Solved Blue screen virus

14:37:18.0091 3212 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
14:37:18.0309 3212 ============================================================
14:37:18.0309 3212 Current date / time: 2012/02/06 14:37:18.0309
14:37:18.0309 3212 SystemInfo:
14:37:18.0309 3212
14:37:18.0309 3212 OS Version: 5.1.2600 ServicePack: 2.0
14:37:18.0309 3212 Product type: Workstation
14:37:18.0309 3212 ComputerName: GLB-RPICON-02
14:37:18.0309 3212 UserName: rpicon
14:37:18.0309 3212 Windows directory: C:\WINDOWS
14:37:18.0309 3212 System windows directory: C:\WINDOWS
14:37:18.0309 3212 Processor architecture: Intel x86
14:37:18.0309 3212 Number of processors: 2
14:37:18.0309 3212 Page size: 0x1000
14:37:18.0309 3212 Boot type: Normal boot
14:37:18.0309 3212 ============================================================
14:37:18.0668 3212 Drive \Device\Harddisk0\DR0 - Size: 0x2540900000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:37:18.0668 3212 \Device\Harddisk0\DR0:
14:37:18.0668 3212 MBR used
14:37:18.0668 3212 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0xD92C09F
14:37:18.0668 3212 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xD93FA64, BlocksNum 0x49EC399
14:37:18.0808 3212 Initialize success
14:37:18.0808 3212 ============================================================
14:37:24.0000 4012 ============================================================
14:37:24.0000 4012 Scan started
14:37:24.0000 4012 Mode: Manual;
14:37:24.0000 4012 ============================================================
14:37:24.0671 4012 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
14:37:24.0671 4012 Aavmker4 - ok
14:37:24.0686 4012 Abiosdsk - ok
14:37:24.0826 4012 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:37:24.0826 4012 abp480n5 - ok
14:37:24.0936 4012 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:37:24.0936 4012 ACPI - ok
14:37:24.0982 4012 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:37:24.0982 4012 ACPIEC - ok
14:37:24.0998 4012 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:37:24.0998 4012 adpu160m - ok
14:37:25.0029 4012 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
14:37:25.0045 4012 aec - ok
14:37:25.0060 4012 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
14:37:25.0060 4012 AFD - ok
14:37:25.0076 4012 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:37:25.0076 4012 agp440 - ok
14:37:25.0092 4012 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:37:25.0092 4012 agpCPQ - ok
14:37:25.0123 4012 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:37:25.0123 4012 Aha154x - ok
14:37:25.0138 4012 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:37:25.0138 4012 aic78u2 - ok
14:37:25.0154 4012 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:37:25.0154 4012 aic78xx - ok
14:37:25.0169 4012 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
14:37:25.0169 4012 AliIde - ok
14:37:25.0185 4012 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:37:25.0201 4012 alim1541 - ok
14:37:25.0310 4012 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:37:25.0310 4012 amdagp - ok
14:37:25.0325 4012 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
14:37:25.0325 4012 amsint - ok
14:37:25.0357 4012 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:37:25.0357 4012 Arp1394 - ok
14:37:25.0372 4012 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
14:37:25.0372 4012 asc - ok
14:37:25.0419 4012 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:37:25.0419 4012 asc3350p - ok
14:37:25.0435 4012 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:37:25.0435 4012 asc3550 - ok
14:37:25.0481 4012 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
14:37:25.0481 4012 ASCTRM - ok
14:37:25.0559 4012 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
14:37:25.0559 4012 aswFsBlk - ok
14:37:25.0575 4012 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
14:37:25.0575 4012 aswMon2 - ok
14:37:25.0590 4012 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
14:37:25.0590 4012 aswRdr - ok
14:37:25.0606 4012 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
14:37:25.0622 4012 aswSP - ok
14:37:25.0637 4012 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
14:37:25.0637 4012 aswTdi - ok
14:37:25.0668 4012 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:37:25.0668 4012 AsyncMac - ok
14:37:25.0715 4012 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:37:25.0715 4012 atapi - ok
14:37:25.0715 4012 Atdisk - ok
14:37:25.0762 4012 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:37:25.0762 4012 Atmarpc - ok
14:37:25.0793 4012 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:37:25.0793 4012 audstub - ok
14:37:25.0824 4012 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:37:25.0824 4012 Beep - ok
14:37:25.0965 4012 catchme - ok
14:37:26.0011 4012 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:37:26.0011 4012 cbidf - ok
14:37:26.0011 4012 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:37:26.0011 4012 cbidf2k - ok
14:37:26.0043 4012 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:37:26.0043 4012 cd20xrnt - ok
14:37:26.0043 4012 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:37:26.0043 4012 Cdaudio - ok
14:37:26.0058 4012 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
14:37:26.0058 4012 Cdfs - ok
14:37:26.0089 4012 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:37:26.0089 4012 Cdrom - ok
14:37:26.0136 4012 Changer - ok
14:37:26.0167 4012 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:37:26.0167 4012 CmdIde - ok
14:37:26.0183 4012 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:37:26.0183 4012 Compbatt - ok
14:37:26.0198 4012 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:37:26.0214 4012 Cpqarray - ok
14:37:26.0230 4012 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:37:26.0230 4012 dac2w2k - ok
14:37:26.0261 4012 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:37:26.0261 4012 dac960nt - ok
14:37:26.0276 4012 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:26.0276 4012 Disk - ok
14:37:26.0323 4012 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
14:37:26.0323 4012 DLABOIOM - ok
14:37:26.0323 4012 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
14:37:26.0323 4012 DLACDBHM - ok
14:37:26.0339 4012 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
14:37:26.0339 4012 DLADResN - ok
14:37:26.0370 4012 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
14:37:26.0370 4012 DLAIFS_M - ok
14:37:26.0386 4012 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
14:37:26.0386 4012 DLAOPIOM - ok
14:37:26.0417 4012 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
14:37:26.0417 4012 DLAPoolM - ok
14:37:26.0432 4012 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
14:37:26.0432 4012 DLARTL_N - ok
14:37:26.0479 4012 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
14:37:26.0479 4012 DLAUDFAM - ok
14:37:26.0495 4012 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
14:37:26.0495 4012 DLAUDF_M - ok
14:37:26.0541 4012 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
14:37:26.0541 4012 dmboot - ok
14:37:26.0573 4012 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
14:37:26.0573 4012 dmio - ok
14:37:26.0573 4012 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:37:26.0573 4012 dmload - ok
14:37:26.0635 4012 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
14:37:26.0635 4012 DMusic - ok
14:37:26.0651 4012 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:37:26.0651 4012 dpti2o - ok
14:37:26.0666 4012 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
14:37:26.0666 4012 drmkaud - ok
14:37:26.0682 4012 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
14:37:26.0682 4012 DRVMCDB - ok
14:37:26.0682 4012 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
14:37:26.0682 4012 DRVNDDM - ok
14:37:26.0713 4012 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:37:26.0713 4012 E100B - ok
14:37:26.0729 4012 e1express (5b75bbf89d8341f424171df7ad9dc465) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
14:37:26.0729 4012 e1express - ok
14:37:26.0744 4012 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
14:37:26.0744 4012 Fastfat - ok
14:37:26.0760 4012 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:37:26.0760 4012 Fdc - ok
14:37:26.0791 4012 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
14:37:26.0791 4012 Fips - ok
14:37:26.0807 4012 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:37:26.0807 4012 Flpydisk - ok
14:37:26.0853 4012 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:37:26.0853 4012 FltMgr - ok
14:37:26.0869 4012 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:37:26.0869 4012 Fs_Rec - ok
14:37:26.0884 4012 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:37:26.0884 4012 Ftdisk - ok
14:37:26.0916 4012 GearAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\drivers\GearAspiWDM.sys
14:37:26.0916 4012 GearAspiWDM - ok
14:37:26.0931 4012 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:37:26.0931 4012 Gpc - ok
14:37:26.0931 4012 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:37:26.0931 4012 HDAudBus - ok
14:37:26.0962 4012 HidBatt (13c0d55da4b7148ef980e130b85d9f2c) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
14:37:26.0962 4012 HidBatt - ok
14:37:27.0009 4012 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:37:27.0009 4012 HidUsb - ok
14:37:27.0040 4012 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
14:37:27.0040 4012 hpn - ok
14:37:27.0087 4012 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:37:27.0087 4012 HPZius12 - ok
14:37:27.0118 4012 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
14:37:27.0134 4012 HTTP - ok
14:37:27.0134 4012 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:37:27.0134 4012 i2omgmt - ok
14:37:27.0150 4012 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:37:27.0150 4012 i2omp - ok
14:37:27.0181 4012 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:37:27.0181 4012 i8042prt - ok
14:37:27.0212 4012 iastor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys
14:37:27.0212 4012 iastor - ok
14:37:27.0243 4012 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:37:27.0243 4012 Imapi - ok
14:37:27.0259 4012 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:37:27.0259 4012 ini910u - ok
14:37:27.0274 4012 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:37:27.0274 4012 IntelIde - ok
14:37:27.0290 4012 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:37:27.0290 4012 intelppm - ok
14:37:27.0321 4012 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:37:27.0321 4012 Ip6Fw - ok
14:37:27.0352 4012 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:37:27.0352 4012 IpFilterDriver - ok
14:37:27.0368 4012 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:37:27.0368 4012 IpInIp - ok
14:37:27.0493 4012 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:37:27.0493 4012 IpNat - ok
14:37:27.0570 4012 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:37:27.0570 4012 IPSec - ok
14:37:27.0617 4012 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:37:27.0617 4012 IRENUM - ok
14:37:27.0633 4012 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:37:27.0633 4012 isapnp - ok
14:37:27.0648 4012 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:37:27.0664 4012 Kbdclass - ok
14:37:27.0695 4012 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:37:27.0695 4012 kbdhid - ok
14:37:27.0726 4012 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
14:37:27.0726 4012 kmixer - ok
14:37:27.0742 4012 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
14:37:27.0742 4012 KSecDD - ok
14:37:27.0742 4012 Lbd - ok
14:37:27.0773 4012 LBeepKE (ac3b39817bfde9735f5654468dbf7d49) C:\WINDOWS\system32\Drivers\LBeepKE.sys
14:37:27.0773 4012 LBeepKE - ok
14:37:27.0773 4012 lbrtfdc - ok
14:37:27.0789 4012 LHidKe (dd40c03d85649205ec086722474c8a63) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
14:37:27.0789 4012 LHidKe - ok
14:37:27.0898 4012 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
14:37:27.0898 4012 LMIInfo - ok
14:37:27.0929 4012 LMImirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\LMImirr.sys
14:37:27.0929 4012 LMImirr - ok
14:37:27.0929 4012 LMIRfsClientNP - ok
14:37:27.0945 4012 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
14:37:27.0945 4012 LMIRfsDriver - ok
14:37:27.0960 4012 LMouKE (2ebd4c02d259944869630a912ec86bce) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
14:37:27.0960 4012 LMouKE - ok
14:37:27.0991 4012 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:37:27.0991 4012 mnmdd - ok
14:37:28.0023 4012 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
14:37:28.0023 4012 Modem - ok
14:37:28.0101 4012 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:37:28.0101 4012 Mouclass - ok
14:37:28.0116 4012 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:37:28.0116 4012 mouhid - ok
14:37:28.0116 4012 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
14:37:28.0116 4012 MountMgr - ok
14:37:28.0147 4012 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:37:28.0147 4012 mraid35x - ok
14:37:28.0179 4012 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:37:28.0179 4012 MRxDAV - ok
14:37:28.0194 4012 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:37:28.0194 4012 MRxSmb - ok
14:37:28.0210 4012 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
14:37:28.0210 4012 Msfs - ok
14:37:28.0241 4012 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:37:28.0241 4012 MSKSSRV - ok
14:37:28.0241 4012 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:37:28.0241 4012 MSPCLOCK - ok
14:37:28.0256 4012 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
14:37:28.0256 4012 MSPQM - ok
14:37:28.0272 4012 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:37:28.0272 4012 mssmbios - ok
14:37:28.0288 4012 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
14:37:28.0288 4012 Mup - ok
14:37:28.0288 4012 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
14:37:28.0303 4012 NDIS - ok
14:37:28.0303 4012 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:37:28.0303 4012 NdisTapi - ok
14:37:28.0319 4012 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:37:28.0319 4012 Ndisuio - ok
14:37:28.0334 4012 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:37:28.0334 4012 NdisWan - ok
14:37:28.0350 4012 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
14:37:28.0350 4012 NDProxy - ok
14:37:28.0428 4012 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:37:28.0428 4012 NetBIOS - ok
14:37:28.0475 4012 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:37:28.0475 4012 NetBT - ok
14:37:28.0522 4012 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:37:28.0522 4012 NIC1394 - ok
14:37:28.0537 4012 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
14:37:28.0537 4012 Npfs - ok
14:37:28.0568 4012 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
14:37:28.0568 4012 Ntfs - ok
14:37:28.0584 4012 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:37:28.0584 4012 Null - ok
14:37:28.0677 4012 nv (0a83977b8909fda12e45112575a59ba7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:37:28.0693 4012 nv - ok
14:37:28.0724 4012 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:37:28.0724 4012 NwlnkFlt - ok
14:37:28.0740 4012 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:37:28.0740 4012 NwlnkFwd - ok
14:37:28.0740 4012 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:37:28.0740 4012 ohci1394 - ok
14:37:28.0755 4012 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
14:37:28.0755 4012 Parport - ok
14:37:28.0802 4012 Partizan (8ea4ce212887d6b0c7aa367c63b55b95) C:\WINDOWS\system32\drivers\Partizan.sys
14:37:28.0802 4012 Partizan - ok
14:37:28.0802 4012 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
14:37:28.0802 4012 PartMgr - ok
14:37:28.0833 4012 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:37:28.0833 4012 ParVdm - ok
14:37:28.0849 4012 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
14:37:28.0849 4012 PCI - ok
14:37:28.0849 4012 PCIDump - ok
14:37:28.0865 4012 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:37:28.0865 4012 PCIIde - ok
14:37:28.0880 4012 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:37:28.0880 4012 Pcmcia - ok
14:37:28.0896 4012 PDCOMP - ok
14:37:28.0911 4012 PDFRAME - ok
14:37:28.0911 4012 PDRELI - ok
14:37:28.0927 4012 PDRFRAME - ok
14:37:28.0927 4012 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
14:37:28.0927 4012 perc2 - ok
14:37:28.0942 4012 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:37:28.0942 4012 perc2hib - ok
14:37:28.0974 4012 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:37:28.0974 4012 PptpMiniport - ok
14:37:29.0005 4012 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
14:37:29.0005 4012 PSched - ok
14:37:29.0052 4012 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
14:37:29.0052 4012 PSI - ok
14:37:29.0067 4012 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:37:29.0067 4012 Ptilink - ok
14:37:29.0067 4012 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:37:29.0083 4012 PxHelp20 - ok
14:37:29.0083 4012 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:37:29.0083 4012 ql1080 - ok
14:37:29.0098 4012 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:37:29.0098 4012 Ql10wnt - ok
14:37:29.0114 4012 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:37:29.0114 4012 ql12160 - ok
14:37:29.0130 4012 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:37:29.0130 4012 ql1240 - ok
14:37:29.0130 4012 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:37:29.0130 4012 ql1280 - ok
14:37:29.0145 4012 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:37:29.0145 4012 RasAcd - ok
14:37:29.0161 4012 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:37:29.0161 4012 Rasl2tp - ok
14:37:29.0161 4012 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:37:29.0161 4012 RasPppoe - ok
14:37:29.0176 4012 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:37:29.0176 4012 Raspti - ok
14:37:29.0239 4012 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:37:29.0239 4012 Rdbss - ok
14:37:29.0270 4012 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:37:29.0270 4012 RDPCDD - ok
14:37:29.0285 4012 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:37:29.0285 4012 rdpdr - ok
14:37:29.0317 4012 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
14:37:29.0332 4012 RDPWD - ok
14:37:29.0348 4012 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:37:29.0348 4012 redbook - ok
14:37:29.0488 4012 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:37:29.0488 4012 SASDIFSV - ok
14:37:29.0519 4012 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
14:37:29.0519 4012 SASENUM - ok
14:37:29.0551 4012 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
14:37:29.0551 4012 SASKUTIL - ok
14:37:29.0566 4012 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:37:29.0566 4012 Secdrv - ok
14:37:29.0582 4012 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:37:29.0582 4012 serenum - ok
14:37:29.0597 4012 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
14:37:29.0597 4012 Serial - ok
14:37:29.0613 4012 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:37:29.0613 4012 Sfloppy - ok
14:37:29.0613 4012 Simbad - ok
14:37:29.0628 4012 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:37:29.0628 4012 sisagp - ok
14:37:29.0691 4012 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:37:29.0691 4012 SONYPVU1 - ok
14:37:29.0691 4012 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:37:29.0691 4012 Sparrow - ok
14:37:29.0706 4012 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
14:37:29.0722 4012 splitter - ok
14:37:29.0753 4012 sptd (175600c9e3e4154150bfbc192a61c1de) C:\WINDOWS\system32\Drivers\sptd.sys
14:37:29.0753 4012 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 175600c9e3e4154150bfbc192a61c1de
14:37:29.0753 4012 sptd ( LockedFile.Multi.Generic ) - warning
14:37:29.0753 4012 sptd - detected LockedFile.Multi.Generic (1)
14:37:29.0769 4012 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
14:37:29.0769 4012 sr - ok
14:37:29.0784 4012 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys
14:37:29.0784 4012 Srv - ok
14:37:29.0831 4012 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
14:37:29.0831 4012 STHDA - ok
14:37:29.0847 4012 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:37:29.0847 4012 swenum - ok
14:37:29.0862 4012 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
14:37:29.0878 4012 swmidi - ok
14:37:29.0878 4012 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:37:29.0878 4012 symc810 - ok
14:37:29.0894 4012 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:37:29.0894 4012 symc8xx - ok
14:37:29.0925 4012 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:37:29.0925 4012 sym_hi - ok
14:37:29.0925 4012 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:37:29.0925 4012 sym_u3 - ok
14:37:29.0956 4012 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
14:37:29.0956 4012 sysaudio - ok
14:37:30.0003 4012 Tcpip (b2220c618b42a2212a59d91ebd6fc4b4) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:37:30.0003 4012 Tcpip - ok
14:37:30.0049 4012 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:37:30.0049 4012 TDPIPE - ok
14:37:30.0081 4012 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
14:37:30.0081 4012 TDTCP - ok
14:37:30.0096 4012 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:37:30.0096 4012 TermDD - ok
14:37:30.0127 4012 tmcomm (4dc436421c9d745d7e8c37f956701c78) C:\WINDOWS\system32\drivers\tmcomm.sys
14:37:30.0127 4012 tmcomm - ok
14:37:30.0143 4012 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
14:37:30.0143 4012 TosIde - ok
14:37:30.0174 4012 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
14:37:30.0190 4012 Udfs - ok
14:37:30.0190 4012 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
14:37:30.0190 4012 ultra - ok
14:37:30.0237 4012 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
14:37:30.0252 4012 Update - ok
14:37:30.0299 4012 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:37:30.0299 4012 usbccgp - ok
14:37:30.0314 4012 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:37:30.0314 4012 usbehci - ok
14:37:30.0330 4012 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:37:30.0330 4012 usbhub - ok
14:37:30.0361 4012 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:37:30.0361 4012 usbprint - ok
14:37:30.0377 4012 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:37:30.0377 4012 USBSTOR - ok
14:37:30.0408 4012 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:37:30.0408 4012 usbuhci - ok
14:37:30.0424 4012 usb_rndisx (ae4df3b7d1db9373b08db4ed224e26b6) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
14:37:30.0424 4012 usb_rndisx - ok
14:37:30.0455 4012 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
14:37:30.0455 4012 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\vaxscsi.sys. md5: 92cebc2bc7be2c8d49391b365569f306
14:37:30.0455 4012 vaxscsi ( LockedFile.Multi.Generic ) - warning
14:37:30.0455 4012 vaxscsi - detected LockedFile.Multi.Generic (1)
14:37:30.0470 4012 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
14:37:30.0470 4012 VgaSave - ok
14:37:30.0486 4012 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:37:30.0486 4012 viaagp - ok
14:37:30.0502 4012 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:37:30.0502 4012 ViaIde - ok
14:37:30.0517 4012 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
14:37:30.0517 4012 VolSnap - ok
14:37:30.0533 4012 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:37:30.0533 4012 Wanarp - ok
14:37:30.0533 4012 wanatw - ok
14:37:30.0548 4012 WDICA - ok
14:37:30.0564 4012 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
14:37:30.0564 4012 wdmaud - ok
14:37:30.0595 4012 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:37:30.0595 4012 WS2IFSL - ok
14:37:30.0611 4012 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:37:30.0611 4012 WudfPf - ok
14:37:30.0642 4012 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:37:30.0642 4012 WudfRd - ok
14:37:30.0704 4012 X4HSX32 (cd89071a6e7ad0e5d5c6fba70dbeca19) C:\Program Files\GameTap\bin\Release\X4HSX32.Sys
14:37:30.0704 4012 X4HSX32 - ok
14:37:30.0735 4012 MBR (0x1B8) (87d88fa4d3efd4431866ea91949644bf) \Device\Harddisk0\DR0
14:37:30.0751 4012 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
14:37:30.0751 4012 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
14:37:30.0751 4012 Boot (0x1200) (da87cf439f944406c00ff3166f36b984) \Device\Harddisk0\DR0\Partition0
14:37:30.0751 4012 \Device\Harddisk0\DR0\Partition0 - ok
14:37:30.0782 4012 Boot (0x1200) (4d1d67eeb60b57c2e8917509167f80ac) \Device\Harddisk0\DR0\Partition1
14:37:30.0782 4012 \Device\Harddisk0\DR0\Partition1 - ok
14:37:30.0798 4012 ============================================================
14:37:30.0798 4012 Scan finished
14:37:30.0798 4012 ============================================================
14:37:30.0798 2144 Detected object count: 3
14:37:30.0798 2144 Actual detected object count: 3
14:38:10.0913 2144 sptd ( LockedFile.Multi.Generic ) - skipped by user
14:38:10.0913 2144 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
14:38:10.0913 2144 vaxscsi ( LockedFile.Multi.Generic ) - skipped by user
14:38:10.0913 2144 vaxscsi ( LockedFile.Multi.Generic ) - User select action: Skip
14:38:10.0976 2144 \Device\Harddisk0\DR0\# - copied to quarantine
14:38:10.0991 2144 \Device\Harddisk0\DR0 - copied to quarantine
14:38:10.0991 2144 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - will be cured on reboot
14:38:11.0022 2144 \Device\Harddisk0\DR0 - ok
14:38:11.0022 2144 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Cure
14:39:06.0667 3364 Deinitialize success

 

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-06 15:18:58
-----------------------------
15:18:58.364 OS Version: Windows 5.1.2600 Service Pack 2
15:18:58.364 Number of processors: 2 586 0x602
15:18:58.364 ComputerName: GLB-RPICON-02 UserName: rpicon
15:18:59.333 Initialize success
15:18:59.474 AVAST engine defs: 11012000
15:19:50.785 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:19:50.785 Disk 0 Vendor: Intel___ 1.0. Size: 152585MB BusType: 3
15:19:50.801 Disk 0 MBR read successfully
15:19:50.801 Disk 0 MBR scan
15:19:50.801 Disk 0 unknown MBR code
15:19:50.801 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
15:19:50.816 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 111192 MB offset 80325
15:19:50.832 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 37848 MB offset 227801700
15:19:50.848 Disk 0 Partition 4 00 DB CP/M / CTOS MSWIN4.1 3498 MB offset 305315325
15:19:50.863 Disk 0 scanning sectors +312480315
15:19:50.926 Disk 0 scanning C:\WINDOWS\system32\drivers
15:19:58.066 Service scanning
15:19:58.676 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
15:19:58.691 Service vaxscsi C:\WINDOWS\System32\Drivers\vaxscsi.sys **LOCKED** 32
15:19:59.222 Modules scanning
15:20:04.144 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
15:20:05.129 Disk 0 trace - called modules:
15:20:05.144 ntkrnlpa.exe >>UNKNOWN [0x89e4c450]<<
15:20:05.144 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89dd8ab8]
15:20:05.144 \Driver\Disk[0x89dca910] -> IRP_MJ_CREATE -> 0x89e4c450
15:20:05.785 AVAST engine scan C:\WINDOWS
15:20:10.691 AVAST engine scan C:\WINDOWS\system32
15:22:03.846 AVAST engine scan C:\WINDOWS\system32\drivers
15:22:14.565 AVAST engine scan C:\Documents and Settings\Rick Picon
15:25:41.345 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rick Picon\Desktop\MBR.dat "
15:25:41.345 The log file has been saved successfully to "C:\Documents and Settings\Rick Picon\Desktop\aswMBR.txt "

 

ComboFix 12-02-06.02 - rpicon 2012-02-06 15:29:15.16.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1453 [GMT -5:00]
Running from: c:\documents and settings\Rick Picon\Desktop\rpicon.exe
AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Rick Picon\Local Settings\Application Data\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-06 to 2012-02-06 )))))))))))))))))))))))))))))))
.
.
2012-02-06 19:38 . 2012-02-06 19:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-06 16:52 . 2012-02-06 16:52 -------- d-----w- c:\documents and settings\Rick Picon\Application Data\MSNInstaller
2012-02-03 14:15 . 2012-02-03 14:15 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Yahoo
2012-02-02 22:36 . 2012-02-02 22:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-02-02 22:36 . 2012-02-02 22:36 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2012-02-02 22:36 . 2012-02-02 22:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-01-25 20:44 . 2012-01-26 19:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-06 16:56 . 2006-03-07 12:51 98304 ----a-w- c:\windows\DUMP4e4e.tmp
2011-12-10 20:24 . 2009-03-24 16:47 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-06_18.15.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-06 19:40 . 2012-02-06 19:40 16384 c:\windows\temp\Perflib_Perfdata_3e0.dat
+ 2012-02-02 22:36 . 2012-02-06 19:37 16384 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
- 2012-02-02 22:36 . 2012-02-06 18:08 16384 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
- 2006-03-31 17:48 . 2012-02-06 18:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-03-31 17:48 . 2012-02-06 19:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-02-02 22:36 . 2012-02-06 19:37 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2012-02-02 22:36 . 2012-02-06 18:08 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2012-02-02 22:35 . 2012-02-06 18:08 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-02-02 22:35 . 2012-02-06 19:37 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-02-06 18:47 . 2012-02-06 18:47 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{F7F2714E-50F2-11E1-B768-0013720D9C8E}.dat
+ 2012-02-06 18:20 . 2012-02-06 18:20 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{3C548BC0-50EF-11E1-B767-0013720D9C8E}.dat
+ 2012-02-06 18:20 . 2012-02-06 18:20 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{43FF01D8-50EF-11E1-B767-0013720D9C8E}.dat
+ 2012-02-06 18:47 . 2012-02-06 18:48 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{132866AD-50F3-11E1-B768-0013720D9C8E}.dat
+ 2012-02-06 18:47 . 2012-02-06 18:47 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{132866AC-50F3-11E1-B768-0013720D9C8E}.dat
+ 2012-02-06 18:47 . 2012-02-06 18:47 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0CE64D1C-50F3-11E1-B768-0013720D9C8E}.dat
+ 2012-02-06 18:47 . 2012-02-06 18:47 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0CE64D1B-50F3-11E1-B768-0013720D9C8E}.dat
+ 2012-02-06 18:47 . 2012-02-06 18:47 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{00BDDA06-50F3-11E1-B768-0013720D9C8E}.dat
+ 2012-02-06 18:47 . 2012-02-06 18:47 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{00BDDA04-50F3-11E1-B768-0013720D9C8E}.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Rick Picon\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Rick Picon\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Rick Picon\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@= "{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Rick Picon\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 68856]
"AdobeUpdater "= "c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-06-11 2321600]
"H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080]
"CompanionLink "= "c:\program files\airset\airset.exe" [2007-12-05 11866112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5 "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2005-07-09 7110656]
"LogMeIn GUI "= "c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\documents and settings\Rick Picon\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Rick Picon\Application Data\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-9-14 271736]
Salesforce for Outlook.lnk - c:\program files\salesforce.com\Salesforce for Outlook\SfdcMsOl.exe [2011-7-29 468384]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-25 21:44 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-01 18:30 87352 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@= "Service "
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
backup=c:\windows\pss\Google Calendar Sync.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Rick Picon^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
backup=c:\windows\pss\Microsoft Office Groove.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Rick Picon^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2007-05-11 02:46 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-06-11 21:17 2321600 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 11:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-03-07 13:15 169472 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 12:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-06-21 02:36 1207080 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2005-06-17 13:56 139264 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2006-05-10 13:48 94208 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 17:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-07-09 05:57 7110656 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoSysTray]
2011-01-05 23:19 15752 ----a-w- c:\documents and settings\Rick Picon\Local Settings\Application Data\Plaxo\3.25.0.87\plaxosystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
2011-01-05 23:19 813448 ----a-w- c:\documents and settings\Rick Picon\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoHelper_en.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-04-27 13:41 282624 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Common Files\\AOL\\1144767884\\ee\\aolsoftware.exe "=
"c:\\Program Files\\Common Files\\AOL\\1144767884\\ee\\aim6.exe "=
"c:\\Program Files\\Network Assistant\\Nassi.exe "=
"c:\\Program Files\\Schwab Performance Technologies\\PortfolioCenter\\SPTServer.exe "=
"c:\\Program Files\\Schwab Performance Technologies\\PortfolioCenter\\PortfolioCenter.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe "=
"c:\\StubInstaller.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\Xolox\\mldonkey\\mlnet.exe "=
"c:\\Program Files\\Xolox\\XoloxEXE.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\AIM\\AIM Pro\\aimpro.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP "= 135:TCPCOM
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"3393:TCP "= 3393:TCP:RD-Rick
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-01-30 643072]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-02-14 294608]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-06-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-06-23 74480]
R2 APC Data Service;APC Data Service;c:\program files\APC\APC PowerChute Personal Edition\dataserv.exe [2010-09-14 21880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-02-14 17744]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-04-10 3712]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2007-06-27 12856]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [2011-04-19 993848]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2007-01-30 223128]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-02-17 34760]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-09-01 15544]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-07 13:00]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3500089258-3802542852-2463999137-1115Core.job
- c:\documents and settings\Rick Picon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-24 14:20]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3500089258-3802542852-2463999137-1115UA.job
- c:\documents and settings\Rick Picon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-24 14:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.113
DPF: {25D9AA40-ED39-11D2-A038-009027078284} - hxxps://www.advisorservices.com/content/advisor/files/UrlDownloader.cab
DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} - hxxps://vex.advisorservices.com/Views/VeoExpress/AdoView/Pages/veoExpress.CAB
FF - ProfilePath - c:\documents and settings\Rick Picon\Application Data\Mozilla\Firefox\Profiles\cu58ft3k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Default Full Zoom Level: {D9A7CBEC-DE1A-444f-A092-844461596C4D} - %profile%\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-06 15:34
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,f0,e3,66,f2,f9,fc,49,b8,0d,68,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,f0,e3,66,f2,f9,fc,49,b8,0d,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(800)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3104)
c:\windows\system32\WININET.dll
c:\documents and settings\Rick Picon\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-06 15:36:45
ComboFix-quarantined-files.txt 2012-02-06 20:36
ComboFix2.txt 2012-02-06 19:05
ComboFix3.txt 2012-02-06 18:17
.
Pre-Run: 37,601,845,248 bytes free
Post-Run: 37,620,342,784 bytes free
.
- - End Of File - - 8CA02EE9046A69379DDB9F17001AF6A7

 

no blue screen so far the PC is acting fine

 

OTL logfile created on: 2012-02-07 12:49:12 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Rick Picon\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.05% Memory free
3.85 Gb Paging File | 3.19 Gb Available in Paging File | 83.03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 35.03 Gb Free Space | 32.26% Space Free | Partition Type: NTFS
Drive D: | 36.96 Gb Total Space | 6.03 Gb Free Space | 16.33% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 916.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive P: | 136.02 Gb Total Space | 43.80 Gb Free Space | 32.20% Space Free | Partition Type: NTFS
Drive T: | 136.02 Gb Total Space | 43.80 Gb Free Space | 32.20% Space Free | Partition Type: NTFS

Computer Name: GLB-RPICON-02 | User Name: rpicon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-02-07 12:46:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick Picon\Desktop\OTL.exe
PRC - [2011-07-29 13:27:44 | 000,468,384 | ---- | M] (salesforce.com) -- C:\Program Files\salesforce.com\Salesforce for Outlook\SfdcMsOl.exe
PRC - [2011-04-19 01:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011-04-19 01:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011-01-13 03:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011-01-13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010-09-14 15:54:12 | 000,021,880 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe
PRC - [2010-09-14 15:53:40 | 000,705,912 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2010-09-14 15:53:20 | 000,660,856 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2010-08-23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009-10-01 13:30:35 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009-10-01 13:30:10 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009-05-30 14:00:24 | 007,573,504 | ---- | M] (Gracebyte Software) -- C:\Program Files\Network Assistant\Nassi.exe
PRC - [2008-11-09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007-12-05 08:41:12 | 011,866,112 | ---- | M] (Airena, Inc.) -- C:\Program Files\AirSet\AirSet.exe
PRC - [2007-04-17 13:03:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007-04-17 13:03:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2005-06-17 08:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005-04-01 20:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2004-08-04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011-10-04 13:31:48 | 003,149,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011-10-04 13:31:48 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011-10-04 13:31:46 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011-10-04 13:31:45 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011-10-04 13:31:38 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011-10-04 13:31:37 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011-10-04 13:31:35 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011-10-04 13:31:35 | 000,113,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2011-10-04 13:31:34 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011-10-04 13:31:29 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011-10-04 13:31:23 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2011-10-04 13:31:19 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011-07-29 13:27:52 | 000,012,192 | ---- | M] () -- C:\Program Files\salesforce.com\Salesforce for Outlook\Sfdc.Util.DotNetHelper.dll
MOD - [2011-07-29 13:27:49 | 000,464,288 | ---- | M] () -- C:\Program Files\salesforce.com\Salesforce for Outlook\Sfdc.ServerAdapter.XmlSerializers.dll
MOD - [2011-07-29 13:27:48 | 000,062,880 | ---- | M] () -- C:\Program Files\salesforce.com\Salesforce for Outlook\Sfdc.OutlookAdapter.XmlSerializers.dll
MOD - [2011-07-29 13:25:01 | 000,904,704 | ---- | M] () -- C:\Program Files\salesforce.com\Salesforce for Outlook\sqlite3.dll
MOD - [2011-05-04 03:52:24 | 000,112,416 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2iexp.dll
MOD - [2011-05-04 03:51:59 | 000,008,192 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2011-03-09 11:56:29 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3736ba3ecac186f9c5d85f01bda2be98\System.Runtime.Remoting.ni.dll
MOD - [2011-03-09 11:54:54 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2011-03-09 11:54:54 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011-03-09 11:54:54 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2011-03-09 11:54:53 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011-03-09 11:54:44 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011-03-09 11:54:43 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011-03-09 11:54:43 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011-03-09 11:54:43 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011-03-09 11:54:43 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011-03-09 11:54:42 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011-03-09 11:54:42 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011-03-09 11:54:42 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011-03-09 11:54:42 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2011-01-19 19:14:01 | 000,792,576 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11012000\algo.dll
MOD - [2011-01-13 03:47:29 | 000,142,872 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\aswDld.dll
MOD - [2009-09-15 17:07:50 | 001,063,248 | ---- | M] () -- C:\Program Files\LogMeIn\x86\ICSAgent32.dll
MOD - [2009-08-10 15:10:51 | 001,840,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1dad08772eb89d48a8a0cfe9b0467eb0\System.Web.Services.ni.dll
MOD - [2009-08-10 15:10:35 | 011,791,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll
MOD - [2009-08-10 15:10:23 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll
MOD - [2009-08-10 15:10:23 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
MOD - [2009-08-10 15:10:11 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll
MOD - [2009-08-10 15:10:11 | 000,280,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.Wrapper.dll
MOD - [2009-08-10 15:09:55 | 009,903,104 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\8c050147d7031f912f6ca2b15550173f\System.Data.Entity.ni.dll
MOD - [2009-08-10 15:08:58 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\e148983beeb0f30918b0564849a16456\CustomMarshalers.ni.dll
MOD - [2009-08-10 15:08:57 | 000,676,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\0418eb6dbffe9b46aa4c989153d6a3b5\System.Security.ni.dll
MOD - [2009-08-10 15:08:53 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
MOD - [2009-08-10 13:20:24 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2009-08-10 13:20:17 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
MOD - [2009-08-10 13:19:59 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
MOD - [2009-08-10 13:19:38 | 006,614,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll
MOD - [2009-08-10 13:19:29 | 002,294,784 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\6c69930d05c557da70144bcc0add7065\System.Core.ni.dll
MOD - [2009-08-10 13:18:18 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2009-08-10 13:18:08 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2007-06-25 08:59:00 | 000,920,376 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
MOD - [2006-06-20 21:34:28 | 000,017,704 | ---- | M] () -- C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll
MOD - [2006-03-31 13:24:02 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll
MOD - [2006-03-07 08:15:41 | 000,095,744 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
MOD - [2005-10-25 05:24:22 | 000,020,594 | ---- | M] () -- C:\WINDOWS\system32\DELS1L3.DLL
MOD - [2004-08-04 06:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2000-12-27 17:40:58 | 000,043,008 | ---- | M] () -- C:\Program Files\Network Assistant\hooks.dll


========== Win32 Services (SafeList) ==========

SRV - [2011-04-19 01:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011-01-13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010-09-14 15:54:12 | 000,021,880 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe -- (APC Data Service)
SRV - [2010-09-14 15:53:40 | 000,705,912 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2010-08-23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009-10-01 13:30:35 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2008-11-09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007-04-17 13:03:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007-03-28 11:12:34 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2005-06-17 08:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)
SRV - [2005-04-01 20:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011-01-13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011-01-13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011-01-13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011-01-13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011-01-13 03:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011-01-13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-09-01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009-10-01 13:30:14 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009-09-25 16:44:49 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009-06-23 10:01:42 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009-06-23 10:01:40 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009-02-17 12:40:24 | 000,034,760 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Partizan.sys -- (Partizan)
DRV - [2008-10-17 09:25:11 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008-02-28 14:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007-01-30 11:36:42 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2007-01-30 11:26:47 | 000,643,072 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006-12-29 11:30:25 | 000,076,560 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2006-11-07 05:48:44 | 000,023,040 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\GameTap\bin\release\X4HSX32.sys -- (X4HSX32)
DRV - [2006-06-29 23:53:44 | 000,003,712 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2006-05-10 08:56:54 | 000,027,264 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2006-05-10 08:56:50 | 000,071,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2006-03-07 08:07:09 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005-11-16 22:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005-09-08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005-09-08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005-09-08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005-09-08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005-09-08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005-09-08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005-09-08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005-08-25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005-08-25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577



IE - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search "
FF - prefs.js..browser.search.order.1: "BearShare Web Search "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/ "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {D9A7CBEC-DE1A-444f-A092-844461596C4D}:4.5
FF - prefs.js..keyword.URL: "http://search.bearshare.com/web?src=ffb&systemid=2&q= "

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll ( )
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Rick Picon\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Rick Picon\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-02-06 16:16:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-02-06 16:16:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2011-04-05 13:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rick Picon\Application Data\Mozilla\Extensions
[2012-02-06 15:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rick Picon\Application Data\Mozilla\Firefox\Profiles\cu58ft3k.default\extensions
[2011-04-01 09:47:46 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Documents and Settings\Rick Picon\Application Data\Mozilla\Firefox\Profiles\cu58ft3k.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011-09-12 15:46:56 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Rick Picon\Application Data\Mozilla\Firefox\Profiles\cu58ft3k.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011-08-31 11:01:42 | 000,000,000 | ---D | M] ( "Default Full Zoom Level ") -- C:\Documents and Settings\Rick Picon\Application Data\Mozilla\Firefox\Profiles\cu58ft3k.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2011-04-01 09:56:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Rick Picon\Application Data\Mozilla\Firefox\Profiles\cu58ft3k.default\extensions\engine@conduit.com
[2010-09-14 07:48:25 | 000,002,506 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Application Data\Mozilla\Firefox\Profiles\cu58ft3k.default\searchplugins\BearShareWebSearch.xml
[2012-02-06 15:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006-11-16 11:22:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010-07-06 11:58:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011-03-01 11:38:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-06-09 12:13:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009-07-21 09:33:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-05-04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008-03-12 12:04:10 | 000,086,016 | ---- | M] (SpiralFrog Inc.) -- C:\Program Files\mozilla firefox\plugins\NPSFDMGR.dll
[2010-09-14 07:48:25 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Rick Picon\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Rick Picon\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Rick Picon\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: SpiralFrog DownloadManager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSFDMGR.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Rick Picon\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Rick Picon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: YouTube = C:\Documents and Settings\Rick Picon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Rick Picon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Documents and Settings\Rick Picon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
CHR - Extension: Gmail = C:\Documents and Settings\Rick Picon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011-06-09 09:53:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115..\Run: [CompanionLink] c:\program files\airset\airset.exe (Airena, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Salesforce for Outlook.lnk = C:\Program Files\salesforce.com\Salesforce for Outlook\SfdcMsOl.exe (salesforce.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\Rick Picon\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Rick Picon\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} http://www1.skillground.com/cab1831/SkillGround.cab (SkillGround Game Manager)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {25D9AA40-ED39-11D2-A038-009027078284} https://www.advisorservices.com/content/advisor/files/UrlDownloader.cab (UrlDownloader Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249928285454 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260546108330 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} https://vex.advisorservices.com/Views/VeoExpress/AdoView/Pages/veoExpress.CAB (veoExpress.ctlVeoExpress)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.113
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aribaglb.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{849CB337-DE20-421B-AC9E-B4F750CB1F7B}: DhcpNameServer = 192.168.1.113
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Rick Picon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rick Picon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-10-23 07:20:07 | 000,000,057 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (Partizan)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-02-07 12:46:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rick Picon\Desktop\OTL.exe
[2012-02-06 15:27:43 | 000,000,000 | ---D | C] -- C:\rpicon
[2012-02-06 14:38:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012-02-06 14:36:47 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Rick Picon\Desktop\tdsskiller.exe
[2012-02-06 13:52:53 | 004,397,604 | R--- | C] (Swearware) -- C:\Documents and Settings\Rick Picon\Desktop\rpicon.exe
[2012-02-06 13:07:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-02-06 13:07:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-02-06 13:07:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-02-06 13:07:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-02-06 13:06:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-02-06 12:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick Picon\Desktop\bootkit_remover
[2012-02-06 11:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick Picon\Application Data\MSNInstaller
[2012-02-03 15:51:45 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Rick Picon\Desktop\aswMBR.exe
[2012-02-03 13:24:18 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Rick Picon\Desktop\dds.scr
[2003-12-09 12:16:52 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\comintfs.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-02-07 12:50:03 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3500089258-3802542852-2463999137-1115UA.job
[2012-02-07 12:48:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012-02-07 12:46:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick Picon\Desktop\OTL.exe
[2012-02-07 12:32:06 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012-02-07 11:53:40 | 000,266,199 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\Schwab Check_and_Journal_Request.pdf
[2012-02-06 22:50:05 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3500089258-3802542852-2463999137-1115Core.job
[2012-02-06 15:25:41 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\MBR.dat
[2012-02-06 14:41:24 | 000,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012-02-06 14:41:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-02-06 14:40:22 | 2145,546,240 | -HS- | M] () -- C:\hiberfil.sys
[2012-02-06 14:36:54 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Rick Picon\Desktop\tdsskiller.exe
[2012-02-06 13:53:39 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\rkill.com
[2012-02-06 13:52:58 | 004,397,604 | R--- | M] (Swearware) -- C:\Documents and Settings\Rick Picon\Desktop\rpicon.exe
[2012-02-06 12:59:02 | 000,303,059 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\ListParts.exe
[2012-02-06 12:35:27 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\bootkit_remover.zip
[2012-02-03 15:51:45 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Rick Picon\Desktop\aswMBR.exe
[2012-02-03 13:24:21 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Rick Picon\Desktop\dds.scr
[2012-02-03 13:23:37 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\hic3f4fy.exe
[2012-02-03 12:50:23 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012-02-02 13:54:06 | 000,006,807 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\alves line chart.pdf
[2012-02-02 13:53:35 | 000,008,812 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\alves performance.pdf
[2012-02-02 11:46:07 | 000,193,672 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\UBS Fees.pdf
[2012-01-30 15:19:36 | 000,327,160 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\Turner Options.pdf
[2012-01-25 16:32:55 | 000,006,375 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\oks.pdf
[2012-01-25 13:03:17 | 000,123,320 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\Schwab signature request fee mgt.pdf
[2012-01-18 13:39:38 | 000,537,247 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\Fox-Will.pdf
[2012-01-17 12:17:20 | 000,301,460 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\Heffern option.pdf
[2012-01-17 12:08:17 | 000,366,022 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\Heffern money link.pdf
[2012-01-10 16:04:39 | 000,034,352 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\fee refund.pdf
[2012-01-09 11:35:06 | 000,018,645 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\Mannix.pdf
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files Created - No Company Name ==========

[2012-02-07 11:53:40 | 000,266,199 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\Schwab Check_and_Journal_Request.pdf
[2012-02-06 16:14:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012-02-06 15:25:41 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\MBR.dat
[2012-02-06 13:53:36 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\rkill.com
[2012-02-06 13:07:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-02-06 13:07:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-02-06 13:07:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-02-06 13:07:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-02-06 13:07:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-02-06 12:59:02 | 000,303,059 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\ListParts.exe
[2012-02-06 12:35:30 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\bootkit_remover.zip
[2012-02-06 12:03:50 | 2145,546,240 | -HS- | C] () -- C:\hiberfil.sys
[2012-02-03 13:23:37 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\hic3f4fy.exe
[2012-02-03 12:50:23 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012-02-02 13:54:06 | 000,006,807 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\alves line chart.pdf
[2012-02-02 13:53:34 | 000,008,812 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\alves performance.pdf
[2012-01-30 15:19:36 | 000,327,160 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\Turner Options.pdf
[2012-01-25 16:32:55 | 000,006,375 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\oks.pdf
[2012-01-25 13:03:17 | 000,123,320 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\Schwab signature request fee mgt.pdf
[2012-01-20 14:14:46 | 000,193,672 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\UBS Fees.pdf
[2012-01-18 13:39:47 | 000,537,247 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\Fox-Will.pdf
[2012-01-17 12:17:20 | 000,301,460 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\Heffern option.pdf
[2012-01-17 12:08:17 | 000,366,022 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\Heffern money link.pdf
[2012-01-10 16:04:39 | 000,034,352 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\fee refund.pdf
[2012-01-09 11:35:05 | 000,018,645 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\Mannix.pdf
[2011-01-21 06:20:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-01-20 17:36:30 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010-01-20 17:36:30 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010-01-20 17:36:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010-01-20 17:36:30 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009-11-05 12:04:52 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
[2009-11-05 12:04:51 | 000,691,592 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2009-09-25 16:43:14 | 000,014,763 | ---- | C] () -- C:\WINDOWS\System32\ivehybeg.com
[2009-09-25 15:27:03 | 000,018,478 | ---- | C] () -- C:\WINDOWS\System32\ubufuxozu.dat
[2009-09-25 15:27:02 | 000,015,183 | ---- | C] () -- C:\WINDOWS\ygoge.dat
[2009-08-10 13:15:12 | 000,222,392 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009-07-13 13:05:41 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009-04-13 16:28:30 | 000,000,134 | ---- | C] () -- C:\WINDOWS\rootkitno.ini
[2008-12-01 15:14:08 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\f9t.dat
[2008-11-21 08:21:16 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\_regtlb.dll
[2008-04-16 11:23:14 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007-11-20 16:23:07 | 000,009,365 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\Comma Separated Values (DOS).EML
[2007-11-20 16:19:57 | 000,009,363 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\Microsoft Excel 97-2003.EML
[2007-11-20 16:18:23 | 000,009,369 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\Comma Separated Values (Windows).EML
[2007-09-25 11:40:47 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2007-09-25 11:29:25 | 000,000,009 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2007-03-09 17:28:03 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007-01-30 11:36:42 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\vaxscsi.sys
[2007-01-30 11:26:47 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd3197.sys
[2006-12-29 11:30:26 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2006-12-28 14:14:09 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\DisspyUninstall.exe
[2006-12-15 10:05:40 | 000,000,030 | ---- | C] () -- C:\WINDOWS\xoloxexe.INI
[2006-12-13 09:26:49 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2006-11-27 12:37:25 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\.mpid
[2006-11-16 11:22:05 | 000,002,301 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006-10-12 17:18:56 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006-10-11 08:55:04 | 000,000,033 | ---- | C] () -- C:\WINDOWS\schwabcd.ini
[2006-07-27 12:28:42 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006-07-11 18:40:17 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2006-07-11 17:33:49 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006-06-12 12:52:07 | 000,212,480 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006-05-04 10:19:07 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\$_hpcst$.hpc
[2006-04-29 23:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WbxRMenu.dll
[2006-04-17 13:07:45 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006-04-13 22:18:24 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\atonres.dll
[2006-04-13 22:18:24 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\WbxMSAI.dll
[2006-04-13 22:18:24 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\atonecli.dll
[2006-04-11 10:03:49 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006-04-11 08:55:58 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006-03-31 13:38:49 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\fusioncache.dat
[2006-03-31 13:24:58 | 000,000,550 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-03-07 08:18:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006-03-07 08:14:39 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006-03-07 08:12:20 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006-03-07 08:11:00 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006-03-07 08:06:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006-03-07 07:45:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006-03-07 07:44:46 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005-11-10 09:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005-10-25 05:24:22 | 000,020,594 | ---- | C] () -- C:\WINDOWS\System32\DELS1L3.DLL
[2004-08-11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004-08-11 18:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004-08-11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004-08-11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004-08-11 18:06:43 | 000,312,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004-08-11 18:00:30 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004-08-11 18:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-08-11 18:00:28 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004-08-11 18:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004-08-11 18:00:28 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004-08-11 18:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004-08-11 18:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004-08-11 18:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004-08-11 18:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004-08-11 18:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004-08-11 18:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004-08-11 18:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004-08-11 18:00:04 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

========== LOP Check ==========

[2011-10-03 15:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\163B
[2011-02-14 16:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011-04-07 09:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BearShare
[2006-09-18 10:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Centric Services
[2011-02-10 14:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009-12-07 16:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009-10-01 12:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2009-02-03 13:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2008-11-28 11:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011-02-10 14:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006-10-09 15:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Money Tree Software
[2008-01-16 16:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2007-03-14 14:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006-09-13 13:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayTime
[2009-06-08 14:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Schwab Performance Technologies
[2010-01-20 17:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2007-03-14 14:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SonyPicturesGames
[2008-07-22 13:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UTour Golf
[2011-04-07 09:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{888803CF-24CB-4360-955A-9B6EE8BEEDC1}
[2009-08-17 09:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dfederman\Application Data\Gracebyte Software
[2007-06-25 10:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pwalsh\Application Data\Windows Desktop Search
[2006-04-11 10:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\acccore
[2006-11-01 08:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\AIM
[2012-02-07 11:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\AirSet Desktop Sync
[2011-07-28 08:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Avery
[2011-04-05 13:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Azureus
[2007-06-22 10:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\BitTorrent
[2011-04-01 10:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\bsbandmltbpi
[2012-02-06 11:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Dropbox
[2011-04-05 13:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\FrostWire
[2011-05-24 09:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\GlarySoft
[2006-04-11 10:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Gracebyte Software
[2007-01-30 11:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Leadertech
[2007-03-08 16:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\LinkedIn
[2007-09-24 15:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\MegauploadToolbar
[2006-10-13 10:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Money Tree Software
[2012-02-06 11:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\MSNInstaller
[2007-03-14 14:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\PlayFirst
[2009-01-23 17:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\PowerChallenge
[2007-11-16 12:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\RSSRadio
[2007-11-16 12:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\RSSRadio.local
[2011-09-14 10:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\salesforce.com
[2011-05-24 09:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Sammsoft
[2009-11-04 14:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Serif
[2008-01-18 13:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Sigaba
[2009-01-21 15:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Simply Super Software
[2008-05-08 13:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\SmartDraw
[2008-12-01 15:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Stamps.com Internet Postage
[2007-03-02 14:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\System Restore

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006-11-03 12:35:37 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010-11-16 10:28:48 | 000,011,123 | ---- | M] () -- C:\aaw7boot.log
[2006-11-13 11:55:17 | 000,000,584 | ---- | M] () -- C:\AribaGLBletterhead.LNK
[2009-01-22 13:30:36 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2011-03-09 16:51:28 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004-08-03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012-02-06 15:36:45 | 000,020,638 | ---- | M] () -- C:\ComboFix.txt
[2004-08-11 18:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008-11-18 17:58:15 | 000,210,508 | ---- | M] () -- C:\coreuninstall.log
[2006-03-07 07:50:18 | 000,006,370 | R--- | M] () -- C:\dell.sdr
[2006-11-13 11:55:17 | 000,000,419 | ---- | M] () -- C:\GLB.LNK
[2012-02-06 14:40:22 | 2145,546,240 | -HS- | M] () -- C:\hiberfil.sys
[2006-04-04 12:32:01 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004-08-11 18:15:00 | 000,000,000 | ---- | M] () -- C:\IO.SYS
[2011-06-09 12:16:32 | 000,053,604 | ---- | M] () -- C:\JavaRa.log
[2004-08-11 18:15:00 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
[2004-08-04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004-08-04 06:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2012-02-06 14:40:20 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007-03-14 15:10:08 | 000,065,894 | ---- | M] () -- C:\playground.log
[2006-11-27 10:46:50 | 000,001,089 | ---- | M] () -- C:\PortfolioCenter Relationship Manager.LNK
[2010-07-01 09:29:12 | 000,000,375 | ---- | M] () -- C:\rkill.log
[2011-03-02 16:53:46 | 000,000,268 | ---- | M] () -- C:\sqmdata00.sqm
[2011-03-04 13:13:43 | 000,000,268 | ---- | M] () -- C:\sqmdata01.sqm
[2011-03-07 17:07:19 | 000,000,268 | ---- | M] () -- C:\sqmdata02.sqm
[2011-03-07 17:30:52 | 000,000,268 | ---- | M] () -- C:\sqmdata03.sqm
[2011-03-07 17:42:21 | 000,000,268 | ---- | M] () -- C:\sqmdata04.sqm
[2011-03-09 16:42:16 | 000,000,268 | ---- | M] () -- C:\sqmdata05.sqm
[2011-09-07 12:30:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2011-12-13 12:57:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2011-12-22 11:18:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2011-12-28 13:36:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2011-03-02 16:53:46 | 000,000,244 | ---- | M] () -- C:\sqmnoopt00.sqm
[2011-03-04 13:13:43 | 000,000,244 | ---- | M] () -- C:\sqmnoopt01.sqm
[2011-03-07 17:07:19 | 000,000,244 | ---- | M] () -- C:\sqmnoopt02.sqm
[2011-03-07 17:30:52 | 000,000,244 | ---- | M] () -- C:\sqmnoopt03.sqm
[2011-03-07 17:42:21 | 000,000,244 | ---- | M] () -- C:\sqmnoopt04.sqm
[2011-03-09 16:42:16 | 000,000,244 | ---- | M] () -- C:\sqmnoopt05.sqm
[2011-09-07 12:30:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2011-12-13 12:57:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2011-12-22 11:18:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2011-12-28 13:36:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2005-10-31 10:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2006-03-07 08:07:29 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2008-07-30 09:54:21 | 001,981,268 | ---- | M] () -- C:\t3_us_standard.zip
[2012-02-06 14:39:06 | 000,067,820 | ---- | M] () -- C:\TDSSKiller.2.7.9.0_06.02.2012_14.37.18_log.txt
[2008-06-06 10:17:40 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2008-07-30 18:31:13 | 003,188,440 | ---- | M] (ParetoLogic Inc.) -- C:\XoftSpySE_Setup_RW.exe

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004-08-11 18:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006-09-18 00:57:22 | 000,019,456 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DELS1pc.dll
[2008-07-06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009-10-01 13:30:14 | 000,047,416 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
[2004-03-22 15:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006-10-26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008-07-06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011-01-13 03:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004-08-11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004-08-11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004-08-11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2004-08-11 18:20:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012-02-03 15:51:45 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Rick Picon\Desktop\aswMBR.exe
[2011-10-04 13:27:15 | 242,743,296 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Rick Picon\Desktop\dotnetfx35.exe
[2012-02-03 13:23:37 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\hic3f4fy.exe
[2009-07-07 14:18:01 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Rick Picon\Desktop\HiJackThis.exe
[2012-02-06 12:59:02 | 000,303,059 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\ListParts.exe
[2012-02-07 12:46:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick Picon\Desktop\OTL.exe
[2012-02-06 13:52:58 | 004,397,604 | R--- | M] (Swearware) -- C:\Documents and Settings\Rick Picon\Desktop\rpicon.exe
[2011-09-14 10:21:09 | 021,641,336 | ---- | M] (salesforce.com) -- C:\Documents and Settings\Rick Picon\Desktop\SalesforceForOutlook.exe
[2012-02-06 14:36:54 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Rick Picon\Desktop\tdsskiller.exe
[2011-06-09 09:32:30 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\unhide.exe
[2011-03-09 11:51:01 | 117,051,408 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\w_turbotax_1040_hab_2010.110.0100.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2011-04-01 09:31:08 | 008,145,350 | ---- | M] (FrostWire Team) -- C:\Documents and Settings\Rick Picon\My Documents\frostwire-4.21.5.windows.exe

< %USERPROFILE%\*.exe >
[2007-11-02 11:50:05 | 000,630,784 | ---- | M] (Citrix Online) -- C:\Documents and Settings\Rick Picon\GoToAssist_chat2way__320_en.exe
[2010-03-11 11:35:33 | 001,063,320 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Rick Picon\gotomypc_533.exe

< %systemroot%\ADDINS\*.* >
[2004-08-04 06:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006-03-31 12:55:15 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Rick Picon\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009-12-08 18:29:03 | 000,002,412 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011-03-09 13:26:01 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Rick Picon\Cookies\desktop.ini
[2012-02-07 12:46:03 | 002,129,920 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2006-11-01 18:31:34 | 000,315,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004-08-04 06:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004-08-04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004-08-04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2004-08-04 02:06:34 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2004-08-04 02:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004-10-13 11:24:37 | 001,694,208 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004-08-04 02:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004-08-04 02:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004-08-04 02:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004-08-04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004-08-04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP282699C

< End of report >

 

OTL Extras logfile created on: 2012-02-07 12:49:12 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Rick Picon\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.05% Memory free
3.85 Gb Paging File | 3.19 Gb Available in Paging File | 83.03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 35.03 Gb Free Space | 32.26% Space Free | Partition Type: NTFS
Drive D: | 36.96 Gb Total Space | 6.03 Gb Free Space | 16.33% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 916.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive P: | 136.02 Gb Total Space | 43.80 Gb Free Space | 32.20% Space Free | Partition Type: NTFS
Drive T: | 136.02 Gb Total Space | 43.80 Gb Free Space | 32.20% Space Free | Partition Type: NTFS

Computer Name: GLB-RPICON-02 | User Name: rpicon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3500089258-3802542852-2463999137-1115\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3393:TCP" = 3393:TCP:*:Enabled:RDP
"135:TCP" = 135:TCP:*:EnabledCOM
"17450:TCP" = 17450:TCP:*:Enabled:BitComet 17450 TCP
"17450:UDP" = 17450:UDP:*:Enabled:BitComet 17450 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:EnabledCOM
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009
"3393:TCP" = 3393:TCP:*:Enabled:RD-Rick
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Network Assistant\Nassi.exe" = C:\Program Files\Network Assistant\Nassi.exe:*:Enabled:Network Assistant (Nassi) -- (Gracebyte Software)
"C:\Program Files\Schwab Performance Technologies\PortfolioCenter\SPTServer.exe" = C:\Program Files\Schwab Performance Technologies\PortfolioCenter\SPTServer.exe:*:Enabled:SPTServer.exe -- (Schwab Performance Technologies)
"C:\Program Files\Schwab Performance Technologies\PortfolioCenter\PortfolioCenter.exe" = C:\Program Files\Schwab Performance Technologies\PortfolioCenter\PortfolioCenter.exe:*:EnabledortfolioCenter -- (Schwab Performance Technologies, Inc.,)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\SkillGround\Games\UTG\Main.exe" = C:\Program Files\SkillGround\Games\UTG\Main.exe:*:Enabled:UTG -- ()
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\AVG\AVG10\avgam.exe" = C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert manager
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabledersonal E-mail Scanner
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNetisabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)
"C:\Documents and Settings\Rick Picon\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Rick Picon\Application Data\Dropbox\bin\Dropbox.exe:*:Enabledropbox -- (Dropbox, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1144767884\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1144767884\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1144767884\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1144767884\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
"C:\Program Files\Network Assistant\Nassi.exe" = C:\Program Files\Network Assistant\Nassi.exe:*:Enabled:Network Assistant (Nassi) -- (Gracebyte Software)
"C:\Program Files\Schwab Performance Technologies\PortfolioCenter\SPTServer.exe" = C:\Program Files\Schwab Performance Technologies\PortfolioCenter\SPTServer.exe:*:Enabled:SPTServer.exe -- (Schwab Performance Technologies)
"C:\Program Files\Schwab Performance Technologies\PortfolioCenter\PortfolioCenter.exe" = C:\Program Files\Schwab Performance Technologies\PortfolioCenter\PortfolioCenter.exe:*:EnabledortfolioCenter -- (Schwab Performance Technologies, Inc.,)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (Intuit, Inc.)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Xolox\mldonkey\mlnet.exe" = C:\Program Files\Xolox\mldonkey\mlnet.exe:*:Enabled:MLdonkey - multiuser P2P daemon -- ()
"C:\Program Files\Xolox\XoloxEXE.exe" = C:\Program Files\Xolox\XoloxEXE.exe:*:Enabled:Xolox -- (Streamcast)
"C:\Program Files\AIM\AIM Pro\aimpro.exe" = C:\Program Files\AIM\AIM Pro\aimpro.exe:*:Enabled:AIM Pro -- (WebEx)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{0E81279D-CC2B-4FE6-B103-8A1B948AFED2}" = PortfolioCenter
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 26
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3592F5CB-B524-43AA-92F2-2377268199CC}" = iTunes
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3ACF7A26-1743-4A84-85F1-2450B35925E4}" = Classic Menu for Office
"{3D8EB268-2B1D-48E7-8BA3-59A20545E459}" = RSSRadio
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{41FEB4A2-7BD2-4D2A-A260-8E8C0E78850C}" = Salesforce for Outlook
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{47D0C5E6-9FBA-49DB-8F88-BFAA5BA38646}" = Microsoft Math Add-in for Word 2007
"{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel(R) PROSet for Wired Connections
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A847475-157F-45AD-9919-CD40D344B8B1}" = QBFC3.0
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{67E158AF-8856-4337-B483-EA21930786AF}" = GameTap
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69B02159-7622-4DBB-B9EE-F933039830AD}" = QuickBooks Pro 2006
"{6C2ADBE2-429C-42CA-AA13-9557EFF62D0B}" = PortfolioCenter Management Console
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{812A8682-4387-11D7-B10D-0001022C9950}" = TD AMERITRADE Statements/Confirmations Manager
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8921F70E-C2D6-4FEB-8BD5-EFB1F862BC2B}" = LogMeIn
"{8984E374-6C93-427C-A3B9-AD92472FDCA0}" = Windows Live Sign-in Assistant
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{17591192-46BD-4038-8D12-4B2B8CAFAC27}" =
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{901C0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AF17B317-2255-450F-8D01-8FFDB68EFD30}" = AirSet Desktop Sync
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB830F9E-53B3-492F-B39C-2DF615D1C9E1}" = TurboTax 2010 wvaiper
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D3A04D2F-28C4-4D9C-8487-DAB75992AE09}" = AIM Pro
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Google
"{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}" = KhalSetup
"{F1486DE6-CC2E-48C0-AD20-C2C142FA1636}" = APC PowerChute Personal Edition 3.0
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0
"{FCAB7B54-ED8D-4D6D-A5FA-F7A21F3B2176}" = Relationship Manager
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"avast5" = avast! Free Antivirus
"BearShare" = BearShare
"CCleaner" = CCleaner
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DivX Content Uploader" = DivX Content Uploader
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Google Calendar Sync" = Google Calendar Sync
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0E81279D-CC2B-4FE6-B103-8A1B948AFED2}" = PortfolioCenter
"InstallShield_{6C2ADBE2-429C-42CA-AA13-9557EFF62D0B}" = PortfolioCenter Management Console
"InstallShield_{FCAB7B54-ED8D-4D6D-A5FA-F7A21F3B2176}" = Relationship Manager
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox (3.6.26)" = Mozilla Firefox (3.6.26)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network Assistant_is1" = Network Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Plaxo" = Plaxo Toolbar for Windows
"PokerStars.net" = PokerStars.net
"PROR" = Microsoft Office Professional 2007
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"SkillGround" = SkillGround Game Manager
"ST6UNST #1" = RetCalc 2.0
"Total Access Memo 2003 Runtime" = Total Access Memo 2003 Runtime
"TurboTax 2010" = TurboTax 2010
"UnHackMe_is1" = UnHackMe 5.00 release
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.2
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3500089258-3802542852-2463999137-1115\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2012-02-02 06:49:29 | Computer Name = GLB-RPICON-02 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 2012-02-02 08:41:30 | Computer Name = GLB-RPICON-02 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 2012-02-02 10:38:30 | Computer Name = GLB-RPICON-02 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 2012-02-02 12:26:30 | Computer Name = GLB-RPICON-02 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 2012-02-02 14:06:30 | Computer Name = GLB-RPICON-02 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 2012-02-02 15:52:30 | Computer Name = GLB-RPICON-02 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 2012-02-02 17:02:24 | Computer Name = GLB-RPICON-02 | Source = Application Error | ID = 1000
Description = Faulting application acrobat.exe, version 8.1.0.137, faulting module
icuuc34.dll, version 3.4.0.0, fault address 0x0000eba3.

Error - 2012-02-02 17:44:30 | Computer Name = GLB-RPICON-02 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 2012-02-02 18:39:07 | Computer Name = GLB-RPICON-02 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

Error - 2012-02-06 16:26:20 | Computer Name = GLB-RPICON-02 | Source = Application Error | ID = 1000
Description = Faulting application aswmbr.exe, version 0.9.9.1532, faulting module
aswmbr.exe, version 0.9.9.1532, fault address 0x00005496.

[ OSession Events ]
Error - 2011-01-19 14:46:48 | Computer Name = GLB-RPICON-02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 77410
seconds with 1680 seconds of active time. This session ended with a crash.

Error - 2011-01-19 15:25:50 | Computer Name = GLB-RPICON-02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2334
seconds with 60 seconds of active time. This session ended with a crash.

Error - 2011-01-19 15:31:35 | Computer Name = GLB-RPICON-02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 338
seconds with 60 seconds of active time. This session ended with a crash.

Error - 2011-03-29 23:33:33 | Computer Name = GLB-RPICON-02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 131167
seconds with 6900 seconds of active time. This session ended with a crash.

Error - 2011-04-14 23:25:00 | Computer Name = GLB-RPICON-02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 218863
seconds with 6840 seconds of active time. This session ended with a crash.

Error - 2011-04-29 12:46:20 | Computer Name = GLB-RPICON-02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1208222
seconds with 7320 seconds of active time. This session ended with a crash.

Error - 2011-07-13 16:56:32 | Computer Name = GLB-RPICON-02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 192501
seconds with 3420 seconds of active time. This session ended with a crash.

Error - 2011-07-27 11:32:11 | Computer Name = GLB-RPICON-02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1040291
seconds with 16560 seconds of active time. This session ended with a crash.

Error - 2011-08-29 17:05:21 | Computer Name = GLB-RPICON-02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9718
seconds with 120 seconds of active time. This session ended with a crash.

Error - 2011-08-30 23:52:37 | Computer Name = GLB-RPICON-02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 382577
seconds with 7260 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2012-02-06 13:05:31 | Computer Name = GLB-RPICON-02 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 2012-02-06 13:05:46 | Computer Name = GLB-RPICON-02 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 88e922d1, parameter3
b982da58, parameter4 00000000.

Error - 2012-02-06 14:20:49 | Computer Name = GLB-RPICON-02 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 2012-02-06 14:21:14 | Computer Name = GLB-RPICON-02 | Source = System Error | ID = 1003
Description = Error code 00000006, parameter1 00000000, parameter2 00000000, parameter3
00000000, parameter4 00000000.

Error - 2012-02-06 14:47:32 | Computer Name = GLB-RPICON-02 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 2012-02-06 14:47:49 | Computer Name = GLB-RPICON-02 | Source = System Error | ID = 1003
Description = Error code 00000006, parameter1 00000000, parameter2 00000000, parameter3
00000000, parameter4 00000000.

Error - 2012-02-06 14:50:38 | Computer Name = GLB-RPICON-02 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 2012-02-06 14:51:01 | Computer Name = GLB-RPICON-02 | Source = System Error | ID = 1003
Description = Error code 00000006, parameter1 00000000, parameter2 00000000, parameter3
00000000, parameter4 00000000.

Error - 2012-02-06 15:42:01 | Computer Name = GLB-RPICON-02 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 2012-02-06 16:26:14 | Computer Name = GLB-RPICON-02 | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .


< End of report >

 

All processes killed
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Code: > in the current context!
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Documents and Settings\All Users\Application Data\163B folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP282699C deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Copy of Rick Picon

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: dfederman
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: pwalsh
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Rick Picon
->Temp folder emptied: 168695 bytes
->Temporary Internet Files folder emptied: 77366409 bytes
->Java cache emptied: 37540254 bytes
->FireFox cache emptied: 113037158 bytes
->Google Chrome cache emptied: 37889061 bytes
->Flash cache emptied: 4067513 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 98304 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1206 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34999 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 258.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Copy of Rick Picon

User: Default User

User: dfederman
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Java cache emptied: 0 bytes

User: pwalsh

User: Rick Picon
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Copy of Rick Picon

User: Default User

User: dfederman
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: pwalsh
->Flash cache emptied: 0 bytes

User: Rick Picon
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02072012_132555

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Rick Picon\Local Settings\Temp\tmp11D.tmp not found!
File\Folder C:\Documents and Settings\Rick Picon\Local Settings\Temp\~DF7FE8.tmp not found!
File\Folder C:\Documents and Settings\Rick Picon\Local Settings\Temp\~DFBE9C.tmp not found!
C:\Documents and Settings\Rick Picon\Local Settings\Temporary Internet Files\Content.Word\~WRS{831F9B3F-EA7F-4BFC-A6F7-63FEE02743BD}.tmp moved successfully.
C:\Documents and Settings\Rick Picon\Local Settings\Temporary Internet Files\Content.Word\~WRS{A53B735E-A0E3-490B-805B-41179EB3791C}.tmp moved successfully.
C:\Documents and Settings\Rick Picon\Local Settings\Temporary Internet Files\Content.Word\~WRS{D8CA11AB-D50D-4186-98D6-E874931631E3}.tmp moved successfully.
C:\Documents and Settings\Rick Picon\Local Settings\Temporary Internet Files\Content.Word\~WRS{E50DBF38-53B4-4F2E-88CE-49E9CDBFB81E}.tmp moved successfully.
C:\Documents and Settings\Rick Picon\Local Settings\Temporary Internet Files\Content.Word\~WRS{F29D3E4E-EC90-4E42-8612-C9B903649E98}.tmp moved successfully.
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

 

Java update and removal completed..

 

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
avast! Free Antivirus
ESET Online Scanner v3
Antivirus out of date!
```````````````````````````````
Anti-malware/Other Utilities Check:
SUPERAntiSpyware Free Edition
Secunia PSI (2.0.0.3003)
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 30
Adobe Flash Player ( 10.3.183.11) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
``````````End of Log````````````

 

Farbar Service Scanner Version: 05-02-2012
Ran by rpicon (administrator) on 07-02-2012 at 13:50:20
Running from "C:\Documents and Settings\Rick Picon\Desktop "
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall "=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall "=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2004-08-11 18:00] - [2006-05-19 07:59] - 0111616 ____A (Microsoft Corporation) EF545E1A4B043DA4C84E230DD471C55F

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-11 18:00] - [2004-08-04 06:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-11 18:00] - [2006-04-20 07:18] - 0360576 ____A (Microsoft Corporation) B2220C618B42A2212A59D91EBD6FC4B4

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-11 18:00] - [2004-08-04 06:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-11 18:00] - [2004-08-04 06:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-11 18:00] - [2004-08-04 06:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2004-08-11 18:00] - [2005-08-22 13:29] - 0197632 ____A (Microsoft Corporation) 36739B39267914BA69AD0610A0299732

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-11 18:11] - [2004-08-04 06:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2004-08-11 18:12] - [2004-08-04 06:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2004-08-11 18:12] - [2004-08-04 06:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2004-08-11 18:00] - [2004-08-04 06:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-11 18:11] - [2004-08-04 06:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2004-08-11 18:12] - [2004-08-04 06:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2004-08-11 18:12] - [2004-08-04 06:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2004-08-11 18:00] - [2005-07-25 23:39] - 0243200 ____A (Microsoft Corporation) 34BBD9ACC1538818F2C878898C64E793

C:\WINDOWS\system32\cryptsvc.dll
[2004-08-11 18:00] - [2004-08-04 06:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2004-08-11 18:00] - [2004-08-04 06:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2004-08-11 18:00] - [2005-07-25 23:39] - 0397824 ____A (Microsoft Corporation) CE94A2BD25E3E9F4D46A7373FF455C6D

C:\WINDOWS\system32\services.exe
[2004-08-11 18:00] - [2004-08-04 06:00] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4


Extra List:
=======
aswTdi(12) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0C000000040000000100000002000000030000000C000000090000000A0000000B00000005000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

 

C:\Documents and Settings\Rick Picon\Desktop\New Folder\STUFF\Alcohol_120_1.9.5.4327_Incl_Activator\Alcohol_120_1.9.5.4327_Incl_Activator.zip probably a variant of Win32/Agent.IENOFKM trojan

 

All processes killed
Error: Unable to interpret <Code: > in the current context!
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Copy of Rick Picon

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: dfederman
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: pwalsh
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Rick Picon
->Temp folder emptied: 945399701 bytes
->Temporary Internet Files folder emptied: 52886681 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 832 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2036 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 518888 bytes

Total Files Cleaned = 953.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Copy of Rick Picon

User: Default User

User: dfederman
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: pwalsh
->Flash cache emptied: 0 bytes

User: Rick Picon
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Copy of Rick Picon

User: Default User

User: dfederman
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Java cache emptied: 0 bytes

User: pwalsh

User: Rick Picon
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 02082012_125317

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Rick Picon\Local Settings\Temp\tmp2D3.tmp not found!
File\Folder C:\Documents and Settings\Rick Picon\Local Settings\Temp\tmpA08B.tmp not found!
File\Folder C:\Documents and Settings\Rick Picon\Local Settings\Temp\tmpA096.tmp not found!
C:\Documents and Settings\Rick Picon\Local Settings\Temp\WCESLog.log moved successfully.
File\Folder C:\Documents and Settings\Rick Picon\Local Settings\Temp\~DF38B7.tmp not found!
File\Folder C:\Documents and Settings\Rick Picon\Local Settings\Temp\~DF4A1A.tmp not found!
File\Folder C:\Documents and Settings\Rick Picon\Local Settings\Temp\~DF9212.tmp not found!
File\Folder C:\Documents and Settings\Rick Picon\Local Settings\Temporary Internet Files\Content.Word\~WRS{299ED622-C524-48F1-BB95-2D01A4AD509A}.tmp not found!
File\Folder C:\Documents and Settings\Rick Picon\Local Settings\Temporary Internet Files\Content.Word\~WRS{2D25C7BC-F130-432E-A492-2438FC86A93E}.tmp not found!
C:\Documents and Settings\Rick Picon\Local Settings\Temporary Internet Files\Content.Word\~WRS{415DF5F4-B101-43DC-B4F7-4B1ED02475A8}.tmp moved successfully.
C:\Documents and Settings\Rick Picon\Local Settings\Temporary Internet Files\Content.Word\~WRS{5F5C565F-1DF4-400B-AE7E-749F6955C456}.tmp moved successfully.
File\Folder C:\Documents and Settings\Rick Picon\Local Settings\Temporary Internet Files\Content.Word\~WRS{60099696-B54F-4FF3-8D49-AF806A992CED}.tmp not found!
C:\Documents and Settings\Rick Picon\Local Settings\Temporary Internet Files\Content.Word\~WRS{63564A29-2A62-47DC-A45B-16B26AE6BB69}.tmp moved successfully.
C:\Documents and Settings\Rick Picon\Local Settings\Temporary Internet Files\Content.Word\~WRS{7C43CBD2-79D5-4796-AD01-8AB80EA72919}.tmp moved successfully.
File\Folder C:\Documents and Settings\Rick Picon\Local Settings\Temporary Internet Files\Content.Word\~WRS{CE2630FE-0B2F-4360-B7C0-10E41503644F}.tmp not found!
C:\Documents and Settings\Rick Picon\Local Settings\Temporary Internet Files\Content.IE5\T8TXJ43Y\like[1].htm moved successfully.
C:\Documents and Settings\Rick Picon\Local Settings\Temporary Internet Files\Content.IE5\K6V9R124\101782-active-blue-screen-virus-3[1].html moved successfully.
C:\Documents and Settings\Rick Picon\Local Settings\Temporary Internet Files\Content.IE5\K6V9R124\aih[1].htm moved successfully.
C:\Documents and Settings\Rick Picon\Local Settings\Temporary Internet Files\Content.IE5\GLD16KBJ\fastbutton[1].htm moved successfully.
C:\Documents and Settings\Rick Picon\Local Settings\Temporary Internet Files\Content.IE5\GLD16KBJ\style-nurse[1].htc moved successfully.
C:\Documents and Settings\Rick Picon\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...