 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/03/10 17:51:48.0325 4648 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/03/10 17:51:48.0341 4648 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/10 17:51:48.0388 4648 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/10 17:51:48.0403 4648 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/10 17:51:48.0435 4648 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/10 17:51:48.0513 4648 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/03/10 17:51:48.0544 4648 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/10 17:51:48.0591 4648 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/10 17:51:48.0637 4648 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/03/10 17:51:48.0700 4648 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/10 17:51:48.0715 4648 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/10 17:51:48.0747 4648 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/10 17:51:48.0825 4648 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/10 17:51:48.0856 4648 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/03/10 17:51:48.0918 4648 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
2011/03/10 17:51:48.0949 4648 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/03/10 17:51:49.0012 4648 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/03/10 17:51:49.0043 4648 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/03/10 17:51:49.0059 4648 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/10 17:51:49.0090 4648 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/03/10 17:51:49.0183 4648 igfx (62f534791ae488a475a3e508d92af4cc) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/10 17:51:49.0230 4648 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/10 17:51:49.0355 4648 IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/10 17:51:49.0386 4648 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/03/10 17:51:49.0402 4648 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/10 17:51:49.0449 4648 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/10 17:51:49.0511 4648 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/10 17:51:49.0542 4648 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/10 17:51:49.0589 4648 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2011/03/10 17:51:49.0620 4648 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/10 17:51:49.0667 4648 irsir (5896b5ff6332ab2be1582523e9656a67) C:\Windows\system32\DRIVERS\irsir.sys
2011/03/10 17:51:49.0698 4648 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/03/10 17:51:49.0745 4648 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/10 17:51:49.0761 4648 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/10 17:51:49.0792 4648 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/10 17:51:49.0807 4648 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\Windows\system32\drivers\iviaspi.sys
2011/03/10 17:51:49.0870 4648 JL2005C (4974d83c18642355c00287286cf33939) C:\Windows\system32\Drivers\jl2005c.sys
2011/03/10 17:51:49.0917 4648 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/10 17:51:49.0932 4648 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/03/10 17:51:49.0979 4648 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/10 17:51:50.0041 4648 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/10 17:51:50.0088 4648 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/10 17:51:50.0119 4648 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/10 17:51:50.0166 4648 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/10 17:51:50.0197 4648 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/10 17:51:50.0244 4648 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/03/10 17:51:50.0275 4648 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/03/10 17:51:50.0338 4648 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/03/10 17:51:50.0385 4648 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/10 17:51:50.0416 4648 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/10 17:51:50.0447 4648 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/10 17:51:50.0478 4648 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
2011/03/10 17:51:50.0494 4648 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/10 17:51:50.0541 4648 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/03/10 17:51:50.0572 4648 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/10 17:51:50.0619 4648 mr7910 (d805cc36f02afe93e3236d5bf91a8dc7) C:\Windows\system32\DRIVERS\mr7910.sys
2011/03/10 17:51:50.0650 4648 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/10 17:51:50.0743 4648 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/03/10 17:51:50.0821 4648 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/03/10 17:51:50.0915 4648 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/10 17:51:50.0962 4648 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/10 17:51:50.0993 4648 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/10 17:51:51.0024 4648 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/10 17:51:51.0055 4648 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/03/10 17:51:51.0071 4648 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/03/10 17:51:51.0118 4648 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/10 17:51:51.0149 4648 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/10 17:51:51.0180 4648 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/10 17:51:51.0211 4648 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/10 17:51:51.0243 4648 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/10 17:51:51.0321 4648 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/03/10 17:51:51.0336 4648 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/10 17:51:51.0367 4648 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/10 17:51:51.0445 4648 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/03/10 17:51:51.0523 4648 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/10 17:51:51.0601 4648 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/03/10 17:51:51.0648 4648 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/10 17:51:51.0664 4648 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/10 17:51:51.0742 4648 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/10 17:51:51.0773 4648 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/10 17:51:51.0804 4648 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/10 17:51:51.0882 4648 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/10 17:51:51.0945 4648 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/10 17:51:51.0976 4648 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/03/10 17:51:52.0023 4648 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/10 17:51:52.0132 4648 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/03/10 17:51:52.0194 4648 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/10 17:51:52.0225 4648 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/10 17:51:52.0303 4648 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/03/10 17:51:52.0335 4648 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/03/10 17:51:52.0397 4648 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/03/10 17:51:52.0459 4648 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/03/10 17:51:52.0506 4648 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/10 17:51:52.0553 4648 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/03/10 17:51:52.0584 4648 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/10 17:51:52.0631 4648 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/03/10 17:51:52.0662 4648 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/03/10 17:51:52.0709 4648 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/10 17:51:52.0771 4648 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/10 17:51:52.0881 4648 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/10 17:51:52.0912 4648 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/03/10 17:51:52.0990 4648 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/10 17:51:53.0052 4648 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/03/10 17:51:53.0099 4648 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/10 17:51:53.0146 4648 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/10 17:51:53.0177 4648 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/10 17:51:53.0208 4648 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/10 17:51:53.0286 4648 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/10 17:51:53.0364 4648 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/10 17:51:53.0442 4648 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/10 17:51:53.0458 4648 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/10 17:51:53.0520 4648 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/03/10 17:51:53.0551 4648 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/10 17:51:53.0598 4648 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/03/10 17:51:53.0676 4648 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/10 17:51:53.0723 4648 RTL8169 (c347a3cde57077056e7e73d3498f7d7d) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/03/10 17:51:53.0754 4648 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/10 17:51:53.0817 4648 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/10 17:51:53.0848 4648 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/10 17:51:53.0895 4648 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/10 17:51:53.0941 4648 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/10 17:51:53.0988 4648 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/03/10 17:51:54.0004 4648 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/10 17:51:54.0035 4648 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/10 17:51:54.0051 4648 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/10 17:51:54.0097 4648 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/03/10 17:51:54.0113 4648 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/03/10 17:51:54.0144 4648 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/03/10 17:51:54.0222 4648 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/03/10 17:51:54.0269 4648 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/10 17:51:54.0331 4648 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/03/10 17:51:54.0378 4648 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/10 17:51:54.0409 4648 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/10 17:51:54.0456 4648 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/03/10 17:51:54.0487 4648 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/10 17:51:54.0519 4648 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/10 17:51:54.0581 4648 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/10 17:51:54.0597 4648 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/10 17:51:54.0690 4648 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/03/10 17:51:54.0753 4648 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/10 17:51:54.0815 4648 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/10 17:51:54.0846 4648 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/10 17:51:54.0877 4648 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/10 17:51:54.0940 4648 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/10 17:51:54.0971 4648 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/10 17:51:55.0033 4648 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/10 17:51:55.0049 4648 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/10 17:51:55.0111 4648 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/10 17:51:55.0143 4648 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/03/10 17:51:55.0205 4648 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/10 17:51:55.0267 4648 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/10 17:51:55.0299 4648 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/03/10 17:51:55.0345 4648 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/10 17:51:55.0392 4648 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/10 17:51:55.0423 4648 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/10 17:51:55.0501 4648 USB28xxBGA (1c7f361921f187836a6917edaf9da3db) C:\Windows\system32\DRIVERS\emBDA.sys
2011/03/10 17:51:55.0533 4648 USB28xxOEM (88d64bc35460909fccc174a62c2ac64d) C:\Windows\system32\DRIVERS\emOEM.sys
2011/03/10 17:51:55.0579 4648 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/03/10 17:51:55.0642 4648 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/10 17:51:55.0689 4648 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/10 17:51:55.0735 4648 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/10 17:51:55.0751 4648 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/10 17:51:55.0798 4648 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/03/10 17:51:55.0845 4648 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/10 17:51:55.0891 4648 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/10 17:51:55.0938 4648 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/10 17:51:55.0969 4648 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/10 17:51:56.0016 4648 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/10 17:51:56.0032 4648 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/10 17:51:56.0063 4648 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/03/10 17:51:56.0094 4648 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/03/10 17:51:56.0125 4648 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/03/10 17:51:56.0172 4648 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/10 17:51:56.0250 4648 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/03/10 17:51:56.0297 4648 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/03/10 17:51:56.0344 4648 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/03/10 17:51:56.0406 4648 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
2011/03/10 17:51:56.0484 4648 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/03/10 17:51:56.0547 4648 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/10 17:51:56.0578 4648 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/10 17:51:56.0593 4648 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/10 17:51:56.0640 4648 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/03/10 17:51:56.0687 4648 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/10 17:51:56.0781 4648 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/03/10 17:51:56.0874 4648 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/03/10 17:51:56.0952 4648 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/10 17:51:56.0999 4648 WPN111 (75a833b635e093c728f5027b01f8cbb7) C:\Windows\system32\DRIVERS\WPN111.sys
2011/03/10 17:51:57.0046 4648 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/10 17:51:57.0093 4648 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/10 17:51:57.0155 4648 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/03/10 17:51:57.0420 4648 ================================================================================
2011/03/10 17:51:57.0420 4648 Scan finished
2011/03/10 17:51:57.0420 4648 ================================================================================
2011/03/10 17:52:24.0736 1800 Deinitialize success
No rootkit, go ahead and run OTL again and post a fresh log
OTL logfile created on: 3/11/2011 7:35:39 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Lauren & Sineca\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,012.00 Mb Total Physical Memory | 392.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 47.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.92 Gb Total Space | 53.70 Gb Free Space | 18.59% Space Free | Partition Type: NTFS
Drive D: | 9.17 Gb Total Space | 1.12 Gb Free Space | 12.20% Space Free | Partition Type: NTFS
Drive E: | 469.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: LARRY-PC | User Name: Lauren & Sineca | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Lauren & Sineca\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\inDtube\Utility\RemoteTool\inDtube.exe ()
PRC - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe ()
PRC - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe ()
PRC - C:\Program Files\CyberLink\TV Enhance\TVEService.exe (CyberLink Corp.)
PRC - C:\Program Files\AT&T\Internet Security Wizard\ISW.exe (AT&T)
PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\Program Files\ScanSoft\PaperPort\PPWEBCAP.EXE (Scansoft Inc.)
PRC - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
PRC - C:\Program Files\Microsoft Office\Office\OSA.EXE ()
========== Modules (SafeList) ==========
MOD - C:\Users\Lauren & Sineca\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe ()
SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe ()
========== Driver Services (SafeList) ==========
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (JL2005C) -- C:\Windows\System32\drivers\jl2005c.sys (Windows (R) 2000 DDK provider)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (mr7910) -- C:\Windows\System32\drivers\mr7910.sys (Mars Semiconductor Corp.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (WPN111) -- C:\Windows\System32\drivers\WPN111.sys (NETGEAR, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/11 10:24:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/11 10:24:12 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2011/03/09 10:14:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - File not found
O3 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [ISW.exe] C:\Program Files\AT&T\Internet Security Wizard\ISW.exe (AT&T)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [TVEService] C:\Program Files\CyberLink\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001..\Run: [PPWebCap] C:\Program Files\ScanSoft\PaperPort\PPWEBCAP.EXE (Scansoft Inc.)
O4 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lauren & Sineca\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lauren & Sineca\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/21 07:56:44 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/05/23 09:50:37 | 000,152,161 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/03/09 11:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/09 10:20:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/09 10:20:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/03/09 09:44:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/09 09:44:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/09 09:44:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/09 09:43:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/09 09:42:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/09 09:42:38 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/03/09 08:20:40 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Lauren & Sineca\Desktop\OTL.exe
[2011/03/09 07:27:29 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 07:27:28 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 07:27:28 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/09 07:27:28 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/08 07:29:15 | 000,000,000 | ---D | C] -- C:\Users\Lauren & Sineca\AppData\Roaming\Malwarebytes
[2011/03/07 14:22:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/07 14:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/03/07 14:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/07 09:33:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/07 09:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/07 09:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/07 09:33:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/07 09:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/07 09:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/03/07 09:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/03/07 09:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/03/07 08:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\jHaJlMl06300
[2011/03/05 09:04:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/03/05 08:54:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/03/05 08:50:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/03/05 08:50:42 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/03/05 08:50:42 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/03/05 08:50:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/03/05 08:50:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/03/05 08:50:22 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/03/05 08:50:22 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/03/05 08:50:22 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/03/05 08:50:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/03/05 08:50:22 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/03/05 08:49:44 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/03/05 08:49:43 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/03/05 08:49:43 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/03/05 08:49:43 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/03/05 08:49:43 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/03/04 10:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\lFnDdMo06300
[2011/02/23 08:37:31 | 000,000,000 | ---D | C] -- C:\Users\Lauren & Sineca\AppData\Roaming\HP
[2011/02/22 12:46:04 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011/02/22 12:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/02/22 11:49:09 | 000,303,104 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpovst01.dll
[2011/02/22 11:49:09 | 000,258,048 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2011/02/09 15:39:36 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/09 15:39:33 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/09 15:39:33 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/09 15:39:23 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/02/09 15:39:23 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/02/09 15:39:22 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/02/09 15:39:22 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/02/09 15:39:22 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/09 15:39:22 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/02/09 15:39:22 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/02/09 15:39:22 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/09 15:39:22 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/02/09 15:39:21 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/02/09 15:39:21 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/02/09 15:39:21 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/02/09 15:39:20 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/02/09 15:39:20 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/02/09 15:39:20 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/02/09 15:39:19 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/02/09 15:39:19 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/02/09 15:39:19 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/02/09 15:39:19 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/02/09 15:39:19 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/02/09 15:39:19 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/02/09 15:39:18 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/02/09 15:39:18 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/02/09 15:39:17 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/02/09 15:37:52 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/02/09 15:37:52 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/09 15:37:52 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/09 15:37:51 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/09 15:37:51 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/09 15:37:51 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/09 15:37:51 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/02/09 15:37:51 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/02/09 15:37:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/02/09 15:37:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/02/09 15:37:50 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/02/09 15:37:50 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/02/09 15:37:50 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/09 15:37:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/09 15:37:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/02/09 15:37:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/09 15:37:49 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/09 15:37:36 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/09 15:37:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/03/11 07:40:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AA3C5D03-265C-4D2F-9F97-272B964147BB}.job
[2011/03/11 07:37:39 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EEF8D868-263D-407E-B401-21B46E05761C}.job
[2011/03/11 07:34:06 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/11 07:05:45 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/11 07:02:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/11 07:02:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/11 07:02:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/11 07:01:47 | 1062,395,904 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/10 09:59:34 | 000,002,339 | ---- | M] () -- C:\Users\Lauren & Sineca\Desktop\Attach2.zip
[2011/03/10 09:07:08 | 000,625,664 | ---- | M] () -- C:\Users\Lauren & Sineca\Desktop\dds.scr
[2011/03/09 10:14:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/09 09:37:27 | 004,284,225 | R--- | M] () -- C:\Users\Lauren & Sineca\Desktop\ComboFix.exe
[2011/03/09 08:20:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lauren & Sineca\Desktop\OTL.exe
[2011/03/08 07:11:48 | 000,027,648 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2011/03/07 15:43:32 | 000,000,680 | ---- | M] () -- C:\Users\Lauren & Sineca\Desktop\ERUNT.lnk
[2011/03/07 12:05:09 | 000,000,447 | ---- | M] () -- C:\Windows\wininit.ini
[2011/03/07 09:33:19 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/06 10:52:13 | 000,033,280 | ---- | M] () -- C:\Users\Lauren & Sineca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/04 11:40:46 | 000,001,978 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/02/22 12:46:55 | 000,148,952 | ---- | M] () -- C:\Windows\hpoins19.dat
[2011/02/21 16:34:18 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/21 16:34:18 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/10 09:25:24 | 000,372,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/03/10 09:59:34 | 000,002,339 | ---- | C] () -- C:\Users\Lauren & Sineca\Desktop\Attach2.zip
[2011/03/10 09:07:07 | 000,625,664 | ---- | C] () -- C:\Users\Lauren & Sineca\Desktop\dds.scr
[2011/03/09 09:44:34 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/09 09:44:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/09 09:44:34 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/09 09:44:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/09 09:44:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/09 09:34:10 | 004,284,225 | R--- | C] () -- C:\Users\Lauren & Sineca\Desktop\ComboFix.exe
[2011/03/08 09:03:21 | 1062,395,904 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/07 15:43:32 | 000,000,680 | ---- | C] () -- C:\Users\Lauren & Sineca\Desktop\ERUNT.lnk
[2011/03/07 10:25:21 | 000,000,447 | ---- | C] () -- C:\Windows\wininit.ini
[2011/03/07 09:33:19 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/05 08:49:49 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/03/05 08:49:49 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/03/05 08:49:49 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/22 12:36:43 | 000,000,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/02/22 12:32:05 | 000,001,978 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/02/22 11:49:29 | 000,148,952 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/02/22 11:49:07 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/11/04 16:22:58 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010/11/04 16:22:57 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/11/03 14:56:40 | 009,079,808 | ---- | C] () -- C:\Windows\System32\alltoall.exe
[2010/08/09 15:39:19 | 000,000,070 | ---- | C] () -- C:\Users\Lauren & Sineca\AppData\Roaming\wklnhst.dat
[2010/06/14 08:12:17 | 000,000,680 | ---- | C] () -- C:\Users\Lauren & Sineca\AppData\Local\d3d9caps.dat
[2010/06/11 13:08:59 | 000,000,552 | ---- | C] () -- C:\Users\Lauren & Sineca\AppData\Local\d3d8caps.dat
[2010/05/13 07:50:18 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/04/08 13:33:27 | 079,471,648 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2010/02/12 11:36:38 | 000,306,688 | ---- | C] () -- C:\Windows\System32\LFFPX7.DLL
[2010/02/12 11:36:38 | 000,302,592 | ---- | C] () -- C:\Windows\System32\pgp.dll
[2010/02/12 11:36:38 | 000,095,232 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL
[2010/02/12 11:36:38 | 000,093,184 | ---- | C] () -- C:\Windows\System32\keydb.dll
[2010/02/12 11:36:38 | 000,070,656 | ---- | C] () -- C:\Windows\System32\simple.dll
[2010/02/12 11:36:38 | 000,065,024 | ---- | C] () -- C:\Windows\System32\bn.dll
[2009/12/19 13:52:29 | 000,000,068 | ---- | C] () -- C:\Windows\C4WREL7.INI
[2009/12/19 13:51:27 | 000,032,256 | ---- | C] () -- C:\Windows\System32\lng32mai.dll
[2009/12/19 13:51:27 | 000,016,384 | ---- | C] () -- C:\Windows\System32\REGMOD.DLL
[2009/12/19 13:51:26 | 003,288,064 | ---- | C] () -- C:\Windows\System32\C4WSA32.DLL
[2009/12/19 13:51:26 | 000,311,808 | ---- | C] () -- C:\Windows\System32\C4WTIL32.DLL
[2009/12/19 13:51:26 | 000,139,776 | ---- | C] () -- C:\Windows\System32\C4WICN32.DLL
[2009/12/19 13:51:26 | 000,061,952 | ---- | C] () -- C:\Windows\System32\C4WRES32.DLL
[2009/12/19 13:51:26 | 000,051,200 | ---- | C] () -- C:\Windows\System32\DWSW32.DLL
[2009/12/19 13:51:26 | 000,033,280 | ---- | C] () -- C:\Windows\System32\lng32ss.dll
[2009/12/19 13:51:25 | 000,031,744 | ---- | C] () -- C:\Windows\System32\C4WErr32.dll
[2009/11/22 13:12:44 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2009/09/18 09:42:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 09:42:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/30 09:04:31 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2008/12/27 19:23:12 | 000,000,664 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/10/13 12:28:59 | 000,000,155 | ---- | C] () -- C:\Windows\CDFACE32.INI
[2008/09/11 09:03:51 | 000,033,280 | ---- | C] () -- C:\Users\Lauren & Sineca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/04 06:28:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/18 14:12:30 | 000,000,611 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/07/18 14:12:30 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini
[2008/07/18 14:12:29 | 000,000,957 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/07/18 12:54:44 | 000,000,090 | ---- | C] () -- C:\Windows\calera.ini
[2008/07/18 12:54:35 | 000,269,312 | ---- | C] () -- C:\Windows\System32\FPXIG.DLL
[2008/07/18 12:54:35 | 000,068,096 | ---- | C] () -- C:\Windows\System32\IGFPX32P.DLL
[2008/07/18 12:54:35 | 000,065,024 | ---- | C] () -- C:\Windows\System32\JPEGACC.DLL
[2008/07/18 12:54:24 | 000,101,376 | ---- | C] () -- C:\Windows\System32\WELSOF32.DLL
[2008/07/07 14:09:44 | 000,651,264 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2008/07/07 14:09:44 | 000,192,512 | R--- | C] () -- C:\Windows\System32\AegisI5.exe
[2008/07/07 14:09:44 | 000,149,392 | ---- | C] () -- C:\Windows\System32\drivers\ar5523.bin
[2008/07/07 14:09:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2008/03/25 08:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2008/03/25 08:42:46 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/03/25 08:42:46 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/03/25 08:42:46 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/02/21 07:57:04 | 000,000,068 | ---- | C] () -- C:\Windows\System32\Compaq_Demo.ini
[2008/02/21 07:45:41 | 000,102,451 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/02/21 07:41:27 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2008/02/21 07:39:16 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/02/21 07:39:16 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/02/21 07:30:17 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/02/21 07:30:17 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/02/21 07:30:17 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/02/21 07:30:17 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,372,504 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1997/07/10 23:00:00 | 000,047,104 | ---- | C] () -- C:\Windows\System32\WRKGADM.EXE
[1997/07/10 23:00:00 | 000,031,232 | ---- | C] () -- C:\Windows\System32\XLREC.DLL
[1997/07/10 23:00:00 | 000,025,600 | ---- | C] () -- C:\Windows\System32\RECNCL.DLL
[1997/07/10 23:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL
[1997/07/10 23:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997/07/10 23:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
========== LOP Check ==========
[2009/06/25 21:09:10 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\AT&T
[2010/12/11 10:24:15 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\ATTToolbar
[2008/12/27 19:58:08 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Canon
[2010/05/20 18:56:25 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Costco Photo Organizer
[2010/05/30 09:03:14 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Costco Photo Viewer US
[2011/02/23 11:55:31 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Image Zone Express
[2008/10/13 09:32:22 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\LimeWire
[2008/07/31 13:06:29 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\MSNInstaller
[2008/11/28 19:57:55 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\NCH Swift Sound
[2011/02/22 13:04:05 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Printer Info Cache
[2008/11/17 14:18:39 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Recordpad
[2008/12/27 19:22:49 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\ScanSoft
[2008/09/12 16:14:26 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\SmartDraw
[2008/07/07 13:41:13 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Snapfish
[2008/08/11 19:12:28 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Template
[2008/07/08 21:07:18 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\WinBatch
[2008/11/18 10:44:48 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\acccore
[2009/06/26 07:38:50 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\AT&T
[2009/01/21 11:02:48 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\Canon
[2010/05/24 15:36:12 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\Costco Photo Organizer
[2010/05/20 16:01:26 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\Costco Photo Viewer US
[2008/11/18 09:49:54 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\NCH Swift Sound
[2008/11/18 09:49:52 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\Recordpad
[2011/03/08 09:37:55 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\Snapfish
[2010/08/09 15:39:22 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\Template
[2011/03/10 18:15:44 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/03/11 07:40:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{AA3C5D03-265C-4D2F-9F97-272B964147BB}.job
[2011/03/11 07:37:39 | 000,000,412 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EEF8D868-263D-407E-B401-21B46E05761C}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
Hi,
Log looks fine, just a couple of entries I am not sure about
Download and Run SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:Dir
C:\ProgramData\lFnDdMo06300
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
SystemLook 04.09.10 by jpshortstuff
Log created at 08:35 on 11/03/2011 by Lauren & Sineca
Administrator - Elevation successful
========== Dir ==========
C:\ProgramData\lFnDdMo06300 - Parameters: "(none)"
---Files---
lFnDdMo06300 --a---- 98 bytes [18:21 04/03/2011] [18:31 04/03/2011]
---Folders---
None found.
-= EOF =-
Lets not worry about it, how are things running now ?
So far so good.:bigthumb:
I am trying to reinstall my HP printer because it isn't working now after all of this, and it appears that I am missing some registry keys...Enum, gpkcsp.dll,sccbase.dll, and slbcsp.dll. Could they have been erased?
I just looked through your logs and dont see any of those removed.
What I would do is to uninstall your printer through Programs and Features in the Control Panel, then go to Start> Printers and Faxes and if your printer is listed just right click on it and delete it. Then reboot your system and using your HP Printer disk try installing the software again. If you still cant get it to run then I will link you to a HP forum that can help you.
Ken
Hi,
Could it possibly have something to do with Windows Defender? Everytime I start up the computer now, it tells me that Windows has blocked some start up programs. It never used to do that before, so I'm not sure what made it start blocking programs, any advice?
See if these links makes sense to you and lets see what is being blocked
http://www.howtogeek.com/howto/windows-vista/stop-the-annoying-windows-has-blocked-some-startup-programs-balloon/
http://support.microsoft.com/kb/930367
Well I don't think that was my problem. After I read the articles you posted (I believe) It helped me fix the issue, thanks for the info.
Would you please refer me to the HP forum I guess, It still tells me that those registry keys don't exist.
Sure, give this one a try
http://h30434.www3.hp.com/
Let me know if they resolved it for you
Thank you SO much, you have been so helpful. You saved my computer! I appreciate all that you did. I will let you know if I get it fixed. Thanks again.
Your very welcome
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
Is it ok if I keep spybot and malwarebytes in my computer? Or is that not a good idea?
What I mean by what I asked above is, you said to run OTL and it would clean up the programs. Will it get rid of spybot and malwarebytes, etc?
Yes, by all means keep them. The cleanup will just remove tools like Combofix and some Rootkit scanners. The Pro Version of Malwarebytes has a protection feature, if you should wander into a bad website it you will get a PAGE NOT FOUND and then a pop up from Malwarebytes stating that it blocked a potential bad website. The cost is minimal, I believe around $20 or so for a life time , no yearly renewals , but this of course is up to you. The free version you have can be updated , run a scan and it will still remove what it finds.
Ken :)