Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Boot problems

  1. #1
    Member
    Join Date
    Apr 2011
    Posts
    78

    Default Boot problems

    My computer sometimes takes a very long time to boot. Even after waiting for 5-10 minutes I sometimes have to shut it down and try again. I've found and removed a few things using Spybot, MalwareBytes and Eset, but it hasn't changed. I know that I wasn't supposed to, but out of desperation, I even tried ComboFix to see if that would work, but it did not.

    I'm hoping that it is not a matter of re-installing the operating system. I would greatly appreciate it if someone could guide me through a more thorough inspection and cleaning before I resort to such a drastic measure.

    Any help insuring that my machine is clean would be sincerely appreciated.


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
    Run by Bob at 20:44:32 on 2013-01-19
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.904 [GMT -6:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\My Lockbox\mylbx.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
    C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
    C:\Program Files\Hotspot Shield\bin\hsswd.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
    C:\WINDOWS\system32\msdtc.exe
    C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe
    C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uLocal Page = c:\program files\common files\microsoft shared\stationery\Blank.htm
    uDefault_Search_URL = hxxp://search.searchcompletion.com/?si=10211&home=1
    mLocal Page = c:\program files\common files\microsoft shared\stationery\Blank.htm
    uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    BHO: HelperObject Class: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: Ant.com browser helper (video detector): {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - c:\program files\ant.com\ie add-on\Download.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll
    TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - c:\program files\ant.com\ie add-on\anttoolbar.dll
    TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
    TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: <No Name>: - LocalServer32 - <no file>
    TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll
    TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - c:\program files\ant.com\ie add-on\anttoolbar.dll
    uRun: [DriverMax_RESTART] "c:\program files\innovative solutions\drivermax\devices.exe" -RESTART
    uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
    uRun: [\\UPSTAIRS_PRECIS\EPSON NX110 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifba.exe /fu "c:\docume~1\bob\locals~1\temp\E_S294.tmp" /EF "HKCU"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Uploader] c:\program files\seagate\seagate dashboard 2.0\Seagate.Dashboard.Uploader.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    mRun: [mylbx] c:\program files\my lockbox\mylbx.exe /a
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [rfagent] c:\junk non-backup\registry first aid move\rfa\rfagent.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe"
    mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [DBAgent] "c:\program files\seagate\seagate dashboard 2.0\DBAgent.exe" /WinStart
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    dRunOnce: [tscuninstall] c:\windows\system32\tscupgrd.exe
    StartupFolder: c:\docume~1\bob\startm~1\programs\startup\aquari~1.lnk - c:\program files\aquarius soft\pc alarm clock pro\alarm.exe
    StartupFolder: c:\docume~1\bob\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\docume~1\bob\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\Download.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} - hxxps://secure.logmein.com/activex/RACtrl.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349819256953
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{1F50389D-8DEA-49E5-9593-FA09ACC3563A} : NameServer = 74.40.74.40,74.40.74.41
    TCP: Interfaces\{1F50389D-8DEA-49E5-9593-FA09ACC3563A} : DHCPNameServer = 192.168.1.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    Notify: LMIinit - LMIinit.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\bob\application data\mozilla\firefox\profiles\vw9a9lod.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=12BAD2A56E715549578C1A4FD362E733&q=
    FF - plugin: c:\documents and settings\bob\application data\mozilla\firefox\profiles\vw9a9lod.default\extensions\logmeinclient@logmein.com\plugins\npLMI64.dll
    FF - plugin: c:\documents and settings\bob\application data\mozilla\firefox\profiles\vw9a9lod.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
    FF - plugin: c:\documents and settings\bob\local settings\application data\citrix\plugins\79\npappdetector.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-10-11 50248]
    R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-10-11 40648]
    R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2011-4-6 41912]
    R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-10-11 14920]
    R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-10-11 185032]
    R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\ant.com\ie add-on\AntUpdaterService.exe [2011-6-29 520216]
    R2 EaseUS Agent;EaseUS Agent Service;c:\program files\easeus\todo backup\bin\Agent.exe [2012-10-11 69192]
    R2 Guard Agent;Guard Agent Service;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2012-10-11 23624]
    R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-5 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-7-13 47640]
    R2 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files\seagate\seagate dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2012-11-8 15552]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
    R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-8-4 5120]
    R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-1-13 3467768]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
    R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2009-5-10 127496]
    S0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys --> c:\windows\system32\drivers\avgarkt.sys [?]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\avgarcln.sys --> c:\windows\system32\drivers\AvgArCln.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; [x]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest home edition\kerneld.wnt [2005-8-18 7168]
    S3 NLNdisMP;NLNdisMP;c:\windows\system32\drivers\nlndis.sys --> c:\windows\system32\drivers\nlndis.sys [?]
    S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\drivers\nlndis.sys --> c:\windows\system32\drivers\nlndis.sys [?]
    S3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553896]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    .
    =============== Created Last 30 ================
    .
    2013-01-15 16:29:59 -------- d-----w- c:\documents and settings\bob\dwhelper
    .
    ==================== Find3M ====================
    .
    2013-01-19 22:40:48 306176 --sha-w- C:\EUMONBMP.SYS
    2013-01-09 11:19:35 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-09 11:19:35 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 22:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll
    2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec
    2009-10-03 16:43:23 8410624 ----a-w- c:\program files\HTML Guardian 7.msi
    .
    ============= FINISH: 20:45:18.51 ===============



    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-01-19 18:31:06
    -----------------------------
    18:31:06.984 OS Version: Windows 5.1.2600 Service Pack 3
    18:31:06.984 Number of processors: 2 586 0xF0D
    18:31:06.984 ComputerName: INSPIRON UserName: Bob
    18:31:09.421 Initialize success
    18:31:23.687 AVAST engine defs: 13011901
    18:32:09.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    18:32:09.093 Disk 0 Vendor: Hitachi_HDT725032VLA360 V54OA73A Size: 305245MB BusType: 3
    18:32:09.140 Disk 0 MBR read successfully
    18:32:09.140 Disk 0 MBR scan
    18:32:09.187 Disk 0 Windows XP default MBR code
    18:32:09.203 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
    18:32:09.234 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 305187 MB offset 96390
    18:32:09.312 Disk 0 scanning sectors +625121280
    18:32:09.437 Disk 0 scanning C:\WINDOWS\system32\drivers
    18:32:39.843 Service scanning
    18:32:51.078 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
    18:32:54.875 Modules scanning
    18:33:23.125 Disk 0 trace - called modules:
    18:33:23.171 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
    18:33:23.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6d8ab8]
    18:33:23.171 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000073[0x8a6def18]
    18:33:23.187 5 ACPI.sys[b9e6f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a6c3940]
    18:33:24.390 AVAST engine scan C:\WINDOWS
    18:34:54.968 AVAST engine scan C:\WINDOWS\system32
    18:43:48.171 AVAST engine scan C:\WINDOWS\system32\drivers
    18:45:34.203 AVAST engine scan C:\Documents and Settings\Bob
    19:33:57.578 AVAST engine scan C:\Documents and Settings\All Users
    19:41:40.812 Scan finished successfully
    20:44:14.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bob\Desktop\MBR.dat"
    20:44:14.390 The log file has been saved successfully to "C:\Documents and Settings\Bob\Desktop\aswMBR.txt"

  2. #2
    Senior Member
    Join Date
    Jun 2012
    Location
    Malaysia
    Posts
    121

    Default

    Hi savanna :

    Sorry for being late.

    Since those logs that I have with me now is quite old, I need to get new logs.

    1. TDSSKiller
    Please download TDSSKiller.exe and save it to your Desktop.
    • Double click on TDSSKiller.exe to run it.
    • When the TDSSKiller finish loading, click on Start Scan, the scan will run.
    • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
    • To find the log go to Start > Computer > C:
    • Post the contents of that log in your next reply please.
    • DO NOT TRY TO FIX ANYTHING AT THIS POINT



    2. OTL
    Please download OTL ... by Old Timer . Save it to your Desktop.
    • Double click on OTL.exe to run it.
    • Under Output, ensure that Minimal Output is selected.
    • Click the Scan All Users checkbox.
      Leave the remaining selections to the default settings.
    • Click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open.
      • OTL.txt <-- Will be opened, maximized
      • Extras.txt <-- Will be minimized on task bar.
    • Please post the contents of both OTL.txt and Extras.txt files in your next reply.



    3. I need more information before we continue.
    1. What is the symptoms (besides slow boot) that make you think you are infected? Any re-direction, strange sound, email hacked, pop-up?
    2. Since when this incident happen?
    3. What is the last thing that you do before this incident happen?



    thanks,
    torreattack
    Graduate of Malware Removal University, - You too could train to help others

  3. #3
    Member
    Join Date
    Apr 2011
    Posts
    78

    Default

    I has some re-direction a while back along with the slow boot, but I haven't noticed anything recently.

    OTL.txt and Extras.txt files will be included in the next 2 posts due to their size.

    Thank you for you your help.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    16:36:59.0140 5296 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    16:36:59.0515 5296 ============================================================
    16:36:59.0515 5296 Current date / time: 2013/02/08 16:36:59.0515
    16:36:59.0515 5296 SystemInfo:
    16:36:59.0515 5296
    16:36:59.0515 5296 OS Version: 5.1.2600 ServicePack: 3.0
    16:36:59.0515 5296 Product type: Workstation
    16:36:59.0515 5296 ComputerName: INSPIRON
    16:36:59.0515 5296 UserName: Bob
    16:36:59.0515 5296 Windows directory: C:\WINDOWS
    16:36:59.0515 5296 System windows directory: C:\WINDOWS
    16:36:59.0515 5296 Processor architecture: Intel x86
    16:36:59.0515 5296 Number of processors: 2
    16:36:59.0515 5296 Page size: 0x1000
    16:36:59.0515 5296 Boot type: Normal boot
    16:36:59.0515 5296 ============================================================
    16:37:00.0703 5296 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    16:37:00.0703 5296 ============================================================
    16:37:00.0703 5296 \Device\Harddisk0\DR0:
    16:37:00.0703 5296 MBR partitions:
    16:37:00.0703 5296 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x25411F7A
    16:37:00.0703 5296 ============================================================
    16:37:00.0750 5296 C: <-> \Device\Harddisk0\DR0\Partition1
    16:37:00.0750 5296 ============================================================
    16:37:00.0750 5296 Initialize success
    16:37:00.0750 5296 ============================================================
    16:37:05.0843 5016 ============================================================
    16:37:05.0843 5016 Scan started
    16:37:05.0843 5016 Mode: Manual;
    16:37:05.0843 5016 ============================================================
    16:37:06.0546 5016 ================ Scan system memory ========================
    16:37:06.0546 5016 System memory - ok
    16:37:06.0546 5016 ================ Scan services =============================
    16:37:06.0687 5016 Abiosdsk - ok
    16:37:06.0687 5016 abp480n5 - ok
    16:37:06.0750 5016 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    16:37:06.0765 5016 ACPI - ok
    16:37:06.0796 5016 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    16:37:06.0796 5016 ACPIEC - ok
    16:37:06.0859 5016 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    16:37:06.0875 5016 AdobeFlashPlayerUpdateSvc - ok
    16:37:06.0875 5016 adpu160m - ok
    16:37:06.0937 5016 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    16:37:06.0937 5016 aec - ok
    16:37:06.0984 5016 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    16:37:06.0984 5016 AFD - ok
    16:37:07.0000 5016 Aha154x - ok
    16:37:07.0015 5016 aic78u2 - ok
    16:37:07.0046 5016 aic78xx - ok
    16:37:07.0093 5016 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    16:37:07.0093 5016 Alerter - ok
    16:37:07.0109 5016 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    16:37:07.0109 5016 ALG - ok
    16:37:07.0125 5016 AliIde - ok
    16:37:07.0140 5016 amsint - ok
    16:37:07.0234 5016 [ C710B5D634DCCF966661939193175DE4 ] AntUpdaterService C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
    16:37:07.0234 5016 AntUpdaterService - ok
    16:37:07.0281 5016 [ 8D3A55F7B7BE6B374479E5195F477226 ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
    16:37:07.0281 5016 AnyDVD - ok
    16:37:07.0343 5016 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    16:37:07.0343 5016 Apple Mobile Device - ok
    16:37:07.0375 5016 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    16:37:07.0375 5016 AppMgmt - ok
    16:37:07.0390 5016 asc - ok
    16:37:07.0406 5016 asc3350p - ok
    16:37:07.0437 5016 asc3550 - ok
    16:37:07.0531 5016 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    16:37:07.0562 5016 aspnet_state - ok
    16:37:07.0593 5016 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    16:37:07.0593 5016 AsyncMac - ok
    16:37:07.0625 5016 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    16:37:07.0625 5016 atapi - ok
    16:37:07.0640 5016 Atdisk - ok
    16:37:07.0687 5016 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    16:37:07.0687 5016 Atmarpc - ok
    16:37:07.0718 5016 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    16:37:07.0718 5016 AudioSrv - ok
    16:37:07.0765 5016 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    16:37:07.0765 5016 audstub - ok
    16:37:07.0765 5016 AVG Anti-Rootkit - ok
    16:37:07.0796 5016 AvgArCln - ok
    16:37:07.0843 5016 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    16:37:07.0843 5016 Beep - ok
    16:37:07.0875 5016 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    16:37:08.0000 5016 BITS - ok
    16:37:08.0062 5016 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    16:37:08.0078 5016 Bonjour Service - ok
    16:37:08.0109 5016 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    16:37:08.0109 5016 Browser - ok
    16:37:08.0187 5016 catchme - ok
    16:37:08.0203 5016 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    16:37:08.0203 5016 cbidf2k - ok
    16:37:08.0234 5016 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    16:37:08.0234 5016 CCDECODE - ok
    16:37:08.0250 5016 cd20xrnt - ok
    16:37:08.0281 5016 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    16:37:08.0281 5016 Cdaudio - ok
    16:37:08.0312 5016 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    16:37:08.0312 5016 Cdfs - ok
    16:37:08.0328 5016 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    16:37:08.0328 5016 Cdrom - ok
    16:37:08.0359 5016 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
    16:37:08.0359 5016 cercsr6 - ok
    16:37:08.0375 5016 Changer - ok
    16:37:08.0421 5016 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    16:37:08.0421 5016 CiSvc - ok
    16:37:08.0468 5016 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    16:37:08.0468 5016 ClipSrv - ok
    16:37:08.0500 5016 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    16:37:08.0578 5016 clr_optimization_v2.0.50727_32 - ok
    16:37:08.0640 5016 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    16:37:08.0640 5016 clr_optimization_v4.0.30319_32 - ok
    16:37:08.0656 5016 CmdIde - ok
    16:37:08.0671 5016 COMSysApp - ok
    16:37:08.0718 5016 Cpqarray - ok
    16:37:08.0765 5016 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
    16:37:08.0765 5016 cpudrv - ok
    16:37:08.0796 5016 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    16:37:08.0796 5016 CryptSvc - ok
    16:37:08.0812 5016 dac2w2k - ok
    16:37:08.0843 5016 dac960nt - ok
    16:37:08.0890 5016 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    16:37:08.0890 5016 DcomLaunch - ok
    16:37:08.0937 5016 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    16:37:08.0937 5016 Dhcp - ok
    16:37:08.0953 5016 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    16:37:08.0953 5016 Disk - ok
    16:37:08.0968 5016 dmadmin - ok
    16:37:09.0015 5016 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    16:37:09.0031 5016 dmboot - ok
    16:37:09.0046 5016 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
    16:37:09.0046 5016 dmio - ok
    16:37:09.0078 5016 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    16:37:09.0078 5016 dmload - ok
    16:37:09.0109 5016 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    16:37:09.0109 5016 dmserver - ok
    16:37:09.0125 5016 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    16:37:09.0125 5016 DMusic - ok
    16:37:09.0171 5016 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    16:37:09.0171 5016 Dnscache - ok
    16:37:09.0203 5016 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    16:37:09.0203 5016 Dot3svc - ok
    16:37:09.0218 5016 dpti2o - ok
    16:37:09.0250 5016 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    16:37:09.0250 5016 drmkaud - ok
    16:37:09.0312 5016 [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    16:37:09.0312 5016 e1express - ok
    16:37:09.0328 5016 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    16:37:09.0328 5016 EapHost - ok
    16:37:09.0406 5016 [ D5EA19ADC8C9AF39BD1C8E17FA3DEDE4 ] EaseUS Agent C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
    16:37:09.0437 5016 EaseUS Agent - ok
    16:37:09.0484 5016 [ CE37E3D51912E59C80C6D84337C0B4CD ] ElbyCDFL C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
    16:37:09.0484 5016 ElbyCDFL - ok
    16:37:09.0531 5016 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
    16:37:09.0531 5016 ElbyCDIO - ok
    16:37:09.0578 5016 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    16:37:09.0578 5016 ERSvc - ok
    16:37:09.0625 5016 [ 550945BE45CF746B9FBEA30E0B7C90AB ] EUBAKUP C:\WINDOWS\system32\drivers\eubakup.sys
    16:37:09.0625 5016 EUBAKUP - ok
    16:37:09.0640 5016 [ 309056A5472C3705C55565F58B154DF0 ] EUBKMON C:\WINDOWS\system32\drivers\EUBKMON.sys
    16:37:09.0640 5016 EUBKMON - ok
    16:37:09.0656 5016 [ FD20932B3A68E34A4D07ECEB2D54AB01 ] EUDSKACS C:\WINDOWS\system32\drivers\eudskacs.sys
    16:37:09.0656 5016 EUDSKACS - ok
    16:37:09.0687 5016 [ 158CDFCA5E2A8E91E503E43228F89125 ] EUFDDISK C:\WINDOWS\system32\drivers\EuFdDisk.sys
    16:37:09.0687 5016 EUFDDISK - ok
    16:37:09.0734 5016 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    16:37:09.0734 5016 Eventlog - ok
    16:37:09.0750 5016 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    16:37:09.0765 5016 EventSystem - ok
    16:37:09.0812 5016 [ 76984D46B2ABAA46F8B3FCEF82C9217D ] EverestDriver C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt
    16:37:09.0812 5016 EverestDriver - ok
    16:37:09.0828 5016 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    16:37:09.0843 5016 Fastfat - ok
    16:37:09.0875 5016 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    16:37:09.0875 5016 FastUserSwitchingCompatibility - ok
    16:37:09.0921 5016 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
    16:37:09.0921 5016 Fdc - ok
    16:37:09.0937 5016 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    16:37:09.0937 5016 Fips - ok
    16:37:09.0968 5016 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    16:37:09.0968 5016 Flpydisk - ok
    16:37:09.0984 5016 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    16:37:10.0000 5016 FltMgr - ok
    16:37:10.0046 5016 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    16:37:10.0046 5016 FontCache3.0.0.0 - ok
    16:37:10.0062 5016 [ 3528C9EC493CA524A877D217C7D51600 ] FSProFilter C:\WINDOWS\system32\Drivers\FSPFltd.sys
    16:37:10.0078 5016 FSProFilter - ok
    16:37:10.0109 5016 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    16:37:10.0109 5016 Fs_Rec - ok
    16:37:10.0125 5016 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    16:37:10.0125 5016 Ftdisk - ok
    16:37:10.0156 5016 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    16:37:10.0156 5016 GEARAspiWDM - ok
    16:37:10.0187 5016 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    16:37:10.0187 5016 Gpc - ok
    16:37:10.0218 5016 [ C6A9EA32174545F7DD3C991E9FBECB2F ] Guard Agent C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
    16:37:10.0250 5016 Guard Agent - ok
    16:37:10.0281 5016 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    16:37:10.0281 5016 HDAudBus - ok
    16:37:10.0343 5016 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    16:37:10.0343 5016 helpsvc - ok
    16:37:10.0390 5016 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    16:37:10.0390 5016 HidServ - ok
    16:37:10.0421 5016 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    16:37:10.0421 5016 hidusb - ok
    16:37:10.0453 5016 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    16:37:10.0468 5016 hkmsvc - ok
    16:37:10.0468 5016 hpn - ok
    16:37:10.0515 5016 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
    16:37:10.0515 5016 HSFHWBS2 - ok
    16:37:10.0562 5016 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
    16:37:10.0578 5016 HSF_DP - ok
    16:37:10.0609 5016 HssWd - ok
    16:37:10.0656 5016 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    16:37:10.0656 5016 HTTP - ok
    16:37:10.0687 5016 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    16:37:10.0703 5016 HTTPFilter - ok
    16:37:10.0718 5016 i2omgmt - ok
    16:37:10.0750 5016 i2omp - ok
    16:37:10.0796 5016 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
    16:37:10.0796 5016 i8042prt - ok
    16:37:10.0953 5016 [ 0F68E2EC713F132FFB19E45415B09679 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    16:37:11.0015 5016 ialm - ok
    16:37:11.0109 5016 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    16:37:11.0109 5016 IDriverT - ok
    16:37:11.0187 5016 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    16:37:11.0187 5016 idsvc - ok
    16:37:11.0218 5016 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    16:37:11.0218 5016 Imapi - ok
    16:37:11.0250 5016 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    16:37:11.0265 5016 ImapiService - ok
    16:37:11.0281 5016 ini910u - ok
    16:37:11.0406 5016 [ F7F3328544E1AC2E97CAEA9B39D9B9DE ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    16:37:11.0484 5016 IntcAzAudAddService - ok
    16:37:11.0500 5016 IntelIde - ok
    16:37:11.0546 5016 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    16:37:11.0546 5016 intelppm - ok
    16:37:11.0578 5016 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    16:37:11.0578 5016 Ip6Fw - ok
    16:37:11.0625 5016 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    16:37:11.0625 5016 IpFilterDriver - ok
    16:37:11.0656 5016 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    16:37:11.0671 5016 IpInIp - ok
    16:37:11.0671 5016 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    16:37:11.0687 5016 IpNat - ok
    16:37:11.0734 5016 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    16:37:11.0734 5016 iPod Service - ok
    16:37:11.0765 5016 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    16:37:11.0765 5016 IPSec - ok
    16:37:11.0796 5016 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    16:37:11.0796 5016 IRENUM - ok
    16:37:11.0828 5016 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    16:37:11.0828 5016 isapnp - ok
    16:37:11.0906 5016 [ 7FBFEEE245821925129C9F86470BF33C ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    16:37:11.0906 5016 JavaQuickStarterService - ok
    16:37:11.0937 5016 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    16:37:11.0937 5016 Kbdclass - ok
    16:37:11.0953 5016 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    16:37:11.0953 5016 kbdhid - ok
    16:37:12.0250 5016 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    16:37:12.0250 5016 kmixer - ok
    16:37:12.0281 5016 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    16:37:12.0281 5016 KSecDD - ok
    16:37:12.0328 5016 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    16:37:12.0328 5016 lanmanserver - ok
    16:37:12.0375 5016 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    16:37:12.0390 5016 lanmanworkstation - ok
    16:37:12.0390 5016 Lbd - ok
    16:37:12.0390 5016 lbrtfdc - ok
    16:37:12.0421 5016 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    16:37:12.0421 5016 LmHosts - ok
    16:37:12.0500 5016 [ 850CC3EE0507654C40E1971982F4B698 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    16:37:12.0500 5016 LMIGuardianSvc - ok
    16:37:12.0531 5016 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
    16:37:12.0546 5016 LMIInfo - ok
    16:37:12.0546 5016 [ 47DC389D96A34DEBDF9C2C2555DA2F01 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
    16:37:12.0546 5016 LMIMaint - ok
    16:37:12.0578 5016 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
    16:37:12.0578 5016 lmimirr - ok
    16:37:12.0578 5016 LMIRfsClientNP - ok
    16:37:12.0593 5016 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    16:37:12.0593 5016 LMIRfsDriver - ok
    16:37:12.0625 5016 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
    16:37:12.0625 5016 LogMeIn - ok
    16:37:12.0671 5016 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    16:37:12.0671 5016 mdmxsdk - ok
    16:37:12.0687 5016 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    16:37:12.0687 5016 Messenger - ok
    16:37:12.0718 5016 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    16:37:12.0718 5016 mnmdd - ok
    16:37:12.0734 5016 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    16:37:12.0734 5016 mnmsrvc - ok
    16:37:12.0765 5016 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    16:37:12.0765 5016 Modem - ok
    16:37:12.0796 5016 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
    16:37:12.0796 5016 MODEMCSA - ok
    16:37:12.0796 5016 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    16:37:12.0812 5016 Mouclass - ok
    16:37:12.0812 5016 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    16:37:12.0828 5016 mouhid - ok
    16:37:12.0843 5016 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    16:37:12.0843 5016 MountMgr - ok
    16:37:12.0875 5016 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    16:37:12.0875 5016 MozillaMaintenance - ok
    16:37:12.0890 5016 mraid35x - ok
    16:37:12.0890 5016 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    16:37:12.0890 5016 MRxDAV - ok
    16:37:12.0937 5016 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    16:37:12.0937 5016 MRxSmb - ok
    16:37:12.0953 5016 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    16:37:12.0953 5016 MSDTC - ok
    16:37:12.0953 5016 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    16:37:12.0953 5016 Msfs - ok
    16:37:12.0968 5016 MSIServer - ok
    16:37:12.0984 5016 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    16:37:12.0984 5016 MSKSSRV - ok
    16:37:12.0984 5016 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    16:37:12.0984 5016 MSPCLOCK - ok
    16:37:13.0000 5016 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    16:37:13.0000 5016 MSPQM - ok
    16:37:13.0031 5016 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    16:37:13.0031 5016 mssmbios - ok
    16:37:13.0046 5016 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    16:37:13.0046 5016 MSTEE - ok
    16:37:13.0062 5016 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    16:37:13.0062 5016 Mup - ok
    16:37:13.0078 5016 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    16:37:13.0078 5016 NABTSFEC - ok
    16:37:13.0093 5016 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    16:37:13.0109 5016 napagent - ok
    16:37:13.0109 5016 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    16:37:13.0109 5016 NDIS - ok
    16:37:13.0125 5016 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    16:37:13.0125 5016 NdisIP - ok
    16:37:13.0156 5016 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    16:37:13.0156 5016 NdisTapi - ok
    16:37:13.0171 5016 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    16:37:13.0171 5016 Ndisuio - ok
    16:37:13.0171 5016 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    16:37:13.0171 5016 NdisWan - ok
    16:37:13.0203 5016 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    16:37:13.0203 5016 NDProxy - ok
    16:37:13.0218 5016 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    16:37:13.0218 5016 NetBIOS - ok
    16:37:13.0218 5016 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    16:37:13.0234 5016 NetBT - ok
    16:37:13.0250 5016 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    16:37:13.0250 5016 NetDDE - ok
    16:37:13.0265 5016 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    16:37:13.0265 5016 NetDDEdsdm - ok
    16:37:13.0281 5016 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    16:37:13.0296 5016 Netlogon - ok
    16:37:13.0296 5016 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    16:37:13.0312 5016 Netman - ok
    16:37:13.0328 5016 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    16:37:13.0343 5016 NetTcpPortSharing - ok
    16:37:13.0359 5016 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    16:37:13.0359 5016 Nla - ok
    16:37:13.0359 5016 NLNdisMP - ok
    16:37:13.0375 5016 NLNdisPT - ok
    16:37:13.0515 5016 [ 90C79EB9D0779E027EEEC8C1919A41DD ] Norton Ghost C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    16:37:13.0562 5016 Norton Ghost - ok
    16:37:13.0593 5016 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    16:37:13.0593 5016 Npfs - ok
    16:37:13.0609 5016 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    16:37:13.0609 5016 Ntfs - ok
    16:37:13.0625 5016 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    16:37:13.0625 5016 NtLmSsp - ok
    16:37:13.0656 5016 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    16:37:13.0671 5016 NtmsSvc - ok
    16:37:13.0687 5016 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    16:37:13.0703 5016 Null - ok
    16:37:14.0031 5016 [ 8B2C874897EA498DA012284E12F9DB2B ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    16:37:14.0375 5016 nv - ok
    16:37:14.0421 5016 [ 32F7DEC3729B3BAE66EEBCAB7B03B18F ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
    16:37:14.0421 5016 NVSvc - ok
    16:37:14.0484 5016 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    16:37:14.0484 5016 NwlnkFlt - ok
    16:37:14.0484 5016 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    16:37:14.0484 5016 NwlnkFwd - ok
    16:37:14.0515 5016 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    16:37:14.0515 5016 Parport - ok
    16:37:14.0546 5016 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    16:37:14.0546 5016 PartMgr - ok
    16:37:14.0578 5016 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    16:37:14.0578 5016 ParVdm - ok
    16:37:14.0578 5016 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    16:37:14.0578 5016 PCI - ok
    16:37:14.0578 5016 PCIDump - ok
    16:37:14.0593 5016 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    16:37:14.0593 5016 PCIIde - ok
    16:37:14.0609 5016 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    16:37:14.0609 5016 Pcmcia - ok
    16:37:14.0625 5016 PDCOMP - ok
    16:37:14.0625 5016 PDFRAME - ok
    16:37:14.0625 5016 PDRELI - ok
    16:37:14.0625 5016 PDRFRAME - ok
    16:37:14.0640 5016 perc2 - ok
    16:37:14.0640 5016 perc2hib - ok
    16:37:14.0671 5016 [ 6C1618A07B49E3873582B6449E744088 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
    16:37:14.0671 5016 pfc - ok
    16:37:14.0687 5016 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    16:37:14.0687 5016 PlugPlay - ok
    16:37:14.0687 5016 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    16:37:14.0703 5016 PolicyAgent - ok
    16:37:14.0734 5016 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    16:37:14.0734 5016 PptpMiniport - ok
    16:37:14.0734 5016 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    16:37:14.0734 5016 ProtectedStorage - ok
    16:37:14.0750 5016 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    16:37:14.0750 5016 PSched - ok
    16:37:14.0765 5016 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys
    16:37:14.0765 5016 PSI - ok
    16:37:14.0796 5016 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    16:37:14.0796 5016 Ptilink - ok
    16:37:14.0828 5016 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    16:37:14.0828 5016 PxHelp20 - ok
    16:37:14.0828 5016 ql1080 - ok
    16:37:14.0828 5016 Ql10wnt - ok
    16:37:14.0828 5016 ql12160 - ok
    16:37:14.0843 5016 ql1240 - ok
    16:37:14.0843 5016 ql1280 - ok
    16:37:14.0859 5016 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    16:37:14.0859 5016 RasAcd - ok
    16:37:14.0875 5016 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    16:37:14.0875 5016 RasAuto - ok
    16:37:14.0906 5016 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    16:37:14.0906 5016 Rasl2tp - ok
    16:37:14.0937 5016 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    16:37:14.0937 5016 RasMan - ok
    16:37:14.0984 5016 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    16:37:14.0984 5016 RasPppoe - ok
    16:37:14.0984 5016 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    16:37:14.0984 5016 Raspti - ok
    16:37:15.0000 5016 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    16:37:15.0000 5016 Rdbss - ok
    16:37:15.0000 5016 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    16:37:15.0000 5016 RDPCDD - ok
    16:37:15.0015 5016 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    16:37:15.0015 5016 rdpdr - ok
    16:37:15.0031 5016 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    16:37:15.0031 5016 RDPWD - ok
    16:37:15.0046 5016 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    16:37:15.0062 5016 RDSessMgr - ok
    16:37:15.0078 5016 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    16:37:15.0078 5016 redbook - ok
    16:37:15.0109 5016 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    16:37:15.0109 5016 RemoteAccess - ok
    16:37:15.0125 5016 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    16:37:15.0125 5016 RemoteRegistry - ok
    16:37:15.0156 5016 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    16:37:15.0156 5016 RpcLocator - ok
    16:37:15.0171 5016 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
    16:37:15.0187 5016 RpcSs - ok
    16:37:15.0218 5016 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    16:37:15.0218 5016 RSVP - ok
    16:37:15.0234 5016 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    16:37:15.0234 5016 SamSs - ok
    16:37:15.0250 5016 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    16:37:15.0250 5016 SCardSvr - ok
    16:37:15.0281 5016 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    16:37:15.0296 5016 Schedule - ok
    16:37:15.0343 5016 [ 8CC57132C758F1B9614FE2E2C841FA3D ] Seagate Dashboard Services C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    16:37:15.0343 5016 Seagate Dashboard Services - ok
    16:37:15.0375 5016 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    16:37:15.0375 5016 Secdrv - ok
    16:37:15.0390 5016 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    16:37:15.0390 5016 seclogon - ok
    16:37:15.0468 5016 [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
    16:37:15.0468 5016 Secunia PSI Agent - ok
    16:37:15.0515 5016 [ 0E88FDF474F2CDD370A4A6CE77D018F0 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
    16:37:15.0515 5016 Secunia Update Agent - ok
    16:37:15.0531 5016 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    16:37:15.0531 5016 SENS - ok
    16:37:15.0531 5016 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
    16:37:15.0531 5016 Serial - ok
    16:37:15.0546 5016 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    16:37:15.0546 5016 Sfloppy - ok
    16:37:15.0593 5016 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    16:37:15.0593 5016 SharedAccess - ok
    16:37:15.0625 5016 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    16:37:15.0625 5016 ShellHWDetection - ok
    16:37:15.0640 5016 Simbad - ok
    16:37:15.0671 5016 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    16:37:15.0671 5016 SkypeUpdate - ok
    16:37:15.0703 5016 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    16:37:15.0703 5016 SLIP - ok
    16:37:15.0734 5016 [ DFADFC2C86662F40759BF02ADD27D569 ] sonypvs1 C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
    16:37:15.0734 5016 sonypvs1 - ok
    16:37:15.0750 5016 Sparrow - ok
    16:37:15.0750 5016 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    16:37:15.0750 5016 splitter - ok
    16:37:15.0781 5016 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    16:37:15.0781 5016 Spooler - ok
    16:37:15.0812 5016 [ F42EFEFB765235F24B24E1D2B6F99F46 ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
    16:37:15.0812 5016 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\sptd.sys. md5: F42EFEFB765235F24B24E1D2B6F99F46
    16:37:15.0812 5016 sptd ( LockedFile.Multi.Generic ) - warning
    16:37:15.0812 5016 sptd - detected LockedFile.Multi.Generic (1)
    16:37:15.0812 5016 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    16:37:15.0828 5016 sr - ok
    16:37:15.0859 5016 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    16:37:15.0859 5016 srservice - ok
    16:37:15.0875 5016 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    16:37:15.0890 5016 Srv - ok
    16:37:15.0890 5016 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    16:37:15.0906 5016 SSDPSRV - ok
    16:37:15.0937 5016 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    16:37:15.0953 5016 stisvc - ok
    16:37:15.0968 5016 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    16:37:15.0968 5016 streamip - ok
    16:37:15.0984 5016 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    16:37:15.0984 5016 swenum - ok
    16:37:16.0000 5016 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    16:37:16.0000 5016 swmidi - ok
    16:37:16.0000 5016 SwPrv - ok
    16:37:16.0000 5016 Symantec SymSnap VSS Provider - ok
    16:37:16.0015 5016 symc810 - ok
    16:37:16.0015 5016 symc8xx - ok
    16:37:16.0031 5016 [ C9273531EAC75EE225E3170FB6107FA3 ] symsnap C:\WINDOWS\system32\DRIVERS\symsnap.sys
    16:37:16.0031 5016 symsnap - ok
    16:37:16.0140 5016 [ 5507B0F252D420871D2DA9B3CB2BABC2 ] SymSnapService C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
    16:37:16.0156 5016 SymSnapService - ok
    16:37:16.0156 5016 sym_hi - ok
    16:37:16.0171 5016 sym_u3 - ok
    16:37:16.0171 5016 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    16:37:16.0171 5016 sysaudio - ok
    16:37:16.0203 5016 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    16:37:16.0218 5016 SysmonLog - ok
    16:37:16.0234 5016 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    16:37:16.0250 5016 TapiSrv - ok
    16:37:16.0265 5016 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    16:37:16.0281 5016 Tcpip - ok
    16:37:16.0296 5016 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    16:37:16.0296 5016 TDPIPE - ok
    16:37:16.0312 5016 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    16:37:16.0312 5016 TDTCP - ok
    16:37:16.0421 5016 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
    16:37:16.0468 5016 TeamViewer8 - ok
    16:37:16.0500 5016 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    16:37:16.0500 5016 TermDD - ok
    16:37:16.0531 5016 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    16:37:16.0531 5016 TermService - ok
    16:37:16.0546 5016 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    16:37:16.0546 5016 Themes - ok
    16:37:16.0578 5016 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    16:37:16.0578 5016 TlntSvr - ok
    16:37:16.0578 5016 TosIde - ok
    16:37:16.0609 5016 [ 9F5EEBA83C88EB747B831B6EEADC2442 ] TotRec7 C:\WINDOWS\system32\drivers\TotRec7.sys
    16:37:16.0625 5016 TotRec7 - ok
    16:37:16.0640 5016 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    16:37:16.0640 5016 TrkWks - ok
    16:37:16.0671 5016 [ E266683FC95ABDEC17CD378564E1B54B ] TVICHW32 C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
    16:37:16.0671 5016 TVICHW32 - ok
    16:37:16.0703 5016 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    16:37:16.0703 5016 Udfs - ok
    16:37:16.0703 5016 ultra - ok
    16:37:16.0734 5016 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
    16:37:16.0734 5016 UMWdf - ok
    16:37:16.0765 5016 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    16:37:16.0765 5016 Update - ok
    16:37:16.0796 5016 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    16:37:16.0796 5016 upnphost - ok
    16:37:16.0812 5016 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    16:37:16.0812 5016 UPS - ok
    16:37:16.0828 5016 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    16:37:16.0828 5016 usbaudio - ok
    16:37:16.0828 5016 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    16:37:16.0828 5016 usbccgp - ok
    16:37:16.0843 5016 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    16:37:16.0843 5016 usbehci - ok
    16:37:16.0859 5016 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    16:37:16.0859 5016 usbhub - ok
    16:37:16.0875 5016 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    16:37:16.0875 5016 usbprint - ok
    16:37:16.0875 5016 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    16:37:16.0890 5016 usbscan - ok
    16:37:16.0890 5016 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    16:37:16.0890 5016 USBSTOR - ok
    16:37:16.0906 5016 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    16:37:16.0921 5016 usbuhci - ok
    16:37:16.0953 5016 [ B4D63048D6358E7C6AB61B98B8CFF263 ] v2imount C:\WINDOWS\system32\DRIVERS\v2imount.sys
    16:37:16.0953 5016 v2imount - ok
    16:37:16.0953 5016 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    16:37:16.0953 5016 VgaSave - ok
    16:37:16.0953 5016 ViaIde - ok
    16:37:16.0984 5016 [ 4EC979B157D1AA075330362ACB5424E5 ] vncdrv C:\WINDOWS\system32\DRIVERS\vncdrv.sys
    16:37:16.0984 5016 vncdrv - ok
    16:37:17.0015 5016 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    16:37:17.0015 5016 VolSnap - ok
    16:37:17.0031 5016 [ E78781B2C86C92A0A738DF566460F716 ] VProEventMonitor C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys
    16:37:17.0031 5016 VProEventMonitor - ok
    16:37:17.0078 5016 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    16:37:17.0078 5016 VSS - ok
    16:37:17.0093 5016 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    16:37:17.0109 5016 W32Time - ok
    16:37:17.0125 5016 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    16:37:17.0125 5016 Wanarp - ok
    16:37:17.0125 5016 WDICA - ok
    16:37:17.0140 5016 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    16:37:17.0140 5016 wdmaud - ok
    16:37:17.0156 5016 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    16:37:17.0171 5016 WebClient - ok
    16:37:17.0187 5016 [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr C:\WINDOWS\system32\DRIVERS\wimfltr.sys
    16:37:17.0187 5016 WimFltr - ok
    16:37:17.0234 5016 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    16:37:17.0234 5016 winachsf - ok
    16:37:17.0281 5016 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    16:37:17.0281 5016 winmgmt - ok
    16:37:17.0312 5016 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
    16:37:17.0312 5016 WmdmPmSN - ok
    16:37:17.0343 5016 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    16:37:17.0343 5016 Wmi - ok
    16:37:17.0375 5016 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    16:37:17.0375 5016 WmiApSrv - ok
    16:37:17.0437 5016 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    16:37:17.0453 5016 WMPNetworkSvc - ok
    16:37:17.0562 5016 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    16:37:17.0562 5016 WPFFontCache_v0400 - ok
    16:37:17.0578 5016 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    16:37:17.0593 5016 WS2IFSL - ok
    16:37:17.0609 5016 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    16:37:17.0625 5016 wscsvc - ok
    16:37:17.0640 5016 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    16:37:17.0640 5016 WSTCODEC - ok
    16:37:17.0656 5016 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    16:37:17.0718 5016 wuauserv - ok
    16:37:17.0750 5016 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    16:37:17.0750 5016 WudfPf - ok
    16:37:17.0765 5016 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    16:37:17.0765 5016 WudfRd - ok
    16:37:17.0796 5016 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    16:37:17.0796 5016 WudfSvc - ok
    16:37:17.0828 5016 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    16:37:17.0843 5016 WZCSVC - ok
    16:37:17.0859 5016 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    16:37:17.0890 5016 xmlprov - ok
    16:37:17.0890 5016 ================ Scan global ===============================
    16:37:17.0921 5016 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    16:37:17.0937 5016 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    16:37:17.0953 5016 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    16:37:17.0968 5016 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    16:37:17.0984 5016 [Global] - ok
    16:37:17.0984 5016 ================ Scan MBR ==================================
    16:37:18.0000 5016 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    16:37:18.0171 5016 \Device\Harddisk0\DR0 - ok
    16:37:18.0171 5016 ================ Scan VBR ==================================
    16:37:18.0171 5016 [ 652375AF39B675BA29614A9AA893973B ] \Device\Harddisk0\DR0\Partition1
    16:37:18.0171 5016 \Device\Harddisk0\DR0\Partition1 - ok
    16:37:18.0171 5016 ============================================================
    16:37:18.0171 5016 Scan finished
    16:37:18.0171 5016 ============================================================
    16:37:18.0187 1616 Detected object count: 1
    16:37:18.0187 1616 Actual detected object count: 1
    16:37:40.0187 1616 sptd ( LockedFile.Multi.Generic ) - skipped by user
    16:37:40.0187 1616 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    16:39:03.0218 0292 Deinitialize success

  4. #4
    Member
    Join Date
    Apr 2011
    Posts
    78

    Default

    OTL logfile created on: 2/8/2013 4:40:37 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Bob\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.12% Memory free
    3.84 Gb Paging File | 3.13 Gb Available in Paging File | 81.48% Paging File free
    Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 298.04 Gb Total Space | 32.44 Gb Free Space | 10.89% Space Free | Partition Type: NTFS

    Computer Name: INSPIRON | User Name: Bob | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Bob\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
    PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
    PRC - C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
    PRC - C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (Seagate Technology LLC)
    PRC - C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC)
    PRC - C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
    PRC - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
    PRC - C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
    PRC - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
    PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
    PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
    PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
    PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
    PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
    PRC - C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe (Aquarius Soft)
    PRC - C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
    PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
    PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
    PRC - C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
    PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (InstallShield Software Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\1799a304573e4faf5a8d9223e5e4fbb0\System.Web.Services.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9fe6a89ed637863398d1f655170b8b96\System.ServiceProcess.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0c6552cb44af800ced291796ff32b748\System.ServiceModel.Routing.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8f02a194fe5bce225a63ca0587065830\System.ServiceModel.Discovery.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ab0b49150543e689844c607fe344057d\System.ServiceModel.Channels.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\db54a8a55271ac4ce8bbaa435f474ed6\System.ServiceModel.Activities.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\90aa475ae4f67c45538cede327c086aa\System.ServiceModel.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\68b0fc15aa862e54593dd85b59116998\System.Management.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\d39d7af1c84535e19dbf92d804f906a2\System.IdentityModel.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\569d22d5591f3d2d35bc64437011e919\System.Runtime.Remoting.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\6e903ce8719e50acd783f8726b11249f\System.Transactions.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f616e6911a3d461193cd0e6e003adca5\System.Runtime.DurableInstancing.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\fe0d8dda05b9d38bbb664432300b4f42\System.Runtime.Serialization.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3b7f418545abc074940776fea9ad635e\SMDiagnostics.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\7256e28382f57416b828a0cc143b67b3\System.Xaml.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\6656b6a40139beaa70de0760c02993eb\Microsoft.VisualBasic.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\12f94ec43a0160ab9ddd755b0e1be881\System.Windows.Forms.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\25884c52a01d74137ffacdb51d8f2d04\PresentationFramework.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3ca69d589c23a0be94f3858f72e7a595\PresentationCore.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\6133e360071a2fa7ba7deb483816e585\WindowsBase.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
    MOD - C:\Program Files\EaseUS\Todo Backup\bin\ExImage.dll ()
    MOD - C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll ()
    MOD - C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSize.dll ()
    MOD - C:\Program Files\EaseUS\Todo Backup\bin\TbTapeBrowse.dll ()
    MOD - C:\Program Files\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll ()
    MOD - C:\Program Files\EaseUS\Todo Backup\bin\TBFireWall.dll ()
    MOD - C:\Program Files\EaseUS\Todo Backup\bin\NASOperator.dll ()
    MOD - C:\Program Files\EaseUS\Todo Backup\bin\EnumTapeDevice.dll ()
    MOD - C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll ()
    MOD - C:\Program Files\EaseUS\Todo Backup\bin\CompressFile.dll ()
    MOD - C:\Program Files\EaseUS\Todo Backup\bin\AccountManager.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\WINDOWS\system32\quartz.dll ()
    MOD - C:\WINDOWS\system32\qdvd.dll ()
    MOD - C:\Program Files\NVIDIA Corporation\nView\nvShell.dll ()
    MOD - C:\Program Files\WinRAR\RarExt.dll ()
    MOD - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
    MOD - C:\Program Files\My Lockbox\FSPFlt.dll ()
    MOD - C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
    MOD - C:\WINDOWS\system32\xvid.ax ()
    MOD - C:\Program Files\IZArc\IZArcCM.dll ()
    MOD - C:\Program Files\Hotspot Shield\bin\libidn-11.dll ()
    MOD - C:\Program Files\Hotspot Shield\bin\libssl32.dll ()
    MOD - C:\Program Files\Hotspot Shield\bin\libeay32.dll ()
    MOD - C:\Program Files\EaseUS\Todo Backup\bin\libxml2.dll ()
    MOD - C:\WINDOWS\system32\qedit.dll ()
    MOD - C:\WINDOWS\system32\msdmo.dll ()
    MOD - C:\WINDOWS\system32\devenum.dll ()
    MOD - C:\Program Files\EaseUS\Todo Backup\bin\zlib1.dll ()
    MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()


    ========== Services (SafeList) ==========

    SRV - (stllssvr) -- File not found
    SRV - (Lavasoft Ad-Aware Service) -- File not found
    SRV - (GEARSecurity) -- File not found
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
    SRV - (Seagate Dashboard Services) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (Seagate Technology LLC)
    SRV - (Guard Agent) -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
    SRV - (EaseUS Agent) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
    SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)
    SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
    SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
    SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
    SRV - (AntUpdaterService) -- C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
    SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
    SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
    SRV - (Norton Ghost) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
    SRV - (SymSnapService) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
    SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (NLNdisPT) -- system32\DRIVERS\nlndis.sys File not found
    DRV - (NLNdisMP) -- system32\DRIVERS\nlndis.sys File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
    DRV - (i2omgmt) -- File not found
    DRV - (Changer) -- File not found
    DRV - (catchme) -- C:\DOCUME~1\ADMINI~1.INS\LOCALS~1\Temp\catchme.sys File not found
    DRV - (AvgArCln) -- System32\DRIVERS\AvgArCln.sys File not found
    DRV - (AVG Anti-Rootkit) -- System32\DRIVERS\avgarkt.sys File not found
    DRV - (asmusjx6) -- File not found
    DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
    DRV - (EUBKMON) -- C:\WINDOWS\system32\drivers\EUBKMON.sys ()
    DRV - (EUFDDISK) -- C:\WINDOWS\system32\drivers\EuFdDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
    DRV - (EUBAKUP) -- C:\WINDOWS\system32\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
    DRV - (EUDSKACS) -- C:\WINDOWS\system32\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
    DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
    DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
    DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
    DRV - (FSProFilter) -- C:\WINDOWS\system32\drivers\FSPFltd.sys (FSPro Labs)
    DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
    DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
    DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
    DRV - (TotRec7) -- C:\WINDOWS\system32\drivers\TotRec7.sys (High Criteria inc.)
    DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)
    DRV - (v2imount) -- C:\WINDOWS\system32\drivers\v2imount.sys (Symantec Corporation)
    DRV - (VProEventMonitor) -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys (Symantec Corporation)
    DRV - (symsnap) -- C:\WINDOWS\system32\drivers\symsnap.sys (StorageCraft)
    DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
    DRV - (EverestDriver) -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt ()
    DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft)
    DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
    DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
    DRV - (sonypvs1) -- C:\WINDOWS\system32\drivers\sonypvs1.sys (Sony Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchcompletion.com/?si=10211&home=1
    IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
    IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.searchcompletion.com/?si=10211&home=1
    IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com/?si=10211&home=1
    IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.searchcompletion.com/?si=10211&home=1
    IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://dl.ask.com/toolbarv/askRedirect.jsp?gct=&gc=1&q={searchTerms}&crm=1&toolbar=PLT
    IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-21-602162358-1972579041-839522115-1007\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-602162358-1972579041-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Complitly"
    FF - prefs.js..browser.search.order.1: "Blekko"
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
    FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
    FF - prefs.js..browser.search.useDBForOrder: false
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledAddons: %7B37E4D8EA-8BDA-4831-8EA1-89053939A250%7D:3.0.0.2
    FF - prefs.js..extensions.enabledAddons: %7B888d99e7-e8b5-46a3-851e-1ec45da1e644%7D:17.0.0
    FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
    FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.5
    FF - prefs.js..extensions.enabledAddons: LogMeInClient%40logmein.com:1.0.0.1007
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.664
    FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:2.4.1
    FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
    FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.4.6.2
    FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:10.0.0
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
    FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..keyword.URL: "http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=12BAD2A56E715549578C1A4FD362E733&q="
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\Bob\Local Settings\Application Data\Citrix\Plugins\79\npappdetector.dll (Citrix Online)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 06:42:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/06 06:42:28 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{4633C16E-71E6-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\Bob\Local Settings\Application Data\{4633C16E-71E6-11E1-826D-B8AC6F996F26}\ [2012/03/19 11:09:18 | 000,000,000 | ---D | M]

    [2009/01/30 07:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions
    [2009/01/30 07:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2013/02/07 09:45:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions
    [2010/04/27 12:30:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
    [2011/02/04 09:48:10 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    [2010/04/27 12:30:04 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}(2)
    [2011/02/17 10:31:26 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}(3)
    [2013/01/15 10:28:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/02/17 10:31:25 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\anttoolbar@ant(2).com
    [2013/01/16 10:29:39 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\anttoolbar@ant.com
    [2012/02/02 13:22:45 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\DTToolbar@toolbarnet.com
    [2013/01/31 05:38:22 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\LogMeInClient@logmein.com
    [2012/09/19 16:53:51 | 000,000,000 | ---D | M] (Echofon) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\twitternotifier@naan.net
    [2013/02/07 09:45:31 | 000,555,564 | ---- | M] () (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi
    [2012/12/23 10:23:12 | 000,030,502 | ---- | M] () (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
    [2012/09/05 14:43:52 | 001,268,546 | ---- | M] () (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
    [2011/12/28 17:17:20 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\searchplugins\daemon-search.xml
    [2013/02/06 06:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/02/06 06:42:09 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
    [2013/02/06 06:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\pdfforge@mybrowserbar.com
    [2013/02/06 06:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
    [2013/02/06 06:42:35 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/05/19 14:22:47 | 000,113,976 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
    [2012/04/19 14:10:00 | 000,586,040 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
    [2009/08/20 17:58:13 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
    [2011/05/19 14:22:19 | 000,172,344 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
    [2012/08/30 05:21:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/07/15 07:48:10 | 000,003,195 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Complitly.xml
    [2012/11/16 07:10:46 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - Extension: No name found = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: No name found = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: No name found = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: No name found = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: No name found = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
    CHR - Extension: No name found = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/01/19 15:34:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
    O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
    O3 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O3 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [DBAgent] C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC)
    O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
    O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
    O4 - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [rfagent] C:\Junk Non-Backup\Registry First Aid Move\RFA\rfagent.exe (KsL Software)
    O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [\\UPSTAIRS_PRECIS\EPSON NX110 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBA.EXE (SEIKO EPSON CORPORATION)
    O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
    O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
    O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
    O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [Uploader] C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
    O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
    O4 - Startup: C:\Documents and Settings\Bob\Start Menu\Programs\Startup\Aquarius Soft PC Alarm Clock Pro.lnk = C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe (Aquarius Soft)
    O4 - Startup: C:\Documents and Settings\Bob\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Documents and Settings\Bob\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - Reg Error: Value error. File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab (QuickTime Plugin Control)
    O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} https://secure.logmeinrescue.com/Tec...cueControl.cab (LogMeIn Rescue Technician Console)
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
    O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} https://secure.logmein.com/activex/RACtrl.cab (Remote Access ActiveX Client)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1349819256953 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pu...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F50389D-8DEA-49E5-9593-FA09ACC3563A}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F50389D-8DEA-49E5-9593-FA09ACC3563A}: NameServer = 74.40.74.40,74.40.74.41
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop WallPaper: C:\WINDOWS\Santa Fe Stucco.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Santa Fe Stucco.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/08/21 13:10:11 | 000,000,000 | ---D | M] - C:\Auto Repair -- [ NTFS ]
    O32 - AutoRun File - [2008/01/12 21:22:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/08 16:39:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe
    [2013/02/08 16:36:40 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Bob\Desktop\tdsskiller.exe
    [2013/02/07 22:19:18 | 016,365,936 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
    [2013/02/06 06:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/01/24 08:51:11 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2013/01/24 08:51:11 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2013/01/24 08:51:11 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/01/24 08:50:50 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2013/01/24 06:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\McAfee
    [2013/01/22 10:52:08 | 000,000,000 | ---D | C] -- C:\THD
    [2013/01/21 10:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\My Kindle Content
    [2013/01/21 10:32:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Start Menu\Programs\Amazon
    [2013/01/21 10:32:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Local Settings\Application Data\Amazon
    [2013/01/21 10:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
    [2013/01/19 16:00:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2013/01/19 15:35:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2013/01/15 10:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\dwhelper
    [2013/01/13 18:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8
    [2013/01/11 15:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Start Menu\Programs\Revo Uninstaller
    [2008/05/15 10:40:56 | 000,557,056 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Bob\GoToAssist_phone__317_en.exe
    [5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/02/08 16:39:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe
    [2013/02/08 16:36:43 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Bob\Desktop\tdsskiller.exe
    [2013/02/08 16:30:22 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1FF685FF-AF79-4E0B-A492-555956BF9C7C}.job
    [2013/02/08 16:19:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/02/08 15:46:47 | 000,101,888 | ---- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/02/08 04:51:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/02/08 04:49:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/02/07 22:19:45 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/02/07 22:19:45 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/02/07 22:19:26 | 016,365,936 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
    [2013/02/02 18:25:07 | 001,097,433 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\TSperform.pdf
    [2013/01/30 10:32:08 | 000,000,163 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\TS Gotchas.url
    [2013/01/29 18:15:55 | 000,105,016 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Bob\Desktop\g2m_download.exe
    [2013/01/29 14:02:43 | 000,000,163 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\TradeStation Forum - Blocking trades after a loser..url
    [2013/01/28 18:59:59 | 000,006,198 | ---- | M] () -- C:\130129.html
    [2013/01/28 18:59:24 | 000,006,198 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\130129.html
    [2013/01/27 05:50:31 | 000,000,556 | ---- | M] () -- C:\WINDOWS\tasks\Bob.job
    [2013/01/26 05:30:52 | 000,000,568 | ---- | M] () -- C:\WINDOWS\tasks\Bob Merge.job
    [2013/01/24 15:33:01 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
    [2013/01/23 18:02:32 | 000,000,334 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Malware Removal - Safer-Networking Forums.URL
    [2013/01/22 17:47:11 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
    [2013/01/22 15:01:46 | 000,000,258 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\TradersHelpDesk Videos.URL
    [2013/01/21 10:32:45 | 000,001,679 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Kindle.lnk
    [2013/01/20 00:30:56 | 000,004,096 | -HS- | M] () -- C:\{CAF53BCB-6014-4F5E-A49F-710FDD75DCF9}.CBM
    [2013/01/19 21:54:27 | 000,306,176 | -HS- | M] () -- C:\EUMONBMP.SYS
    [2013/01/19 18:23:58 | 000,249,385 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\VolumeAnalysis.pdf
    [2013/01/19 15:34:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2013/01/19 11:28:19 | 000,000,257 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Day Traders -- Price, Volume and low Risk (Los Angeles, CA) - Meetup.URL
    [2013/01/15 14:56:11 | 000,000,319 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\New Guy Question = Difference between Buy Ask and Buy Bid - NinjaTrader.URL
    [2013/01/14 05:56:15 | 000,199,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/01/13 18:00:03 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk
    [2013/01/12 03:30:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2013/01/11 15:49:34 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Revo Uninstaller.lnk
    [2013/01/11 11:31:34 | 000,000,258 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\U of M Residences.URL
    [2013/01/09 18:37:41 | 000,000,300 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Rob Hoffman Videos Dwnld.URL
    [5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/02/02 18:25:03 | 001,097,433 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\TSperform.pdf
    [2013/01/30 10:32:08 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\TS Gotchas.url
    [2013/01/29 14:02:43 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\TradeStation Forum - Blocking trades after a loser..url
    [2013/01/29 05:35:47 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
    [2013/01/28 18:59:59 | 000,006,198 | ---- | C] () -- C:\130129.html
    [2013/01/28 18:59:23 | 000,006,198 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\130129.html
    [2013/01/22 15:01:46 | 000,000,258 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\TradersHelpDesk Videos.URL
    [2013/01/21 10:32:45 | 000,001,679 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Kindle.lnk
    [2013/01/20 00:30:56 | 000,004,096 | -HS- | C] () -- C:\{CAF53BCB-6014-4F5E-A49F-710FDD75DCF9}.CBM
    [2013/01/19 20:49:13 | 000,000,334 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Malware Removal - Safer-Networking Forums.URL
    [2013/01/19 18:23:56 | 000,249,385 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\VolumeAnalysis.pdf
    [2013/01/19 11:28:19 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Day Traders -- Price, Volume and low Risk (Los Angeles, CA) - Meetup.URL
    [2013/01/15 14:56:11 | 000,000,319 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\New Guy Question = Difference between Buy Ask and Buy Bid - NinjaTrader.URL
    [2013/01/13 18:00:03 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk
    [2013/01/11 11:31:34 | 000,000,258 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\U of M Residences.URL
    [2013/01/09 18:37:41 | 000,000,300 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Rob Hoffman Videos Dwnld.URL
    [2012/11/21 18:24:36 | 000,017,420 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2012/10/11 06:31:15 | 000,040,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
    [2012/08/29 21:07:36 | 000,161,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-602162358-1972579041-839522115-1003-0.dat
    [2012/08/29 21:07:32 | 000,111,122 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2012/08/10 09:38:04 | 000,000,007 | RH-- | C] () -- C:\Documents and Settings\Bob\hwid
    [2012/03/25 10:13:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/03/25 10:13:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/03/25 10:13:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/03/25 10:13:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/03/25 10:13:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/02/16 10:24:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/31 18:58:57 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
    [2011/11/12 08:08:18 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/11/09 06:17:31 | 000,001,112 | ---- | C] () -- C:\Documents and Settings\Bob\CPI.csv
    [2011/09/21 09:30:00 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2011/08/30 05:44:34 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
    [2011/07/29 15:53:33 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2011/07/29 15:53:33 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2011/07/29 15:53:33 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2011/07/27 10:10:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
    [2011/07/24 05:38:55 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
    [2011/06/11 07:58:57 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
    [2011/06/11 07:58:57 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
    [2011/06/08 22:12:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\NtDirect.dll
    [2011/05/24 22:44:26 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
    [2011/05/21 05:01:00 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
    [2011/04/14 08:55:47 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\1.gif
    [2011/04/04 07:27:25 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19914548r
    [2011/04/04 07:27:25 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19914548
    [2011/03/07 06:33:12 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\mainhst.zgh
    [2011/01/21 11:44:39 | 000,000,107 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
    [2009/10/03 10:43:23 | 008,410,624 | ---- | C] () -- C:\Program Files\HTML Guardian 7.msi
    [2009/08/23 09:44:01 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\PUTTY.RND
    [2009/04/29 05:51:16 | 000,006,059 | ---- | C] () -- C:\Documents and Settings\Bob\r
    [2009/01/17 09:07:58 | 012,124,160 | ---- | C] () -- C:\Documents and Settings\Bob\ntuser.bak
    [2008/01/19 09:18:52 | 000,001,315 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\SAS7_000.DAT
    [2008/01/14 09:55:30 | 000,001,292 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\FASTWiz.html
    [2008/01/13 12:58:29 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
    [2008/01/13 12:41:40 | 000,101,888 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/01/13 12:21:42 | 000,000,083 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib

    ========== ZeroAccess Check ==========

    [2008/03/18 09:34:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2011/11/01 14:35:20 | 001,510,400 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    OTL Extras logfile created on: 4/8/2011 6:27:40 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Bob\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 298.04 Gb Total Space | 41.84 Gb Free Space | 14.04% Space Free | Partition Type: NTFS

    Computer Name: INSPIRON | User Name: Bob | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

  5. #5
    Member
    Join Date
    Apr 2011
    Posts
    78

    Default

    OTL.txt file continued

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\Winword.exe" /n ()
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
    "2799:UDP" = 2799:UDP:*:Enabled:Altova License Metering Port (UDP)
    "2799:TCP" = 2799:TCP:*:Enabled:Altova License Metering Port (TCP)

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
    "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
    "C:\Program Files\1stWORKS\hotCommCL\BIN\HotComm.exe" = C:\Program Files\1stWORKS\hotCommCL\BIN\HotComm.exe:*:Enabled:hotComm CL Client -- (1stWorks Corporation)
    "C:\Program Files\NinjaTrader 6\bin\NinjaTrader.exe" = C:\Program Files\NinjaTrader 6\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
    "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe" = C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
    "C:\Program Files\NinjaTrader 7\bin\NinjaTrader.exe" = C:\Program Files\NinjaTrader 7\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application -- (NinjaTrader LLC, http://www.ninjatrader.com)
    "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
    "C:\DOCUME~1\Bob\LOCALS~1\Temp\ex132np1.exe" = C:\DOCUME~1\Bob\LOCALS~1\Temp\ex132np1.exe:*:Enabled:ldrsoft
    "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:ldrsoft -- (Microsoft Corporation)
    "C:\Documents and Settings\Bob\Application Data\ynafzasdaxazdvquptrju3hcert2xtb2\csrss.exe" = C:\Documents and Settings\Bob\Application Data\ynafzasdaxazdvquptrju3hcert2xtb2\csrss.exe:*:Enabled:ldrsoft -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony
    "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
    "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 17
    "{3420C6C3-2A57-434E-97EB-513FE3038157}" = HTML Guardian 7
    "{34A86A48-1225-419B-94B2-3A0548786ECD}" = ActiveState Komodo Edit 5.2.4
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
    "{4360BB46-507E-4361-8DCB-4FF9BDC9907B}" = SnagIt 7
    "{4475560E-9418-4908-A158-472D873AE139}" = LogMeIn
    "{4F04D584-09FC-4CB4-88D1-7D176C0031DB}" = Imagination Image Map Editor
    "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
    "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.0 beta 1
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
    "{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
    "{B0255743-165B-4BD5-8DA8-37DFB9930014}" = Norton Ghost
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C9583F63-78C9-46B8-8A31-38010645234F}" = NinjaTrader 7
    "{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 1.0
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
    "{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
    "{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6.3
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "ActiveTouchMeetingClient" = WebEx
    "Ad-Aware" = Ad-Aware
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe SVG Viewer" = Adobe SVG Viewer 3.0
    "AnyDVD" = AnyDVD
    "AVG9Uninstall" = AVG Free 9.0
    "CloneCD" = CloneCD
    "CloneDVD2" = CloneDVD2
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
    "DAEMON Tools Toolbar" = DAEMON Tools Toolbar
    "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
    "DMX5_is1" = DriverMax 5
    "DriverAgent.exe" = DriverAgent by eSupport.com
    "EPSON Printer and Utilities" = EPSON Printer Software
    "EPSON Scanner" = EPSON Scan
    "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
    "Example2" = Stickynotes
    "FileZilla Client" = FileZilla Client 3.4.0
    "FlashPile.com Video Decompiler_is1" = FlashPile.com Video Decompiler 1.0.0.7
    "GIF Animator" = Microsoft GIF Animator
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "hotComm® CL" = hotComm® CL
    "ie8" = Windows Internet Explorer 8
    "ImgBurn" = ImgBurn
    "Macro Express 3" = Macro Express 3
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "My Lockbox_is1" = My Lockbox 2.4.17
    "Office8.0" = Microsoft Office 97, Professional Edition
    "OpenDNS Updater" = OpenDNS Updater 2.2.1
    "Prism" = Prism Video Converter
    "Revo Uninstaller" = Revo Uninstaller 1.83
    "Silent Package Run-Time Sample" = EPSON CX 3800 Guide
    "Smart Defrag_is1" = Smart Defrag
    "TotalRecorder" = Total Recorder 7.1
    "VideoPad" = VideoPad Video Editor
    "VLC media player" = VLC media player 1.1.7
    "WebSite eXtractor" = WebSite eXtractor
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Xvid_is1" = Xvid 1.2.2 final uninstall

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 4.5.0.457
    "Pixie" = Pixie 3.1 (remove only)
    "Rockwell Trading Plan Generator V0.91" = Rockwell Trading Plan Generator V0.91

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/6/2011 3:38:29 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application mylbx.exe, version 2.4.17.307, faulting module
    mylbx.exe, version 2.4.17.307, fault address 0x002d448a.

    Error - 4/6/2011 3:38:33 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application mylbx.exe, version 2.4.17.307, faulting module
    mylbx.exe, version 2.4.17.307, fault address 0x002d448a.

    Error - 4/6/2011 3:38:42 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application mylbx.exe, version 2.4.17.307, faulting module
    mylbx.exe, version 2.4.17.307, fault address 0x002d448a.

    Error - 4/6/2011 7:12:09 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 4/6/2011 7:13:15 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 4/7/2011 8:51:42 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 4/7/2011 8:52:26 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 4/7/2011 8:52:59 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 4/7/2011 8:53:43 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 4/7/2011 8:54:35 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    [ Application Events ]
    Error - 4/6/2011 3:38:29 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application mylbx.exe, version 2.4.17.307, faulting module
    mylbx.exe, version 2.4.17.307, fault address 0x002d448a.

    Error - 4/6/2011 3:38:33 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application mylbx.exe, version 2.4.17.307, faulting module
    mylbx.exe, version 2.4.17.307, fault address 0x002d448a.

    Error - 4/6/2011 3:38:42 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application mylbx.exe, version 2.4.17.307, faulting module
    mylbx.exe, version 2.4.17.307, fault address 0x002d448a.

    Error - 4/6/2011 7:12:09 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 4/6/2011 7:13:15 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 4/7/2011 8:51:42 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 4/7/2011 8:52:26 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 4/7/2011 8:52:59 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 4/7/2011 8:53:43 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 4/7/2011 8:54:35 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    [ System Events ]
    Error - 4/6/2011 3:47:02 PM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
    Description = The Lavasoft Ad-Aware Service service failed to start due to the following
    error: %%3

    Error - 4/6/2011 3:47:03 PM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AVG Anti-Rootkit AvgArCln Lbd

    Error - 4/6/2011 7:17:35 PM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
    Description = The Lavasoft Ad-Aware Service service failed to start due to the following
    error: %%3

    Error - 4/6/2011 7:17:37 PM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AVG Anti-Rootkit AvgArCln Lbd

    Error - 4/7/2011 6:58:19 AM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
    Description = The Lavasoft Ad-Aware Service service failed to start due to the following
    error: %%3

    Error - 4/7/2011 6:58:20 AM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AVG Anti-Rootkit AvgArCln Lbd

    Error - 4/8/2011 6:50:51 AM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
    Description = The Lavasoft Ad-Aware Service service failed to start due to the following
    error: %%3

    Error - 4/8/2011 6:50:53 AM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AVG Anti-Rootkit AvgArCln Lbd

    Error - 4/8/2011 10:37:03 AM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
    Description = The Lavasoft Ad-Aware Service service failed to start due to the following
    error: %%3

    Error - 4/8/2011 10:37:08 AM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AVG Anti-Rootkit AvgArCln Lbd


    < End of report >

  6. #6
    Member
    Join Date
    Apr 2011
    Posts
    78

    Default

    Extras.txt file

    ~!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    OTL Extras logfile created on: 4/8/2011 6:27:40 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Bob\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 298.04 Gb Total Space | 41.84 Gb Free Space | 14.04% Space Free | Partition Type: NTFS

    Computer Name: INSPIRON | User Name: Bob | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\Winword.exe" /n ()
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
    "2799:UDP" = 2799:UDP:*:Enabled:Altova License Metering Port (UDP)
    "2799:TCP" = 2799:TCP:*:Enabled:Altova License Metering Port (TCP)

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
    "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
    "C:\Program Files\1stWORKS\hotCommCL\BIN\HotComm.exe" = C:\Program Files\1stWORKS\hotCommCL\BIN\HotComm.exe:*:Enabled:hotComm CL Client -- (1stWorks Corporation)
    "C:\Program Files\NinjaTrader 6\bin\NinjaTrader.exe" = C:\Program Files\NinjaTrader 6\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
    "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe" = C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
    "C:\Program Files\NinjaTrader 7\bin\NinjaTrader.exe" = C:\Program Files\NinjaTrader 7\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application -- (NinjaTrader LLC, http://www.ninjatrader.com)
    "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
    "C:\DOCUME~1\Bob\LOCALS~1\Temp\ex132np1.exe" = C:\DOCUME~1\Bob\LOCALS~1\Temp\ex132np1.exe:*:Enabled:ldrsoft
    "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:ldrsoft -- (Microsoft Corporation)
    "C:\Documents and Settings\Bob\Application Data\ynafzasdaxazdvquptrju3hcert2xtb2\csrss.exe" = C:\Documents and Settings\Bob\Application Data\ynafzasdaxazdvquptrju3hcert2xtb2\csrss.exe:*:Enabled:ldrsoft -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony
    "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
    "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 17
    "{3420C6C3-2A57-434E-97EB-513FE3038157}" = HTML Guardian 7
    "{34A86A48-1225-419B-94B2-3A0548786ECD}" = ActiveState Komodo Edit 5.2.4
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
    "{4360BB46-507E-4361-8DCB-4FF9BDC9907B}" = SnagIt 7
    "{4475560E-9418-4908-A158-472D873AE139}" = LogMeIn
    "{4F04D584-09FC-4CB4-88D1-7D176C0031DB}" = Imagination Image Map Editor
    "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
    "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.0 beta 1
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
    "{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
    "{B0255743-165B-4BD5-8DA8-37DFB9930014}" = Norton Ghost
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C9583F63-78C9-46B8-8A31-38010645234F}" = NinjaTrader 7
    "{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 1.0
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
    "{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
    "{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6.3
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "ActiveTouchMeetingClient" = WebEx
    "Ad-Aware" = Ad-Aware
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe SVG Viewer" = Adobe SVG Viewer 3.0
    "AnyDVD" = AnyDVD
    "AVG9Uninstall" = AVG Free 9.0
    "CloneCD" = CloneCD
    "CloneDVD2" = CloneDVD2
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
    "DAEMON Tools Toolbar" = DAEMON Tools Toolbar
    "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
    "DMX5_is1" = DriverMax 5
    "DriverAgent.exe" = DriverAgent by eSupport.com
    "EPSON Printer and Utilities" = EPSON Printer Software
    "EPSON Scanner" = EPSON Scan
    "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
    "Example2" = Stickynotes
    "FileZilla Client" = FileZilla Client 3.4.0
    "FlashPile.com Video Decompiler_is1" = FlashPile.com Video Decompiler 1.0.0.7
    "GIF Animator" = Microsoft GIF Animator
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "hotComm® CL" = hotComm® CL
    "ie8" = Windows Internet Explorer 8
    "ImgBurn" = ImgBurn
    "Macro Express 3" = Macro Express 3
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "My Lockbox_is1" = My Lockbox 2.4.17
    "Office8.0" = Microsoft Office 97, Professional Edition
    "OpenDNS Updater" = OpenDNS Updater 2.2.1
    "Prism" = Prism Video Converter
    "Revo Uninstaller" = Revo Uninstaller 1.83
    "Silent Package Run-Time Sample" = EPSON CX 3800 Guide
    "Smart Defrag_is1" = Smart Defrag
    "TotalRecorder" = Total Recorder 7.1
    "VideoPad" = VideoPad Video Editor
    "VLC media player" = VLC media player 1.1.7
    "WebSite eXtractor" = WebSite eXtractor
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Xvid_is1" = Xvid 1.2.2 final uninstall

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 4.5.0.457
    "Pixie" = Pixie 3.1 (remove only)
    "Rockwell Trading Plan Generator V0.91" = Rockwell Trading Plan Generator V0.91

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/6/2011 3:38:29 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application mylbx.exe, version 2.4.17.307, faulting module
    mylbx.exe, version 2.4.17.307, fault address 0x002d448a.

    Error - 4/6/2011 3:38:33 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application mylbx.exe, version 2.4.17.307, faulting module
    mylbx.exe, version 2.4.17.307, fault address 0x002d448a.

    Error - 4/6/2011 3:38:42 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application mylbx.exe, version 2.4.17.307, faulting module
    mylbx.exe, version 2.4.17.307, fault address 0x002d448a.

    Error - 4/6/2011 7:12:09 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 4/6/2011 7:13:15 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 4/7/2011 8:51:42 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 4/7/2011 8:52:26 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 4/7/2011 8:52:59 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 4/7/2011 8:53:43 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 4/7/2011 8:54:35 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    [ Application Events ]
    Error - 4/6/2011 3:38:29 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application mylbx.exe, version 2.4.17.307, faulting module
    mylbx.exe, version 2.4.17.307, fault address 0x002d448a.

    Error - 4/6/2011 3:38:33 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application mylbx.exe, version 2.4.17.307, faulting module
    mylbx.exe, version 2.4.17.307, fault address 0x002d448a.

    Error - 4/6/2011 3:38:42 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application mylbx.exe, version 2.4.17.307, faulting module
    mylbx.exe, version 2.4.17.307, fault address 0x002d448a.

    Error - 4/6/2011 7:12:09 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 4/6/2011 7:13:15 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 4/7/2011 8:51:42 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 4/7/2011 8:52:26 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 4/7/2011 8:52:59 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 4/7/2011 8:53:43 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 4/7/2011 8:54:35 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    [ System Events ]
    Error - 4/6/2011 3:47:02 PM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
    Description = The Lavasoft Ad-Aware Service service failed to start due to the following
    error: %%3

    Error - 4/6/2011 3:47:03 PM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AVG Anti-Rootkit AvgArCln Lbd

    Error - 4/6/2011 7:17:35 PM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
    Description = The Lavasoft Ad-Aware Service service failed to start due to the following
    error: %%3

    Error - 4/6/2011 7:17:37 PM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AVG Anti-Rootkit AvgArCln Lbd

    Error - 4/7/2011 6:58:19 AM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
    Description = The Lavasoft Ad-Aware Service service failed to start due to the following
    error: %%3

    Error - 4/7/2011 6:58:20 AM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AVG Anti-Rootkit AvgArCln Lbd

    Error - 4/8/2011 6:50:51 AM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
    Description = The Lavasoft Ad-Aware Service service failed to start due to the following
    error: %%3

    Error - 4/8/2011 6:50:53 AM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AVG Anti-Rootkit AvgArCln Lbd

    Error - 4/8/2011 10:37:03 AM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
    Description = The Lavasoft Ad-Aware Service service failed to start due to the following
    error: %%3

    Error - 4/8/2011 10:37:08 AM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AVG Anti-Rootkit AvgArCln Lbd


    < End of report >

  7. #7
    Senior Member
    Join Date
    Jun 2012
    Location
    Malaysia
    Posts
    121

    Default

    Hi savanna :


    1. Spybot Forum Policy Notification

    P2P Warning!
    IMPORTANT There are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
    LimeWire
    Please note whenever you use any form of P2P networking to download files you can anticipate infestations of malware to occur.
    P2P file sharing used to be fairly safe. This is no longer true...continue to use P2P sharing ...at your own risk! Keep in mind that this practice may be the source of your current malware infestation.

    As long as you have the P2P program(s) installed, per Spybot Forum Policy: File Sharing, otherwise known as Peer To Peer. (P2P), I can offer you no further assistance.

    I strongly recommend that you uninstall:
    LimeWire


    However, that choice is up to you.
    If you choose NOT to remove these programs...indicate that in your next reply.



    2. CKScanner
    • Please download CKScanner from Here
    • Important: - Save it to your desktop.
    • Double click CKScanner.exe then click Search For Files.
    • After a very short time, when the cursor hourglass disappears, click Save List To File.
    • A message box will verify the file saved. Please Run the program only once.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.



    3. Online Multi Antivirus file scan
    Please go to Virus Total and upload -only one file per scan- the following file(s) for scanning:

    C:\DOCUME~1\Bob\LOCALS~1\Temp\ex132np1.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Bob\Application Data\ynafzasdaxazdvquptrju3hcert2xtb2\csrss.exe

    1. Please copy... the above full path and file name(s)...
    2. Press the choose file button and paste the copied name into the "File name:" text box... then press Open.
      The file name should now appear in the online scanner's text entry box.
    3. Click on Scan it...button.
    4. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
      • If you receive the message: File has already been analysed:
        Please press the Reanalyse file now button, so your file will be scanned.
    5. Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
      Example of web address :
    6. Please repeat this procedure for each file listed above.
    7. Paste the permalink (web address) of all the Virus Total results in your next reply.



    4. Please tell me, is this computer used for business or connected to a business network?
    Please read: http://forums.spybot.info/showpost.p...12&postcount=5


    I am very sorry to tell you that I might reply a bit slower than usual these few days because after a few hours, I am going to celebrate Chinese New Year with my family.
    I will spare most of my time with my family and friends. I am sorry.


    Happy Chinese New Year,
    torreattack
    Graduate of Malware Removal University, - You too could train to help others

  8. #8
    Member
    Join Date
    Apr 2011
    Posts
    78

    Default

    I do not have LimeWire installed on this computer. I might have been on there a long time ago, but I cannot find it via "Add Remove Programs". I manually deleted its folder in the Program Folders directory.

    Of the 3 files that you asked me to scan with Virus Total, I could only find one. I even tried the explorer search function, but they didn't show up. Here is the Virus Total link for the "C:\WINDOWS\explorer.exe" file:
    https://www.virustotal.com/file/1e67...is/1360432328/

    This computer is used not used for business - only personal.

    Below are the scan results for CKScanner.

    I wish you a happy Chinese New Year, and thank you very much for your help.

    CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
    scanner sequence 3.MN.11.WQABWU
    ----- EOF -----

  9. #9
    Senior Member
    Join Date
    Jun 2012
    Location
    Malaysia
    Posts
    121

    Default

    Hi savanna:

    Thanks for removing the P2P software and your greeting.

    Don't worry for those files that can't be found, they might be hiding or just some leftover, we will deal with them later.

    1. How many times have you actually run CKScanner, the instructions state to run it just once unless asked to run it again?

    thanks,
    torreattack
    Graduate of Malware Removal University, - You too could train to help others

  10. #10
    Member
    Join Date
    Apr 2011
    Posts
    78

    Default

    I'm sorry. I assumed those files were supposed to be removed, but I see now that they were not. There were only a couple of them in there. I'll pay better attention to your instructions next time.

    What should I do next?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •