1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Cant Boot up

Discussion in 'Malware and Virus Removal Archive' started by dave1234, 2012/05/13.

Page 2 of 2
  1. 2012/05/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yes, but when you run system restore some infection comes back.
    There was also one item which Combofix didn't remove
     
    broni,
    #21
  2. 2012/05/16
    dave1234

    dave1234 Well-Known Member Thread Starter

    Joined:
    2002/12/21
    Messages:
    196
    Likes Received:
    0
    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.16.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    David Peters :: D124YR81 [administrator]

    5/15/2012 10:11:04 PM
    mbam-log-2012-05-15 (22-11-04).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 293249
    Time elapsed: 1 hour(s), 35 minute(s), 36 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-05-16 22:14:55
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e Maxtor_6L080M0 rev.BANC1G10
    Running: nc9yegl7.exe; Driver: C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\ffdyapod.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF7282000, 0x29C9F0, 0xE8000020]
    ? C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00F62BC8] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
    IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!UnhandledExceptionFilter] [00F62CE9] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
    IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] [00F62CB8] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)

    ---- Devices - GMER 1.0.15 ----

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\$NtUninstallKB54225$\3160174477 0 bytes
    File C:\WINDOWS\$NtUninstallKB54225$\3160174477\cfg.ini 170 bytes
    File C:\WINDOWS\$NtUninstallKB54225$\3160174477\L 0 bytes
    File C:\WINDOWS\$NtUninstallKB54225$\3160174477\U 0 bytes
    File C:\WINDOWS\$NtUninstallKB54225$\3199066309 0 bytes

    ---- EOF - GMER 1.0.15 ----


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-05-16 20:19:36
    -----------------------------
    20:19:36.046 OS Version: Windows 5.1.2600 Service Pack 3
    20:19:36.046 Number of processors: 2 586 0x403
    20:19:36.046 ComputerName: D124YR81 UserName:
    20:19:37.343 Initialize success
    20:20:54.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
    20:20:54.531 Disk 0 Vendor: Maxtor_6L080M0 BANC1G10 Size: 76293MB BusType: 3
    20:20:54.562 Disk 0 MBR read successfully
    20:20:54.578 Disk 0 MBR scan
    20:20:54.578 Disk 0 unknown MBR code
    20:20:54.578 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    20:20:54.593 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 73171 MB offset 80325
    20:20:54.625 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 149934645
    20:20:54.640 Disk 0 scanning sectors +156232125
    20:20:54.750 Disk 0 scanning C:\WINDOWS\system32\drivers
    20:21:03.781 Service scanning
    20:21:11.187 Service MpKsle3d59983 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D5F26976-A1B5-4557-9EAB-07FB2587EC50}\MpKsle3d59983.sys **LOCKED** 32
    20:21:18.046 Modules scanning
    20:21:24.406 Disk 0 trace - called modules:
    20:21:24.437 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
    20:21:24.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82d75ab8]
    20:21:24.453 3 CLASSPNP.SYS[f85a7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x82d68d98]
    20:21:24.468 Scan finished successfully
    20:22:19.171 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\David Peters\Desktop\MBR.dat "
    20:22:19.187 The log file has been saved successfully to "C:\Documents and Settings\David Peters\Desktop\aswMBR5-16.txt "


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
    Run by David Peters at 22:17:02 on 2012-05-16
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.60 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe "
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{1ce60928-8325-49a8-8b06-633e48dd2b67}\Icon3E5562ED7.ico
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio2/downloads/sysinfo.cab
    DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.photogize.com/bponet/PhotogizeImageUploader4.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {BB28FF6E-2BF3-4897-9931-7CDFFAF09670} - hxxp://192.168.2.125:81/cgi-bin/design/html_template/WebACS.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{AA2EA78A-45E4-40BB-8533-75631664F7D4} : DhcpNameServer = 192.168.2.1
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\david peters\application data\mozilla\firefox\profiles\xf6fq6m9.default\
    FF - prefs.js: browser.startup.homepage - hxxps://webtop.webmail.optimum.net/cerulean/
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\view22\version 3.10.50\NPView22.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 171064]
    R1 MpKsle3d59983;MpKsle3d59983;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d5f26976-a1b5-4557-9eab-07fb2587ec50}\MpKsle3d59983.sys [2012-5-16 29904]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-4 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 74480]
    R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2011-1-11 24876]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S2 gupdate1c9c3951be7f6a0;Google Update Service (gupdate1c9c3951be7f6a0);c:\program files\google\update\GoogleUpdate.exe [2009-4-22 133104]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-23 257696]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-22 133104]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 7408]
    S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]
    .
    =============== Created Last 30 ================
    .
    2012-05-16 09:54:05 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d5f26976-a1b5-4557-9eab-07fb2587ec50}\MpKsle3d59983.sys
    2012-05-16 09:53:53 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d5f26976-a1b5-4557-9eab-07fb2587ec50}\offreg.dll
    2012-05-15 23:32:07 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d5f26976-a1b5-4557-9eab-07fb2587ec50}\mpengine.dll
    2012-05-15 23:22:35 6734704 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-05-15 23:17:25 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-05-15 23:17:25 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-05-15 23:16:14 -------- d-s---w- C:\ComboFix
    2012-05-15 22:07:44 237568 ----a-w- c:\windows\system32\atiadlxx(2).dll
    2012-05-15 22:07:13 -------- d-----w- c:\program files\ATI Technologies(2)
    2012-05-15 22:07:06 -------- d-----w- c:\program files\ATI
    2012-05-09 03:08:24 -------- d-----w- c:\documents and settings\david peters\local settings\application data\ATI
    2012-05-09 03:03:24 -------- d-----w- c:\program files\common files\ATI Technologies
    2012-05-09 02:53:45 -------- d-----w- C:\AMD
    2012-05-09 01:35:59 -------- d-sh--w- C:\RECYCLER(2)
    2012-05-09 00:49:19 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-05-09 00:30:07 50704 ----a-w- c:\windows\system32\drivers\npf.sys
    2012-05-09 00:30:05 281104 ----a-w- c:\windows\system32\wpcap.dll
    2012-05-09 00:29:53 100880 ----a-w- c:\windows\system32\Packet.dll
    2012-05-09 00:12:04 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-05-05 23:49:52 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-05-05 23:49:41 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
    2012-05-05 23:49:41 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
    2012-04-23 09:18:19 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    .
    ==================== Find3M ====================
    .
    2012-05-05 00:33:36 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-11 13:14:41 2148352 ------w- c:\windows\system32\ntoskrnl.exe
    2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
    2012-04-11 12:35:51 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
    2012-04-06 02:59:14 192512 ----a-w- c:\windows\system32\ati2evxx(2).dll
    2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-23 00:12:10 1734 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2012-03-21 00:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
    2004-08-04 11:00:00 94784 -csh--w- c:\windows\twain.dll
    2008-04-14 00:12:07 50688 -csh--w- c:\windows\twain_32.dll
    2011-02-08 13:33:55 978944 --sha-w- c:\windows\system32\mfc42.dll
    2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
    2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll
    2010-12-20 17:32:15 551936 --sh--w- c:\windows\system32\oleaut32.dll
    2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe
    .
    ============= FINISH: 22:18:15.00 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/14/2005 10:50:12 AM
    System Uptime: 5/16/2012 5:50:46 AM (17 hours ago)
    .
    Motherboard: Dell Inc. | | 0RD203
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 71 GiB total, 46.228 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Cisco Systems VPN Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter
    PNP Device ID: ROOT\NET\0000
    Service: CVirtA
    .
    ==== System Restore Points ===================
    .
    RP1: 3/31/2012 10:37:15 AM - Removed Java(TM) 6 Update 18
    RP2: 3/31/2012 10:37:26 AM - Software Distribution Service 3.0
    RP3: 4/1/2012 1:33:55 PM - System Checkpoint
    RP4: 4/2/2012 5:52:53 AM - Software Distribution Service 3.0
    RP5: 4/3/2012 8:26:55 AM - System Checkpoint
    RP6: 4/4/2012 5:52:01 AM - Software Distribution Service 3.0
    RP7: 4/5/2012 5:55:20 AM - Software Distribution Service 3.0
    RP8: 4/6/2012 8:35:22 AM - System Checkpoint
    RP9: 4/6/2012 3:57:42 PM - Software Distribution Service 3.0
    RP10: 4/7/2012 4:57:25 PM - System Checkpoint
    RP11: 4/8/2012 5:08:40 AM - Software Distribution Service 3.0
    RP12: 4/9/2012 5:35:40 AM - Software Distribution Service 3.0
    RP13: 4/10/2012 6:38:00 AM - System Checkpoint
    RP14: 4/10/2012 7:19:15 PM - Software Distribution Service 3.0
    RP15: 4/11/2012 8:10:37 PM - System Checkpoint
    RP16: 4/12/2012 3:00:18 AM - Software Distribution Service 3.0
    RP17: 4/12/2012 6:07:09 AM - Software Distribution Service 3.0
    RP18: 4/12/2012 8:48:35 AM - Software Distribution Service 3.0
    RP19: 4/13/2012 7:52:12 PM - Software Distribution Service 3.0
    RP20: 4/14/2012 8:01:49 PM - System Checkpoint
    RP21: 4/14/2012 10:14:41 PM - Software Distribution Service 3.0
    RP22: 4/15/2012 5:50:55 AM - Software Distribution Service 3.0
    RP23: 4/15/2012 6:38:43 AM - Software Distribution Service 3.0
    RP24: 4/16/2012 8:13:24 AM - System Checkpoint
    RP25: 4/16/2012 7:58:19 PM - Software Distribution Service 3.0
    RP26: 4/16/2012 11:05:41 PM - Removed Java(TM) 6 Update 18
    RP27: 4/18/2012 5:08:19 AM - Software Distribution Service 3.0
    RP28: 4/19/2012 5:58:04 AM - Software Distribution Service 3.0
    RP29: 4/20/2012 8:00:50 AM - System Checkpoint
    RP30: 4/21/2012 5:10:48 AM - Software Distribution Service 3.0
    RP31: 4/21/2012 6:03:31 PM - Removed Java(TM) 6 Update 18
    RP32: 4/22/2012 5:31:56 AM - Software Distribution Service 3.0
    RP33: 4/23/2012 8:27:09 AM - System Checkpoint
    RP34: 4/24/2012 5:17:50 AM - Software Distribution Service 3.0
    RP35: 4/24/2012 10:37:22 PM - Software Distribution Service 3.0
    RP36: 4/26/2012 5:33:51 AM - Software Distribution Service 3.0
    RP37: 4/27/2012 5:42:55 AM - Software Distribution Service 3.0
    RP38: 4/28/2012 8:40:56 AM - Software Distribution Service 3.0
    RP39: 4/29/2012 9:02:42 AM - System Checkpoint
    RP40: 4/29/2012 3:18:58 PM - Software Distribution Service 3.0
    RP41: 4/30/2012 4:12:26 PM - System Checkpoint
    RP42: 5/1/2012 5:48:32 AM - Software Distribution Service 3.0
    RP43: 5/2/2012 8:47:53 AM - Software Distribution Service 3.0
    RP44: 5/3/2012 6:34:00 PM - Software Distribution Service 3.0
    RP45: 5/4/2012 7:28:46 PM - System Checkpoint
    RP46: 5/5/2012 5:22:35 AM - Software Distribution Service 3.0
    RP47: 5/6/2012 9:06:53 AM - System Checkpoint
    RP48: 5/7/2012 5:53:58 AM - Software Distribution Service 3.0
    RP49: 5/8/2012 8:10:22 AM - System Checkpoint
    RP50: 5/8/2012 7:08:47 PM - Software Distribution Service 3.0
    RP51: 5/8/2012 11:02:54 PM - Installed Microsoft Visual C++ 2005 Redistributable
    RP52: 5/8/2012 11:03:22 PM - Installed ATI AVIVO Codecs
    RP53: 5/8/2012 11:03:40 PM - Installed ATI Catalyst Control Center
    RP54: 5/8/2012 11:05:52 PM - Installed ATI Problem Report Wizard
    RP55: 5/12/2012 8:52:43 PM - System Checkpoint
    RP56: 5/15/2012 5:52:54 PM - System Checkpoint
    RP57: 5/15/2012 7:08:01 PM - Restore Operation
    RP58: 5/15/2012 7:29:46 PM - Software Distribution Service 3.0
    RP59: 5/16/2012 3:00:21 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    7-Zip 4.65
    Abacast Client
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader X
    AdsGone Popup Killer Spyware Blocker by A1Tech.com
    AOL Instant Messenger
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Panorama Maker 4
    BlackBerry Desktop Software 4.3
    Bonjour
    CCleaner
    Cisco Systems VPN Client 5.0.07.0410
    Coupon Printer for Windows
    Critical Update for Windows Media Player 11 (KB959772)
    Cucusoft iPod Movie/Video Converter 2.00
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Support Center (Support Software)
    Dell System Restore
    DellSupport
    Digital Content Portal
    DivX Setup
    DWACS 1.0.4.2
    ESET Online Scanner v3
    Google Earth
    Google Update Helper
    High Definition Audio Driver Package - KB835221
    HijackThis 1.99.1
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    hp deskjet 5550 series
    hp deskjet 5550 series (Remove only)
    HP Photo Imaging Software
    HP Photo Printing Software
    hp print screen utility
    HP Share-to-Web
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet for Wired Connections
    Internet Explorer Default Page
    iPod for Windows 2005-10-12
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Macromedia Flash Player
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox 11.0 (x86 en-US)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Musicmatch for Windows Media Player
    Musicmatch® Jukebox
    Nikon Message Center
    Nikon Transfer
    Options 360â„¢
    Photo Viewer 2.4
    PowerDVD 5.5
    Qualxserve Service Agreement
    Quick Startup 2.7.0.686
    QuickBooks Simple Start Special Edition
    QuickTime
    Roxio Media Manager
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SIW version 2010.07.14
    Sonic RecordNow Copy
    Sonic RecordNow Data
    SUPERAntiSpyware Free Edition
    thinkorswim from TD AMERITRADE
    Tracks Eraser Pro v7.0
    Uninstall 1.0.0.1
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC 9.0 Runtime
    VC80CRTRedist - 8.0.50727.6195
    View22
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebACS 1.0.0.19
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    WinZip Self-Extractor
    WordPerfect Office 12
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/16/2012 8:27:43 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
    5/15/2012 7:23:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
    5/15/2012 7:22:37 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 00123FB07423 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    5/15/2012 7:22:34 PM, error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070003 Error description: The system cannot find the path specified. Signature version: 1.125.1090.0;1.125.1090.0 Engine version: 1.1.8304.0
    5/15/2012 7:05:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    5/15/2012 7:05:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec Lbd MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL
    5/15/2012 7:05:23 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    5/15/2012 7:05:23 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    5/15/2012 6:52:43 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1435.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    5/15/2012 6:52:43 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1435.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    5/15/2012 6:52:43 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1435.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    5/15/2012 6:52:43 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1435.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    5/15/2012 6:52:42 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1435.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    5/15/2012 6:26:09 PM, error: Service Control Manager [7001] - The TCP/IP Protocol Driver service depends on the IPSEC driver service which failed to start because of the following error: The system cannot find the file specified.
    5/15/2012 6:26:09 PM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The dependency service or group failed to start.
    5/15/2012 6:26:09 PM, error: Service Control Manager [7000] - The IPSEC driver service failed to start due to the following error: The system cannot find the file specified.
    5/15/2012 6:26:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IPSec Lbd Tcpip
    5/15/2012 6:26:02 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.
    5/15/2012 6:26:02 PM, error: Service Control Manager [7023] - The Smwdm service terminated with the following error: The specified module could not be found.
    5/15/2012 6:26:02 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/15/2012 6:26:02 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/15/2012 6:26:02 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/15/2012 6:26:02 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/15/2012 6:26:02 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/15/2012 6:26:02 PM, error: Service Control Manager [7000] - The Cisco Systems Inc. IPSec Driver service failed to start due to the following error: The system cannot find the file specified.
    5/15/2012 6:26:02 PM, error: Service Control Manager [7000] - The ATI Smart service failed to start due to the following error: The system cannot find the file specified.
    5/15/2012 6:23:27 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
    5/15/2012 6:11:29 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1435.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    5/15/2012 6:11:29 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1435.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    5/15/2012 6:11:29 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1435.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    5/15/2012 6:11:29 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1435.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    5/15/2012 6:11:28 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1435.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    5/15/2012 6:03:39 PM, error: Service Control Manager [7000] - The Ati HotKey Poller service failed to start due to the following error: The system cannot find the file specified.
    5/15/2012 5:58:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    5/15/2012 5:57:21 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    5/15/2012 5:57:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
    5/15/2012 5:56:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    .
    ==== End Of File ===========================
     
    dave1234,
    #22


  3. to hide this advert.

  4. 2012/05/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    The infection (according to GMER log) is definitely back.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
    broni,
    #23
  5. 2012/05/17
    dave1234

    dave1234 Well-Known Member Thread Starter

    Joined:
    2002/12/21
    Messages:
    196
    Likes Received:
    0
    06:03:35.0156 2704 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
    06:03:35.0359 2704 ============================================================
    06:03:35.0359 2704 Current date / time: 2012/05/17 06:03:35.0359
    06:03:35.0359 2704 SystemInfo:
    06:03:35.0359 2704
    06:03:35.0359 2704 OS Version: 5.1.2600 ServicePack: 3.0
    06:03:35.0359 2704 Product type: Workstation
    06:03:35.0359 2704 ComputerName: D124YR81
    06:03:35.0359 2704 UserName: David Peters
    06:03:35.0359 2704 Windows directory: C:\WINDOWS
    06:03:35.0359 2704 System windows directory: C:\WINDOWS
    06:03:35.0359 2704 Processor architecture: Intel x86
    06:03:35.0359 2704 Number of processors: 2
    06:03:35.0359 2704 Page size: 0x1000
    06:03:35.0359 2704 Boot type: Normal boot
    06:03:35.0359 2704 ============================================================
    06:03:39.0031 2704 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    06:03:39.0296 2704 Drive \Device\Harddisk1\DR4 - Size: 0x790000000 (30.25 Gb), SectorSize: 0x200, Cylinders: 0xF6C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    06:03:39.0296 2704 ============================================================
    06:03:39.0296 2704 \Device\Harddisk0\DR0:
    06:03:39.0421 2704 MBR partitions:
    06:03:39.0421 2704 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8EE9870
    06:03:39.0421 2704 \Device\Harddisk1\DR4:
    06:03:39.0421 2704 MBR partitions:
    06:03:39.0421 2704 \Device\Harddisk1\DR4\Partition0: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x3C7F800
    06:03:39.0421 2704 ============================================================
    06:03:39.0640 2704 C: <-> \Device\Harddisk0\DR0\Partition0
    06:03:39.0640 2704 ============================================================
    06:03:39.0640 2704 Initialize success
    06:03:39.0640 2704 ============================================================
    06:04:10.0812 1516 ============================================================
    06:04:10.0812 1516 Scan started
    06:04:10.0812 1516 Mode: Manual;
    06:04:10.0812 1516 ============================================================
    06:04:11.0031 1516 Abiosdsk - ok
    06:04:11.0078 1516 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    06:04:11.0078 1516 abp480n5 - ok
    06:04:11.0125 1516 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    06:04:11.0140 1516 ACPI - ok
    06:04:11.0171 1516 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    06:04:11.0187 1516 ACPIEC - ok
    06:04:11.0312 1516 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    06:04:11.0328 1516 AdobeFlashPlayerUpdateSvc - ok
    06:04:11.0359 1516 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    06:04:11.0375 1516 adpu160m - ok
    06:04:11.0421 1516 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    06:04:11.0421 1516 aec - ok
    06:04:11.0468 1516 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    06:04:11.0484 1516 AFD - ok
    06:04:11.0531 1516 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    06:04:11.0531 1516 agp440 - ok
    06:04:11.0546 1516 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    06:04:11.0562 1516 agpCPQ - ok
    06:04:11.0578 1516 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    06:04:11.0578 1516 Aha154x - ok
    06:04:11.0593 1516 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    06:04:11.0609 1516 aic78u2 - ok
    06:04:11.0625 1516 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    06:04:11.0625 1516 aic78xx - ok
    06:04:11.0671 1516 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    06:04:11.0718 1516 Alerter - ok
    06:04:11.0765 1516 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    06:04:11.0765 1516 ALG - ok
    06:04:11.0812 1516 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    06:04:11.0812 1516 AliIde - ok
    06:04:11.0828 1516 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    06:04:11.0843 1516 alim1541 - ok
    06:04:11.0859 1516 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    06:04:11.0859 1516 amdagp - ok
    06:04:11.0875 1516 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    06:04:11.0890 1516 amsint - ok
    06:04:11.0984 1516 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    06:04:12.0000 1516 Apple Mobile Device - ok
    06:04:12.0000 1516 AppMgmt - ok
    06:04:12.0031 1516 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    06:04:12.0046 1516 asc - ok
    06:04:12.0062 1516 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    06:04:12.0062 1516 asc3350p - ok
    06:04:12.0078 1516 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    06:04:12.0093 1516 asc3550 - ok
    06:04:12.0218 1516 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    06:04:12.0296 1516 aspnet_state - ok
    06:04:12.0343 1516 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    06:04:12.0343 1516 AsyncMac - ok
    06:04:12.0375 1516 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    06:04:12.0375 1516 atapi - ok
    06:04:12.0390 1516 Atdisk - ok
    06:04:12.0453 1516 Ati HotKey Poller (281d26df656e53dab568214ee282ec46) C:\WINDOWS\system32\Ati2evxx.exe
    06:04:12.0937 1516 Ati HotKey Poller - ok
    06:04:13.0156 1516 ati2mtag (c2b6f2161abd498d2b453050ffc81812) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    06:04:14.0218 1516 ati2mtag - ok
    06:04:14.0296 1516 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
    06:04:14.0375 1516 AtiHdmiService - ok
    06:04:14.0421 1516 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    06:04:14.0437 1516 Atmarpc - ok
    06:04:14.0484 1516 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    06:04:14.0578 1516 AudioSrv - ok
    06:04:14.0609 1516 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    06:04:14.0609 1516 audstub - ok
    06:04:14.0718 1516 Autocomplete (6b2f566321d64b46822dee7a8cbe0f75) C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe
    06:04:14.0953 1516 Autocomplete - ok
    06:04:15.0000 1516 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    06:04:15.0000 1516 Beep - ok
    06:04:15.0062 1516 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    06:04:15.0109 1516 BITS - ok
    06:04:15.0171 1516 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    06:04:15.0187 1516 Bonjour Service - ok
    06:04:15.0234 1516 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    06:04:15.0250 1516 Browser - ok
    06:04:15.0406 1516 catchme - ok
    06:04:15.0421 1516 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    06:04:15.0421 1516 cbidf - ok
    06:04:15.0421 1516 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    06:04:15.0437 1516 cbidf2k - ok
    06:04:15.0437 1516 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    06:04:15.0437 1516 cd20xrnt - ok
    06:04:15.0453 1516 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    06:04:15.0484 1516 Cdaudio - ok
    06:04:15.0515 1516 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    06:04:15.0531 1516 Cdfs - ok
    06:04:15.0562 1516 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    06:04:15.0609 1516 Cdrom - ok
    06:04:15.0625 1516 Changer - ok
    06:04:15.0671 1516 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    06:04:15.0671 1516 CiSvc - ok
    06:04:15.0718 1516 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    06:04:15.0734 1516 ClipSrv - ok
    06:04:15.0875 1516 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    06:04:16.0062 1516 clr_optimization_v2.0.50727_32 - ok
    06:04:16.0156 1516 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    06:04:16.0187 1516 CmdIde - ok
    06:04:16.0187 1516 COMSysApp - ok
    06:04:16.0265 1516 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    06:04:16.0312 1516 Cpqarray - ok
    06:04:16.0437 1516 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    06:04:16.0453 1516 CryptSvc - ok
    06:04:16.0515 1516 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
    06:04:16.0546 1516 CVirtA - ok
    06:04:17.0000 1516 CVPND (30443eef52f5fb043654859eaa8e5247) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    06:04:17.0296 1516 CVPND - ok
    06:04:17.0406 1516 CVPNDRVA (cb90b2762b1a1d0b40496400c55b6ade) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
    06:04:17.0453 1516 CVPNDRVA - ok
    06:04:17.0500 1516 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    06:04:17.0500 1516 dac2w2k - ok
    06:04:17.0515 1516 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    06:04:17.0531 1516 dac960nt - ok
    06:04:17.0578 1516 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    06:04:17.0593 1516 DcomLaunch - ok
    06:04:17.0640 1516 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    06:04:17.0687 1516 Dhcp - ok
    06:04:17.0734 1516 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    06:04:17.0750 1516 Disk - ok
    06:04:17.0750 1516 dmadmin - ok
    06:04:17.0796 1516 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    06:04:17.0828 1516 dmboot - ok
    06:04:17.0859 1516 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    06:04:17.0859 1516 dmio - ok
    06:04:17.0890 1516 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    06:04:17.0890 1516 dmload - ok
    06:04:17.0937 1516 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    06:04:17.0937 1516 dmserver - ok
    06:04:17.0968 1516 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    06:04:17.0984 1516 DMusic - ok
    06:04:18.0031 1516 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
    06:04:18.0062 1516 DNE - ok
    06:04:18.0109 1516 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    06:04:18.0109 1516 Dnscache - ok
    06:04:18.0156 1516 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    06:04:18.0171 1516 Dot3svc - ok
    06:04:18.0187 1516 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    06:04:18.0203 1516 dpti2o - ok
    06:04:18.0250 1516 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    06:04:18.0250 1516 drmkaud - ok
    06:04:18.0390 1516 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
    06:04:18.0390 1516 DSBrokerService - ok
    06:04:18.0500 1516 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
    06:04:18.0500 1516 DSproct - ok
    06:04:18.0515 1516 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
    06:04:18.0531 1516 dsunidrv - ok
    06:04:18.0546 1516 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    06:04:18.0546 1516 E100B - ok
    06:04:18.0578 1516 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    06:04:18.0593 1516 EapHost - ok
    06:04:18.0609 1516 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    06:04:18.0625 1516 ERSvc - ok
    06:04:18.0718 1516 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    06:04:18.0718 1516 Eventlog - ok
    06:04:18.0750 1516 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    06:04:18.0781 1516 EventSystem - ok
    06:04:18.0828 1516 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    06:04:18.0843 1516 Fastfat - ok
    06:04:18.0890 1516 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    06:04:18.0906 1516 FastUserSwitchingCompatibility - ok
    06:04:18.0953 1516 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
    06:04:18.0968 1516 Fax - ok
    06:04:18.0984 1516 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    06:04:19.0000 1516 Fdc - ok
    06:04:19.0031 1516 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    06:04:19.0046 1516 Fips - ok
    06:04:19.0078 1516 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    06:04:19.0093 1516 Flpydisk - ok
    06:04:19.0125 1516 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    06:04:19.0140 1516 FltMgr - ok
    06:04:19.0281 1516 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    06:04:19.0296 1516 FontCache3.0.0.0 - ok
    06:04:19.0328 1516 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    06:04:19.0328 1516 Fs_Rec - ok
    06:04:19.0343 1516 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    06:04:19.0359 1516 Ftdisk - ok
    06:04:19.0390 1516 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    06:04:19.0406 1516 GEARAspiWDM - ok
    06:04:19.0453 1516 getPlusHelper - ok
    06:04:19.0500 1516 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    06:04:19.0515 1516 Gpc - ok
    06:04:19.0578 1516 gupdate1c9c3951be7f6a0 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
    06:04:19.0578 1516 gupdate1c9c3951be7f6a0 - ok
    06:04:19.0593 1516 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
    06:04:19.0593 1516 gupdatem - ok
    06:04:19.0671 1516 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    06:04:19.0687 1516 HDAudBus - ok
    06:04:19.0796 1516 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    06:04:19.0812 1516 helpsvc - ok
    06:04:19.0812 1516 HidServ - ok
    06:04:19.0828 1516 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    06:04:19.0843 1516 HidUsb - ok
    06:04:19.0906 1516 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    06:04:19.0921 1516 hkmsvc - ok
    06:04:19.0937 1516 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    06:04:19.0953 1516 hpn - ok
    06:04:20.0000 1516 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    06:04:20.0015 1516 HTTP - ok
    06:04:20.0046 1516 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    06:04:20.0062 1516 HTTPFilter - ok
    06:04:20.0109 1516 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    06:04:20.0125 1516 i2omgmt - ok
    06:04:20.0156 1516 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    06:04:20.0156 1516 i2omp - ok
    06:04:20.0171 1516 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    06:04:20.0203 1516 i8042prt - ok
    06:04:20.0265 1516 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    06:04:20.0343 1516 ialm - ok
    06:04:20.0359 1516 iastor - ok
    06:04:20.0500 1516 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    06:04:20.0500 1516 IDriverT - ok
    06:04:20.0640 1516 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    06:04:20.0687 1516 idsvc - ok
    06:04:20.0781 1516 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    06:04:20.0781 1516 Imapi - ok
    06:04:20.0875 1516 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
    06:04:20.0875 1516 ImapiService - ok
    06:04:20.0921 1516 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    06:04:20.0937 1516 ini910u - ok
    06:04:20.0953 1516 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    06:04:20.0953 1516 IntelIde - ok
    06:04:21.0000 1516 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    06:04:21.0000 1516 intelppm - ok
    06:04:21.0031 1516 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    06:04:21.0046 1516 Ip6Fw - ok
    06:04:21.0062 1516 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    06:04:21.0062 1516 IpFilterDriver - ok
    06:04:21.0078 1516 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    06:04:21.0093 1516 IpInIp - ok
    06:04:21.0125 1516 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    06:04:21.0140 1516 IpNat - ok
    06:04:21.0296 1516 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
    06:04:21.0328 1516 iPod Service - ok
    06:04:21.0375 1516 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    06:04:21.0437 1516 IPSec - ok
    06:04:21.0484 1516 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    06:04:21.0500 1516 IRENUM - ok
    06:04:21.0531 1516 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    06:04:21.0531 1516 isapnp - ok
    06:04:21.0625 1516 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
    06:04:21.0640 1516 JavaQuickStarterService - ok
    06:04:21.0687 1516 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    06:04:21.0703 1516 Kbdclass - ok
    06:04:21.0718 1516 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    06:04:21.0734 1516 kbdhid - ok
    06:04:21.0750 1516 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    06:04:21.0750 1516 kmixer - ok
    06:04:21.0781 1516 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    06:04:21.0812 1516 KSecDD - ok
    06:04:21.0859 1516 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    06:04:21.0875 1516 lanmanserver - ok
    06:04:21.0921 1516 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    06:04:22.0000 1516 lanmanworkstation - ok
    06:04:22.0000 1516 Lbd - ok
    06:04:22.0015 1516 lbrtfdc - ok
    06:04:22.0062 1516 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    06:04:22.0078 1516 LmHosts - ok
    06:04:22.0125 1516 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    06:04:22.0140 1516 Messenger - ok
    06:04:22.0156 1516 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    06:04:22.0156 1516 mnmdd - ok
    06:04:22.0203 1516 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
    06:04:22.0203 1516 mnmsrvc - ok
    06:04:22.0250 1516 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    06:04:22.0265 1516 Modem - ok
    06:04:22.0281 1516 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    06:04:22.0296 1516 Mouclass - ok
    06:04:22.0343 1516 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    06:04:22.0343 1516 mouhid - ok
    06:04:22.0359 1516 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    06:04:22.0375 1516 MountMgr - ok
    06:04:22.0390 1516 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    06:04:22.0421 1516 MpFilter - ok
    06:04:22.0453 1516 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    06:04:22.0453 1516 mraid35x - ok
    06:04:22.0468 1516 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    06:04:22.0500 1516 MRxDAV - ok
    06:04:22.0562 1516 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    06:04:22.0578 1516 MRxSmb - ok
    06:04:22.0625 1516 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
    06:04:22.0625 1516 MSDTC - ok
    06:04:22.0625 1516 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    06:04:22.0656 1516 Msfs - ok
    06:04:22.0671 1516 MSIServer - ok
    06:04:22.0718 1516 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    06:04:22.0718 1516 MSKSSRV - ok
    06:04:22.0843 1516 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
    06:04:22.0859 1516 MsMpSvc - ok
    06:04:22.0890 1516 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    06:04:22.0890 1516 MSPCLOCK - ok
    06:04:22.0890 1516 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    06:04:22.0906 1516 MSPQM - ok
    06:04:22.0937 1516 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    06:04:22.0953 1516 mssmbios - ok
    06:04:22.0968 1516 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    06:04:23.0000 1516 Mup - ok
    06:04:23.0046 1516 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    06:04:23.0062 1516 napagent - ok
    06:04:23.0093 1516 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    06:04:23.0109 1516 NDIS - ok
    06:04:23.0156 1516 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    06:04:23.0171 1516 NdisTapi - ok
    06:04:23.0187 1516 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    06:04:23.0203 1516 Ndisuio - ok
    06:04:23.0203 1516 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    06:04:23.0218 1516 NdisWan - ok
    06:04:23.0234 1516 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    06:04:23.0250 1516 NDProxy - ok
    06:04:23.0265 1516 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    06:04:23.0265 1516 NetBIOS - ok
    06:04:23.0281 1516 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    06:04:23.0328 1516 NetBT - ok
    06:04:23.0375 1516 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    06:04:23.0390 1516 NetDDE - ok
    06:04:23.0390 1516 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    06:04:23.0390 1516 NetDDEdsdm - ok
    06:04:23.0421 1516 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    06:04:23.0437 1516 Netlogon - ok
    06:04:23.0468 1516 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    06:04:23.0484 1516 Netman - ok
    06:04:23.0656 1516 NetSvc (9da26b773bd04b867a8e9f427cd048fc) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    06:04:23.0781 1516 NetSvc - ok
    06:04:23.0906 1516 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    06:04:23.0921 1516 NetTcpPortSharing - ok
    06:04:23.0984 1516 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    06:04:24.0000 1516 Nla - ok
    06:04:24.0031 1516 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    06:04:24.0046 1516 Npfs - ok
    06:04:24.0062 1516 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    06:04:24.0093 1516 Ntfs - ok
    06:04:24.0140 1516 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    06:04:24.0140 1516 NtLmSsp - ok
    06:04:24.0187 1516 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    06:04:24.0203 1516 NtmsSvc - ok
    06:04:24.0250 1516 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    06:04:24.0250 1516 Null - ok
    06:04:24.0343 1516 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    06:04:24.0390 1516 nv - ok
    06:04:24.0468 1516 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    06:04:24.0484 1516 NwlnkFlt - ok
    06:04:24.0515 1516 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    06:04:24.0515 1516 NwlnkFwd - ok
    06:04:24.0593 1516 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    06:04:24.0593 1516 Parport - ok
    06:04:24.0640 1516 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    06:04:24.0656 1516 PartMgr - ok
    06:04:24.0718 1516 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    06:04:24.0718 1516 ParVdm - ok
    06:04:24.0718 1516 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    06:04:24.0750 1516 PCI - ok
    06:04:24.0750 1516 PCIDump - ok
    06:04:24.0750 1516 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    06:04:24.0765 1516 PCIIde - ok
    06:04:24.0796 1516 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    06:04:24.0812 1516 Pcmcia - ok
    06:04:24.0812 1516 PDCOMP - ok
    06:04:24.0828 1516 PDFRAME - ok
    06:04:24.0828 1516 PDRELI - ok
    06:04:24.0843 1516 PDRFRAME - ok
    06:04:24.0859 1516 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    06:04:24.0859 1516 perc2 - ok
    06:04:24.0890 1516 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    06:04:24.0890 1516 perc2hib - ok
    06:04:24.0953 1516 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    06:04:24.0953 1516 PlugPlay - ok
    06:04:24.0984 1516 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    06:04:24.0984 1516 PolicyAgent - ok
    06:04:25.0031 1516 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    06:04:25.0046 1516 PptpMiniport - ok
    06:04:25.0046 1516 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    06:04:25.0046 1516 ProtectedStorage - ok
    06:04:25.0062 1516 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    06:04:25.0062 1516 PSched - ok
    06:04:25.0093 1516 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    06:04:25.0125 1516 Ptilink - ok
    06:04:25.0156 1516 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    06:04:25.0171 1516 PxHelp20 - ok
    06:04:25.0203 1516 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    06:04:25.0218 1516 ql1080 - ok
    06:04:25.0234 1516 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    06:04:25.0234 1516 Ql10wnt - ok
    06:04:25.0250 1516 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    06:04:25.0265 1516 ql12160 - ok
    06:04:25.0265 1516 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    06:04:25.0281 1516 ql1240 - ok
    06:04:25.0281 1516 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    06:04:25.0296 1516 ql1280 - ok
    06:04:25.0421 1516 RampartSvc - ok
    06:04:25.0421 1516 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    06:04:25.0437 1516 RasAcd - ok
    06:04:25.0484 1516 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    06:04:25.0484 1516 RasAuto - ok
    06:04:25.0531 1516 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    06:04:25.0531 1516 Rasl2tp - ok
    06:04:25.0578 1516 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    06:04:25.0593 1516 RasMan - ok
    06:04:25.0609 1516 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    06:04:25.0625 1516 RasPppoe - ok
    06:04:25.0625 1516 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    06:04:25.0640 1516 Raspti - ok
    06:04:25.0656 1516 rcvpn (bca39c96b11318cbc2797c4b842e22e4) C:\WINDOWS\system32\DRIVERS\rcvpn.sys
    06:04:25.0765 1516 rcvpn - ok
    06:04:25.0781 1516 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    06:04:25.0828 1516 Rdbss - ok
    06:04:25.0890 1516 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    06:04:25.0890 1516 RDPCDD - ok
    06:04:25.0937 1516 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    06:04:25.0937 1516 rdpdr - ok
    06:04:25.0984 1516 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
    06:04:26.0000 1516 RDPWD - ok
    06:04:26.0046 1516 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    06:04:26.0062 1516 RDSessMgr - ok
    06:04:26.0093 1516 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    06:04:26.0156 1516 redbook - ok
    06:04:26.0203 1516 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    06:04:26.0218 1516 RemoteAccess - ok
    06:04:26.0265 1516 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys
    06:04:26.0281 1516 RimUsb - ok
    06:04:26.0281 1516 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    06:04:26.0312 1516 RimVSerPort - ok
    06:04:26.0343 1516 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    06:04:26.0343 1516 ROOTMODEM - ok
    06:04:26.0468 1516 Roxio UPnP Renderer 9 (f3395d205dec030dce54d4575774cfba) C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    06:04:26.0484 1516 Roxio UPnP Renderer 9 - ok
    06:04:26.0515 1516 Roxio Upnp Server 9 (95519cbef94773af7cd2b26029dceea7) C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    06:04:26.0531 1516 Roxio Upnp Server 9 - ok
    06:04:26.0609 1516 RoxLiveShare9 (b9ea6e59e526b10a2a09f5b9d729797d) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    06:04:26.0640 1516 RoxLiveShare9 - ok
    06:04:26.0828 1516 RoxMediaDB9 (3daf385624abf3c3bbfb05cff2aca7d6) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    06:04:26.0843 1516 RoxMediaDB9 - ok
    06:04:26.0890 1516 RoxWatch9 (8f366d03a7fda7527f76f01f695b0205) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    06:04:26.0906 1516 RoxWatch9 - ok
    06:04:27.0031 1516 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
    06:04:27.0031 1516 RpcLocator - ok
    06:04:27.0093 1516 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
    06:04:27.0093 1516 RpcSs - ok
    06:04:27.0140 1516 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    06:04:27.0140 1516 RSVP - ok
    06:04:27.0187 1516 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    06:04:27.0187 1516 SamSs - ok
    06:04:27.0250 1516 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    06:04:27.0343 1516 SASDIFSV - ok
    06:04:27.0359 1516 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    06:04:27.0375 1516 SASENUM - ok
    06:04:27.0375 1516 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    06:04:27.0453 1516 SASKUTIL - ok
    06:04:27.0500 1516 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    06:04:27.0515 1516 SCardSvr - ok
    06:04:27.0562 1516 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    06:04:27.0578 1516 Schedule - ok
    06:04:27.0671 1516 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    06:04:27.0687 1516 Secdrv - ok
    06:04:27.0765 1516 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    06:04:27.0812 1516 seclogon - ok
    06:04:27.0828 1516 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
    06:04:27.0828 1516 SENS - ok
    06:04:27.0875 1516 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    06:04:27.0890 1516 serenum - ok
    06:04:27.0937 1516 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    06:04:27.0937 1516 Serial - ok
    06:04:27.0984 1516 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    06:04:28.0015 1516 Sfloppy - ok
    06:04:28.0062 1516 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
    06:04:28.0078 1516 SharedAccess - ok
    06:04:28.0125 1516 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    06:04:28.0125 1516 ShellHWDetection - ok
    06:04:28.0140 1516 Simbad - ok
    06:04:28.0187 1516 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    06:04:28.0203 1516 sisagp - ok
    06:04:28.0234 1516 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    06:04:28.0250 1516 Sparrow - ok
    06:04:28.0281 1516 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    06:04:28.0281 1516 splitter - ok
    06:04:28.0328 1516 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    06:04:28.0328 1516 Spooler - ok
    06:04:28.0375 1516 sprtsvc_dellsupportcenter - ok
    06:04:28.0390 1516 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    06:04:28.0406 1516 sr - ok
    06:04:28.0453 1516 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    06:04:28.0468 1516 srservice - ok
    06:04:28.0500 1516 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    06:04:28.0515 1516 Srv - ok
    06:04:28.0546 1516 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    06:04:28.0562 1516 SSDPSRV - ok
    06:04:28.0593 1516 STHDA (352b663a81402be7cd7bd4ea27c9998c) C:\WINDOWS\system32\drivers\sthda.sys
    06:04:28.0609 1516 STHDA - ok
    06:04:28.0640 1516 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    06:04:28.0687 1516 stisvc - ok
    06:04:28.0734 1516 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    06:04:28.0734 1516 swenum - ok
    06:04:28.0781 1516 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    06:04:28.0812 1516 swmidi - ok
    06:04:28.0812 1516 SwPrv - ok
    06:04:28.0859 1516 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    06:04:28.0875 1516 symc810 - ok
    06:04:28.0890 1516 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    06:04:28.0890 1516 symc8xx - ok
    06:04:28.0906 1516 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    06:04:28.0921 1516 sym_hi - ok
    06:04:28.0921 1516 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    06:04:28.0937 1516 sym_u3 - ok
    06:04:28.0968 1516 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    06:04:28.0984 1516 sysaudio - ok
    06:04:29.0015 1516 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    06:04:29.0015 1516 SysmonLog - ok
    06:04:29.0062 1516 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    06:04:29.0078 1516 TapiSrv - ok
    06:04:29.0140 1516 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    06:04:29.0156 1516 Tcpip - ok
    06:04:29.0187 1516 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    06:04:29.0203 1516 TDPIPE - ok
    06:04:29.0234 1516 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    06:04:29.0250 1516 TDTCP - ok
    06:04:29.0281 1516 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    06:04:29.0296 1516 TermDD - ok
    06:04:29.0343 1516 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    06:04:29.0359 1516 TermService - ok
    06:04:29.0421 1516 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    06:04:29.0421 1516 Themes - ok
    06:04:29.0453 1516 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    06:04:29.0453 1516 TosIde - ok
    06:04:29.0484 1516 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    06:04:29.0484 1516 TrkWks - ok
    06:04:29.0515 1516 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    06:04:29.0531 1516 Udfs - ok
    06:04:29.0562 1516 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    06:04:29.0578 1516 ultra - ok
    06:04:29.0625 1516 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    06:04:29.0656 1516 Update - ok
    06:04:29.0812 1516 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    06:04:29.0859 1516 upnphost - ok
    06:04:29.0875 1516 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    06:04:29.0890 1516 UPS - ok
    06:04:29.0937 1516 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
    06:04:29.0953 1516 USBAAPL - ok
    06:04:29.0984 1516 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    06:04:30.0000 1516 usbccgp - ok
    06:04:30.0031 1516 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    06:04:30.0046 1516 usbehci - ok
    06:04:30.0093 1516 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    06:04:30.0093 1516 usbhub - ok
    06:04:30.0109 1516 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    06:04:30.0125 1516 usbprint - ok
    06:04:30.0156 1516 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    06:04:30.0156 1516 usbscan - ok
    06:04:30.0203 1516 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    06:04:30.0203 1516 USBSTOR - ok
    06:04:30.0250 1516 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    06:04:30.0265 1516 usbuhci - ok
    06:04:30.0281 1516 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    06:04:30.0281 1516 VgaSave - ok
    06:04:30.0328 1516 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    06:04:30.0343 1516 viaagp - ok
    06:04:30.0359 1516 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    06:04:30.0359 1516 ViaIde - ok
    06:04:30.0390 1516 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    06:04:30.0390 1516 VolSnap - ok
    06:04:30.0453 1516 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
    06:04:30.0468 1516 vsdatant - ok
    06:04:30.0531 1516 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    06:04:30.0546 1516 VSS - ok
    06:04:30.0578 1516 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    06:04:30.0593 1516 w32time - ok
    06:04:30.0640 1516 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    06:04:30.0656 1516 Wanarp - ok
    06:04:30.0671 1516 wanatw - ok
    06:04:30.0671 1516 WDICA - ok
    06:04:30.0750 1516 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    06:04:30.0750 1516 wdmaud - ok
    06:04:30.0765 1516 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    06:04:30.0781 1516 WebClient - ok
    06:04:30.0906 1516 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    06:04:30.0921 1516 winmgmt - ok
    06:04:31.0000 1516 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
    06:04:31.0015 1516 WmdmPmSN - ok
    06:04:31.0062 1516 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    06:04:31.0078 1516 WmiApSrv - ok
    06:04:31.0218 1516 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
    06:04:31.0250 1516 WMPNetworkSvc - ok
    06:04:31.0312 1516 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    06:04:31.0328 1516 WpdUsb - ok
    06:04:31.0359 1516 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    06:04:31.0375 1516 WS2IFSL - ok
    06:04:31.0421 1516 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
    06:04:31.0437 1516 wscsvc - ok
    06:04:31.0453 1516 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
    06:04:31.0484 1516 wuauserv - ok
    06:04:31.0515 1516 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    06:04:31.0515 1516 WudfPf - ok
    06:04:31.0546 1516 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    06:04:31.0562 1516 WudfRd - ok
    06:04:31.0609 1516 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
    06:04:31.0609 1516 WudfSvc - ok
    06:04:31.0734 1516 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    06:04:31.0828 1516 WZCSVC - ok
    06:04:31.0859 1516 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    06:04:31.0859 1516 xmlprov - ok
    06:04:31.0906 1516 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
    06:04:32.0359 1516 \Device\Harddisk0\DR0 - ok
    06:04:32.0375 1516 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR4
    06:04:32.0375 1516 \Device\Harddisk1\DR4 - ok
    06:04:32.0375 1516 Boot (0x1200) (5ce50ee8af3cc790b4a72be44f765f56) \Device\Harddisk0\DR0\Partition0
    06:04:32.0375 1516 \Device\Harddisk0\DR0\Partition0 - ok
    06:04:32.0390 1516 Boot (0x1200) (71b9467b5f534fe31886cd022e1ae754) \Device\Harddisk1\DR4\Partition0
    06:04:32.0390 1516 \Device\Harddisk1\DR4\Partition0 - ok
    06:04:32.0390 1516 ============================================================
    06:04:32.0390 1516 Scan finished
    06:04:32.0390 1516 ============================================================
    06:04:32.0406 2540 Detected object count: 0
    06:04:32.0406 2540 Actual detected object count: 0
     
    dave1234,
    #24
  6. 2012/05/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #25
  7. 2012/05/17
    dave1234

    dave1234 Well-Known Member Thread Starter

    Joined:
    2002/12/21
    Messages:
    196
    Likes Received:
    0
    I am concerned that I might lose drivers again and have unbootable computer.
     
    dave1234,
    #26
  8. 2012/05/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Hopefully it won't happen again.
    This time you're not running it by yourself.
    We have to run Combofix to remove that infection.
    There is no other choice.
     
    broni,
    #27
  9. 2012/05/17
    dave1234

    dave1234 Well-Known Member Thread Starter

    Joined:
    2002/12/21
    Messages:
    196
    Likes Received:
    0
    ComboFix 12-05-17.05 - David Peters 05/17/2012 20:24:11.11.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.181 [GMT -4:00]
    Running from: c:\documents and settings\David Peters\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\$NtUninstallKB54225$
    c:\windows\$NtUninstallKB54225$\3160174477\cfg.ini
    c:\windows\$NtUninstallKB54225$\3199066309
    c:\windows\system32\dds_trash_log.cmd
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\Packet.dll
    c:\windows\system32\wpcap.dll
    c:\windows\twain_16.dll
    .
    Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
    Restored copy from - The cat found it :)
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-18 to 2012-05-18 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-15 23:17 . 2012-05-15 23:17 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-05-15 22:07 . 2012-04-06 02:48 237568 ----a-w- c:\windows\system32\atiadlxx(2).dll
    2012-05-15 22:07 . 2012-05-15 23:09 -------- d-----w- c:\program files\ATI Technologies(2)
    2012-05-15 22:07 . 2012-05-15 22:07 -------- d-----w- c:\program files\ATI
    2012-05-09 03:03 . 2012-05-15 23:15 -------- d-----w- c:\program files\Common Files\ATI Technologies
    2012-05-09 02:53 . 2012-05-15 22:05 -------- d-----w- C:\AMD
    2012-05-09 01:35 . 2012-05-15 23:16 -------- d-----w- C:\RECYCLER(2)
    2012-05-09 00:49 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-05-05 23:49 . 2012-05-05 23:49 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-05-05 23:49 . 2012-05-05 23:49 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
    2012-05-05 23:49 . 2012-05-05 23:49 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
    2012-04-23 09:18 . 2012-05-05 00:33 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-05 00:33 . 2011-06-23 02:16 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-11 13:14 . 2004-08-10 18:51 2148352 ------w- c:\windows\system32\ntoskrnl.exe
    2012-04-11 13:12 . 2004-08-10 18:51 1862272 ----a-w- c:\windows\system32\win32k.sys
    2012-04-11 12:35 . 2004-08-04 04:59 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
    2012-04-06 02:59 . 2011-01-27 03:31 192512 ----a-w- c:\windows\system32\ati2evxx(2).dll
    2012-04-04 19:56 . 2009-09-13 10:17 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-21 00:44 . 2010-03-26 01:30 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-03-01 11:01 . 2004-08-10 18:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:01 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:01 . 2004-08-10 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-02-29 14:10 . 2004-08-10 18:51 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10 . 2004-08-10 18:51 148480 ----a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17 . 2004-08-10 18:51 385024 ----a-w- c:\windows\system32\html.iec
    2012-05-05 23:49 . 2011-05-24 00:29 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2004-08-04 11:00 94784 -csh--w- c:\windows\twain.dll
    2008-04-14 00:12 50688 -csh--w- c:\windows\twain_32.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-04-15_19.28.28 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-05-18 00:36 . 2012-05-18 00:36 16384 c:\windows\temp\Perflib_Perfdata_574.dat
    + 2004-08-04 06:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(9).drv
    + 2004-08-04 06:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(8).drv
    + 2004-08-04 06:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(7).drv
    + 2004-08-04 06:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(6).drv
    + 2004-08-04 06:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(5).drv
    + 2004-08-04 06:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(4).drv
    + 2004-08-04 06:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(3).drv
    + 2004-08-04 06:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(2).drv
    + 2004-08-04 06:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(11).drv
    + 2004-08-04 06:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(10).drv
    + 2004-08-10 18:51 . 2012-05-16 07:10 73004 c:\windows\system32\perfc009.dat
    - 2004-08-10 18:51 . 2012-04-12 23:23 73004 c:\windows\system32\perfc009.dat
    - 2011-07-22 20:51 . 2011-07-22 20:51 94208 c:\windows\system32\dpl100.dll
    + 2011-10-20 23:26 . 2011-10-20 23:26 94208 c:\windows\system32\dpl100.dll
    + 2011-01-27 03:31 . 2011-01-27 03:31 43520 c:\windows\system32\ati2edxx(6).dll
    + 2011-01-27 03:31 . 2011-01-27 03:31 43520 c:\windows\system32\ati2edxx(5).dll
    + 2011-01-27 03:31 . 2011-01-27 03:31 43520 c:\windows\system32\ati2edxx(4).dll
    + 2011-01-27 03:31 . 2011-01-27 03:31 43520 c:\windows\system32\ati2edxx(3).dll
    + 2011-01-27 03:31 . 2011-01-27 03:31 43520 c:\windows\system32\ati2edxx(2).dll
    + 2012-05-16 07:15 . 2012-05-16 07:15 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\f121ccced1aa14badb316d8d9be5154d\UIAutomationProvider.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\316e223f2ab8c69cd6a5a06de21650ec\System.Windows.Presentation.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\7aac1fe67890463655aeeb3b8e4f2884\System.Web.DynamicData.Design.ni.dll
    + 2012-05-16 07:19 . 2012-05-16 07:19 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\34c988dea48c291b4e648941207e83fb\System.ComponentModel.DataAnnotations.ni.dll
    + 2012-05-16 07:19 . 2012-05-16 07:19 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\7bb7e51275fa19f8b4894c772bdb1e10\System.AddIn.Contract.ni.dll
    + 2012-05-16 07:13 . 2012-05-16 07:13 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\f0c4a4528f130ef2ff1ae63dd7b39075\PresentationFontCache.ni.exe
    + 2012-05-16 07:12 . 2012-05-16 07:12 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\53931181e5a5e194da82605613cda6af\PresentationCFFRasterizer.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2be3ad4cda6853d7959a84cec0414c5\Microsoft.Vsa.ni.dll
    + 2012-05-16 07:19 . 2012-05-16 07:19 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8fab9cd28bbc860a34feec119512664d\Microsoft.Build.Framework.ni.dll
    + 2012-05-16 07:19 . 2012-05-16 07:19 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\0eac132c7c36f1c100ae23c956b379e7\Microsoft.Build.Framework.ni.dll
    + 2012-05-16 07:19 . 2012-05-16 07:19 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\d66bc03eb7eae89b4dde2d09eda1414f\dfsvc.ni.exe
    + 2012-05-16 07:19 . 2012-05-16 07:19 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2012-04-12 12:51 . 2012-04-12 12:51 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2012-04-12 12:51 . 2012-04-12 12:51 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2012-04-12 12:52 . 2012-04-12 12:52 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2012-04-12 12:51 . 2012-04-12 12:51 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2012-04-12 12:51 . 2012-04-12 12:51 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2012-04-12 12:51 . 2012-04-12 12:51 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    - 2012-04-12 12:52 . 2012-04-12 12:52 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2012-04-12 12:51 . 2012-04-12 12:51 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2012-04-12 12:51 . 2012-04-12 12:51 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2012-04-12 12:51 . 2012-04-12 12:51 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2012-04-12 12:51 . 2012-04-12 12:51 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2012-04-12 12:51 . 2012-04-12 12:51 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2012-04-12 12:51 . 2012-04-12 12:51 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2012-04-12 12:51 . 2012-04-12 12:51 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2011-04-15 10:01 . 2012-05-15 10:38 1984 c:\windows\system32\d3d9caps.dat
    - 2011-04-15 10:01 . 2012-04-15 10:18 1984 c:\windows\system32\d3d9caps.dat
    + 2012-05-09 01:19 . 2012-05-09 01:19 8192 c:\windows\ERDNT\subs(2)\Users(2)\00000004(2)\UsrClass.dat
    + 2012-05-09 01:19 . 2012-05-09 01:19 8192 c:\windows\ERDNT\subs(2)\Users(2)\00000002(2)\UsrClass.dat
    - 2012-04-12 12:51 . 2012-04-12 12:51 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2012-04-12 12:52 . 2012-04-12 12:52 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2012-04-12 12:51 . 2012-04-12 12:51 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2012-04-12 12:51 . 2012-04-12 12:51 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2012-04-12 12:51 . 2012-04-12 12:51 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    - 2012-04-12 12:51 . 2012-04-12 12:51 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2012-04-06 03:13 . 2012-04-06 03:13 299080 c:\windows\system32\XPSViewer\XPSViewer.exe
    + 2012-05-09 02:59 . 2011-01-27 03:26 887724 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ativva6x.dat
    + 2012-05-09 02:59 . 2010-12-17 21:00 227587 c:\windows\system32\ReinstallBackups\0000\DriverFiles\atiicdxx.dat
    - 2004-08-10 18:51 . 2012-04-12 23:23 445798 c:\windows\system32\perfh009.dat
    + 2004-08-10 18:51 . 2012-05-16 07:10 445798 c:\windows\system32\perfh009.dat
    + 2012-05-05 00:33 . 2012-05-05 00:33 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
    + 2012-05-05 00:33 . 2012-05-05 00:33 424096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.dll
    + 2012-04-23 09:18 . 2012-05-05 00:33 257696 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    + 2004-08-10 18:57 . 2012-05-16 09:38 406304 c:\windows\system32\FNTCACHE.DAT
    - 2004-08-10 18:57 . 2012-03-15 09:45 406304 c:\windows\system32\FNTCACHE.DAT
    + 2012-05-15 22:07 . 2012-04-06 02:05 887724 c:\windows\system32\DRVSTORE\CX137814_54C15A7CD8B0CE813EB6ABE5CC4E38BB8BC56136\B136646\ativva6x.dat
    + 2012-05-15 22:07 . 2012-01-10 21:10 601728 c:\windows\system32\DRVSTORE\CX137814_54C15A7CD8B0CE813EB6ABE5CC4E38BB8BC56136\B136646\atiicdxx.dat
    + 2012-05-15 22:07 . 2012-04-06 02:05 887724 c:\windows\system32\ativva6x.dat
    - 2011-01-27 03:26 . 2011-01-27 03:26 887724 c:\windows\system32\ativva6x.dat
    + 2011-01-27 03:32 . 2011-01-27 03:32 212992 c:\windows\system32\atipdlxx(6).dll
    + 2011-01-27 03:32 . 2011-01-27 03:32 212992 c:\windows\system32\atipdlxx(5).dll
    + 2011-01-27 03:32 . 2011-01-27 03:32 212992 c:\windows\system32\atipdlxx(4).dll
    + 2011-01-27 03:32 . 2011-01-27 03:32 212992 c:\windows\system32\atipdlxx(3).dll
    + 2011-01-27 03:32 . 2011-01-27 03:32 212992 c:\windows\system32\atipdlxx(2).dll
    + 2011-01-27 03:21 . 2011-01-27 03:21 483328 c:\windows\system32\atiok3x2(6).dll
    + 2011-01-27 03:21 . 2011-01-27 03:21 483328 c:\windows\system32\atiok3x2(5).dll
    + 2011-01-27 03:21 . 2011-01-27 03:21 483328 c:\windows\system32\atiok3x2(4).dll
    + 2011-01-27 03:21 . 2011-01-27 03:21 483328 c:\windows\system32\atiok3x2(3).dll
    + 2011-01-27 03:21 . 2011-01-27 03:21 483328 c:\windows\system32\atiok3x2(2).dll
    + 2011-01-27 03:23 . 2011-01-27 03:23 651264 c:\windows\system32\atikvmag(6).dll
    + 2011-01-27 03:23 . 2011-01-27 03:23 651264 c:\windows\system32\atikvmag(5).dll
    + 2011-01-27 03:23 . 2011-01-27 03:23 651264 c:\windows\system32\atikvmag(4).dll
    + 2011-01-27 03:23 . 2011-01-27 03:23 651264 c:\windows\system32\atikvmag(3).dll
    + 2011-01-27 03:23 . 2011-01-27 03:23 651264 c:\windows\system32\atikvmag(2).dll
    + 2012-05-15 22:07 . 2012-01-10 21:10 601728 c:\windows\system32\atiicdxx.dat
    + 2011-01-27 03:21 . 2011-01-27 03:21 196608 c:\windows\system32\atiadlxx(7).dll
    + 2011-01-27 03:21 . 2011-01-27 03:21 196608 c:\windows\system32\atiadlxx(6).dll
    + 2011-01-27 03:21 . 2011-01-27 03:21 196608 c:\windows\system32\atiadlxx(5).dll
    + 2011-01-27 03:21 . 2011-01-27 03:21 196608 c:\windows\system32\atiadlxx(4).dll
    + 2011-01-27 03:21 . 2011-01-27 03:21 196608 c:\windows\system32\atiadlxx(3).dll
    + 2011-01-27 03:31 . 2011-01-27 03:31 188416 c:\windows\system32\ati2evxx(9).dll
    + 2011-01-27 03:31 . 2011-01-27 03:31 188416 c:\windows\system32\ati2evxx(8).dll
    + 2011-01-27 03:31 . 2009-08-14 02:09 155648 c:\windows\system32\ati2evxx(7).dll
    + 2011-01-27 03:30 . 2011-01-27 03:30 638976 c:\windows\system32\ati2evxx(6).exe
    + 2011-01-27 03:31 . 2009-08-14 02:09 155648 c:\windows\system32\ati2evxx(6).dll
    + 2011-01-27 03:30 . 2011-01-27 03:30 638976 c:\windows\system32\ati2evxx(5).exe
    + 2011-01-27 03:31 . 2009-08-14 02:09 155648 c:\windows\system32\ati2evxx(5).dll
    + 2011-01-27 03:30 . 2011-01-27 03:30 638976 c:\windows\system32\ati2evxx(4).exe
    + 2011-01-27 03:31 . 2009-08-14 02:09 155648 c:\windows\system32\ati2evxx(4).dll
    + 2011-01-27 03:30 . 2011-01-27 03:30 638976 c:\windows\system32\ati2evxx(3).exe
    + 2011-01-27 03:31 . 2009-08-14 02:09 155648 c:\windows\system32\ati2evxx(3).dll
    + 2011-01-27 03:30 . 2011-01-27 03:30 638976 c:\windows\system32\ati2evxx(2).exe
    + 2011-01-27 03:31 . 2011-01-27 03:31 188416 c:\windows\system32\ati2evxx(12).dll
    + 2011-01-27 03:31 . 2011-01-27 03:31 188416 c:\windows\system32\ati2evxx(11).dll
    + 2011-01-27 03:31 . 2011-01-27 03:31 188416 c:\windows\system32\ati2evxx(10).dll
    + 2008-08-22 22:46 . 2011-01-27 03:51 302080 c:\windows\system32\ati2dvag(6).dll
    + 2008-08-22 22:46 . 2011-01-27 03:51 302080 c:\windows\system32\ati2dvag(5).dll
    + 2008-08-22 22:46 . 2011-01-27 03:51 302080 c:\windows\system32\ati2dvag(4).dll
    + 2008-08-22 22:46 . 2011-01-27 03:51 302080 c:\windows\system32\ati2dvag(3).dll
    + 2008-08-22 22:46 . 2011-01-27 03:51 302080 c:\windows\system32\ati2dvag(2).dll
    + 2008-08-22 22:46 . 2011-01-27 03:15 847872 c:\windows\system32\ati2cqag(6).dll
    + 2008-08-22 22:46 . 2011-01-27 03:15 847872 c:\windows\system32\ati2cqag(5).dll
    + 2008-08-22 22:46 . 2011-01-27 03:15 847872 c:\windows\system32\ati2cqag(4).dll
    + 2008-08-22 22:46 . 2011-01-27 03:15 847872 c:\windows\system32\ati2cqag(3).dll
    + 2008-08-22 22:46 . 2011-01-27 03:15 847872 c:\windows\system32\ati2cqag(2).dll
    + 2012-04-06 03:52 . 2012-04-06 03:52 131168 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
    + 2011-12-25 07:50 . 2011-12-25 07:50 389888 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    + 2011-12-25 07:50 . 2011-12-25 07:50 364816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    + 2011-12-25 07:50 . 2011-12-25 07:50 989968 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2012-04-25 02:37 . 2012-04-25 02:37 301056 c:\windows\Installer\f8734a.msi
    + 2011-12-22 20:50 . 2011-12-22 20:50 256000 c:\windows\Installer\1a5ef41.msp
    + 2012-04-25 02:39 . 2012-04-25 02:39 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\SCEP.exe
    + 2012-04-25 02:39 . 2012-04-25 02:39 123352 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\MSE.exe
    + 2012-04-25 02:39 . 2012-04-25 02:39 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\INTUNE.exe
    + 2012-04-25 02:39 . 2012-04-25 02:39 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\FEP.exe
    + 2012-04-25 02:39 . 2012-04-25 02:39 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\EPP.exe
    + 2012-05-09 01:19 . 2012-05-09 01:19 212992 c:\windows\ERDNT\subs(2)\Users(2)\00000006(2)\UsrClass.dat
    + 2012-05-09 01:19 . 2012-05-09 01:19 241664 c:\windows\ERDNT\subs(2)\Users(2)\00000003(2)\NTUSER.DAT
    + 2012-05-09 01:19 . 2012-05-09 01:19 241664 c:\windows\ERDNT\subs(2)\Users(2)\00000001(2)\NTUSER.DAT
    + 2012-05-16 07:17 . 2012-05-16 07:17 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\ac4fc3032c19946f9b2729468888206d\WsatConfig.ni.exe
    + 2012-05-16 07:15 . 2012-05-16 07:15 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6198de2c5b8f7d89404c2ba39d69ae56\WindowsFormsIntegration.ni.dll
    + 2012-05-16 07:15 . 2012-05-16 07:15 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\be27ab5913cec2b292a019c2a13ec701\UIAutomationTypes.ni.dll
    + 2012-05-16 07:15 . 2012-05-16 07:15 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\04e5e2be34a70ee7f4c87550238095a0\UIAutomationClient.ni.dll
    + 2012-05-16 07:22 . 2012-05-16 07:22 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\1c13b08593e99d6f5bef49ae7939c78b\System.Xml.Linq.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8bffbaa5d5abe40674d0bc124dfe8622\System.Web.Routing.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6c7765c10516d375e9ddedad2dbab848\System.Web.RegularExpressions.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a7908debe80c209b599529685a159fa0\System.Web.Extensions.Design.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\44ecb9f7be54a2ba46e6102d343e2e7e\System.Web.Entity.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\fee8237aa2daa36e48aec379ee642422\System.Web.Entity.Design.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\40d90d2c1484164b786067320ce778f4\System.Web.DynamicData.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6b4ce8cf2c3307b75ea7ebe77258bb26\System.Web.Abstractions.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll
    + 2012-05-16 07:19 . 2012-05-16 07:19 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a644ec04e18202b60f9d828bc207972b\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\4a9eb43005a041959ddc5c7e586ab746\System.Net.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\3182a049ba953010dec649cf290a9e90\System.Management.Instrumentation.ni.dll
    + 2012-05-16 07:19 . 2012-05-16 07:19 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cd9c60a35d4958e94d2e3dd2f778e2e9\System.IdentityModel.Selectors.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.Wrapper.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
    + 2012-05-16 07:14 . 2012-05-16 07:14 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\88aa4f80c7e5ac25f06f8950e42a1678\System.Drawing.Design.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ca484772955bc4db03b5dcb611c09423\System.DirectoryServices.Protocols.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ba5e68dddfd3279a8469d39eded48f3\Of File - - 02D194B8AC23503FE09F62B2672830CD
     
    dave1234,
    #28
  10. 2012/05/17
    dave1234

    dave1234 Well-Known Member Thread Starter

    Joined:
    2002/12/21
    Messages:
    196
    Likes Received:
    0
    2012-05-15 23:28 . 2012-02-09 15:43 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
    + 2012-05-15 23:08 . 2012-05-15 23:19 1703120 c:\windows\system32\Restore\rstrlog.dat
    + 2008-10-16 05:51 . 2012-04-11 13:12 1862272 c:\windows\system32\dllcache\win32k.sys
    + 2008-10-16 05:51 . 2012-04-11 13:10 2192640 c:\windows\system32\dllcache\ntoskrnl.exe
    + 2008-10-16 05:51 . 2012-04-11 12:35 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
    + 2008-10-16 05:51 . 2012-04-11 12:35 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe
    + 2008-10-16 05:51 . 2012-04-11 13:14 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2008-08-22 22:46 . 2011-01-27 03:27 2673280 c:\windows\system32\ativvaxx(6).dll
    + 2008-08-22 22:46 . 2011-01-27 03:27 2673280 c:\windows\system32\ativvaxx(5).dll
    + 2008-08-22 22:46 . 2011-01-27 03:27 2673280 c:\windows\system32\ativvaxx(4).dll
    + 2008-08-22 22:46 . 2011-01-27 03:27 2673280 c:\windows\system32\ativvaxx(3).dll
    + 2008-08-22 22:46 . 2011-01-27 03:27 2673280 c:\windows\system32\ativvaxx(2).dll
    + 2008-08-22 22:46 . 2011-01-27 03:42 4029824 c:\windows\system32\ati3duag(6).dll
    + 2008-08-22 22:46 . 2011-01-27 03:42 4029824 c:\windows\system32\ati3duag(5).dll
    + 2008-08-22 22:46 . 2011-01-27 03:42 4029824 c:\windows\system32\ati3duag(4).dll
    + 2008-08-22 22:46 . 2011-01-27 03:42 4029824 c:\windows\system32\ati3duag(3).dll
    + 2008-08-22 22:46 . 2011-01-27 03:42 4029824 c:\windows\system32\ati3duag(2).dll
    + 2011-12-25 07:50 . 2011-12-25 07:50 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    - 2011-03-25 10:15 . 2011-03-25 10:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    + 2011-12-25 07:50 . 2011-12-25 07:50 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
    - 2011-10-26 08:39 . 2011-10-26 08:39 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
    + 2011-12-25 07:50 . 2011-12-25 07:50 5913360 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    + 2011-12-25 07:50 . 2011-12-25 07:50 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    - 2011-07-07 09:18 . 2011-07-07 09:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2012-04-25 02:38 . 2012-04-25 02:38 1826304 c:\windows\Installer\f87376.msi
    + 2012-05-09 01:19 . 2012-05-09 01:19 4919296 c:\windows\ERDNT\subs(2)\Users(2)\00000005(2)\NTUSER.DAT
    + 2008-10-16 05:51 . 2012-04-11 13:10 2192640 c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2008-10-16 05:51 . 2012-04-11 12:35 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
    + 2008-10-16 05:51 . 2012-04-11 12:35 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    + 2008-10-16 05:51 . 2012-04-11 13:14 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2012-05-16 07:12 . 2012-05-16 07:12 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
    + 2012-05-16 07:15 . 2012-05-16 07:15 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\41a81b97625c113b591ed082c95276e2\UIAutomationClientsideProviders.ni.dll
    + 2012-05-16 07:12 . 2012-05-16 07:12 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
    + 2012-05-16 07:15 . 2012-05-16 07:15 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
    + 2012-05-16 07:22 . 2012-05-16 07:22 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\33fa6a2055bf857bff2e31020279b5e9\System.WorkflowServices.ni.dll
    + 2012-05-16 07:22 . 2012-05-16 07:22 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5eccf6fef6bee8a2f93bc65ff33699bb\System.Workflow.Runtime.ni.dll
    + 2012-05-16 07:22 . 2012-05-16 07:22 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\62bd2e1bf98b04ceca2102c8f54aab9d\System.Workflow.ComponentModel.ni.dll
    + 2012-05-16 07:22 . 2012-05-16 07:22 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\8215548b3d4aabbaa0557ab747700778\System.Workflow.Activities.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3e11aea7d742b5eddbd0b6bd1012f7df\System.Web.Services.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\ff995dde9cd34ff1e8ac7ab55fc92d32\System.Web.Mobile.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8899d1091e64a4d0b6ae69060197091a\System.Web.Extensions.ni.dll
    + 2012-05-16 07:14 . 2012-05-16 07:14 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5efb50c91f3c5e49be2079f625d933b7\System.Speech.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\97d635f5c656ae43d94b55e67fc4ab50\System.ServiceModel.Web.ni.dll
    + 2012-05-16 07:16 . 2012-05-16 07:16 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll
    + 2012-05-16 07:14 . 2012-05-16 07:14 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\1d6707a5a9da16c1d1b88529837884d6\System.Printing.ni.dll
    + 2012-05-16 07:16 . 2012-05-16 07:16 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e09496ddb2bf6f3b69707924f2e6b5ff\System.IdentityModel.ni.dll
    + 2012-05-16 07:14 . 2012-05-16 07:14 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b55887436d2cfbe1fb32dd18d554185b\System.DirectoryServices.ni.dll
    + 2012-05-16 07:20 . 2012-05-16 07:20 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\832196527f0497078f085eaf9189265f\System.Deployment.ni.dll
    + 2012-05-16 07:14 . 2012-05-16 07:14 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
    + 2012-05-16 07:19 . 2012-05-16 07:19 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\982b508698278c6ffb3d143bbe1e8bb8\System.Data.SqlXml.ni.dll
    + 2012-05-16 07:20 . 2012-05-16 07:20 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de7666b1cd0a1bc363726c9553dc39c\System.Data.Services.ni.dll
    + 2012-05-16 07:14 . 2012-05-16 07:14 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\44a5fc9e7c71b1fe1e2c79b03ecc3bc7\System.Data.Linq.ni.dll
    + 2012-05-16 07:20 . 2012-05-16 07:20 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\772c94f595cd87b7fa187d592ef46fcf\System.Data.Entity.ni.dll
    + 2012-05-16 07:14 . 2012-05-16 07:14 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
    + 2012-05-16 07:14 . 2012-05-16 07:14 2146304 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\2ecefd16184a78f19aaf0f02cc0a7e1f\ReachFramework.ni.dll
    + 2012-05-16 07:14 . 2012-05-16 07:14 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\51204805c71113e0db2103faa064b313\PresentationUI.ni.dll
    + 2012-05-16 07:12 . 2012-05-16 07:12 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\8c509044eea2ab22689ea43926b30108\PresentationBuildTasks.ni.dll
    + 2012-05-16 07:19 . 2012-05-16 07:19 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b49dd780ba8e3501b0adcf108b431e7b\Microsoft.VisualBasic.ni.dll
    + 2012-05-16 07:17 . 2012-05-16 07:17 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\42145ebf75f77cabad442f0801a81c64\Microsoft.Transactions.Bridge.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\cfe15312373b4668398404b5822bab7d\Microsoft.JScript.ni.dll
    + 2012-05-16 07:19 . 2012-05-16 07:19 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\f3fcd65eca42d13b746cf3f5bd993ee0\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2012-05-16 07:19 . 2012-05-16 07:19 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\2091903cd9b359e96f05ac2d6d25ef4e\Microsoft.Build.Tasks.ni.dll
    + 2012-05-16 07:19 . 2012-05-16 07:19 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5aa63a1cb41e3a5e1e8ed17072e60ec3\Microsoft.Build.Engine.ni.dll
    + 2012-05-16 07:02 . 2012-05-16 07:02 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
    - 2010-06-24 02:56 . 2010-06-24 02:56 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
    - 2012-04-12 12:52 . 2012-04-12 12:52 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2012-04-12 12:51 . 2012-04-12 12:51 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2012-04-12 12:51 . 2012-04-12 12:51 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2012-04-12 12:51 . 2012-04-12 12:51 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2012-05-16 07:02 . 2012-05-16 07:02 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2012-04-12 12:51 . 2012-04-12 12:51 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2012-05-16 07:09 . 2012-05-16 07:09 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2012-04-12 12:52 . 2012-04-12 12:52 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2012-05-16 07:02 . 2012-05-16 07:02 4214784 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    + 2012-04-12 12:52 . 2012-05-16 07:09 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2012-04-12 12:52 . 2012-04-12 12:52 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2012-04-06 06:12 . 2012-04-06 06:12 15709696 c:\windows\Installer\1a5ef48.msp
    + 2012-01-04 06:25 . 2012-01-04 06:25 17751552 c:\windows\Installer\1a5ef3a.msp
    + 2012-04-06 07:13 . 2012-04-06 07:13 16527872 c:\windows\Installer\1a5ef2d.msp
    + 2012-05-16 07:15 . 2012-05-16 07:15 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll
    + 2012-05-16 07:21 . 2012-05-16 07:21 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll
    + 2012-05-16 07:17 . 2012-05-16 07:17 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
    + 2012-05-16 07:14 . 2012-05-16 07:14 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\a9256d2ad7e4be2bbb4e9b18c3997b84\System.Design.ni.dll
    + 2012-05-16 07:13 . 2012-05-16 07:13 14329856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5b8ff47c1db373a2a4c638ca31988bd2\PresentationFramework.ni.dll
    + 2012-05-16 07:13 . 2012-05-16 07:13 12218368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\4eb3cd1f1d5a83617524a9dfb96a657d\PresentationCore.ni.dll
    + 2012-05-16 07:11 . 2012-05-16 07:11 11492352 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-07-20 77824]
    "dellsupportcenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-06 180269]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "APSDaemon "= "c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
    "MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @= "Service "
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Share-to-Web Namespace Daemon "=c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
    "MMTray "= "c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe "
    "MimBoot "=c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe "
    "Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe "
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    "DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    "dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe "
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe "
    "DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\StubInstaller.exe "=
    "c:\\Program Files\\AIM\\aim.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe "=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe "=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\Program Files\\ACS\\ACS\\ACS.exe "=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
    "c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe "=
    "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe "=
    "c:\\Program Files\\Google\\Update\\GoogleUpdate.exe "=
    "c:\\Documents and Settings\\David Peters\\My Documents\\Downloads\\aswMBR(1).exe "=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
    "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe "=
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 2:50 PM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480]
    R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [1/11/2011 8:01 PM 24876]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 gupdate1c9c3951be7f6a0;Google Update Service (gupdate1c9c3951be7f6a0);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 5:55 PM 133104]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/23/2012 5:18 AM 257696]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 5:55 PM 133104]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 2:50 PM 7408]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    iastor
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 00:33]
    .
    2012-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2012-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 21:55]
    .
    2012-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 21:55]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.2.1
    DPF: {BB28FF6E-2BF3-4897-9931-7CDFFAF09670} - hxxp://192.168.2.125:81/cgi-bin/design/html_template/WebACS.cab
    FF - ProfilePath - c:\documents and settings\David Peters\Application Data\Mozilla\Firefox\Profiles\xf6fq6m9.default\
    FF - prefs.js: browser.startup.homepage - hxxps://webtop.webmail.optimum.net/cerulean/
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-05-17 20:37
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1036)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    .
    - - - - - - - > 'explorer.exe'(2092)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Cisco Systems\VPN Client\cvpnd.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-05-17 20:44:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-05-18 00:44
    ComboFix2.txt 2012-05-09 01:28
    ComboFix3.txt 2012-04-15 19:32
    ComboFix4.txt 2012-03-29 00:48
    ComboFix5.txt 2012-05-18 00:09
    .
    Pre-Run: 49,634,897,920 bytes free
    Post-Run: 49,600,843,776 bytes free
    .
    - - End Of File - - 02D194B8AC23503FE09F62B2672830CD
     
    dave1234,
    #29
  11. 2012/05/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Perfect!

    The main infection is gone :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #30
  12. 2012/05/17
    dave1234

    dave1234 Well-Known Member Thread Starter

    Joined:
    2002/12/21
    Messages:
    196
    Likes Received:
    0
    Computer seems fast.

    OTL logfile created on: 5/17/2012 9:17:20 PM - Run 5
    OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\David Peters\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    510.07 Mb Total Physical Memory | 262.13 Mb Available Physical Memory | 51.39% Memory free
    1.21 Gb Paging File | 0.89 Gb Available in Paging File | 73.83% Paging File free
    Paging file location(s): C:\pagefile.sys 756 2000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 71.46 Gb Total Space | 46.21 Gb Free Space | 64.67% Space Free | Partition Type: NTFS

    Computer Name: D124YR81 | User Name: David Peters | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/05/17 21:14:11 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Peters\Desktop\OTL.exe
    PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/03/26 17:03:40 | 000,258,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/09/27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    PRC - [2009/05/21 11:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    PRC - [2008/08/13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/08/06 12:20:51 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/05/16 03:15:11 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
    MOD - [2012/05/16 03:12:13 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
    MOD - [2012/05/16 03:11:35 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2010/09/27 13:03:08 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Documents and Settings\David Peters\Desktop\RampartSvc.exe -- (RampartSvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfsync02.dll -- (iastor)
    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2012/05/04 20:33:40 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2010/09/27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
    SRV - [2008/08/13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
    SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
    SRV - [2005/10/28 19:59:30 | 000,027,648 | ---- | M] (Acesoft) [On_Demand | Stopped] -- C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe -- (Autocomplete)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
    DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\mbr.sys -- (mbr)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2011/01/27 00:34:32 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2010/09/27 12:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV - [2009/09/04 14:50:02 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2009/09/04 14:50:00 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/09/04 14:49:58 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2008/11/16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
    DRV - [2007/11/14 20:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
    DRV - [2007/07/20 19:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2007/01/18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
    DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2005/11/08 09:58:20 | 000,024,876 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rcvpn.sys -- (rcvpn)
    DRV - [2005/06/15 00:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-255644176-2114812240-378072284-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\S-1-5-21-255644176-2114812240-378072284-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-255644176-2114812240-378072284-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
    IE - HKU\S-1-5-21-255644176-2114812240-378072284-1006\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
    IE - HKU\S-1-5-21-255644176-2114812240-378072284-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-255644176-2114812240-378072284-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://webtop.webmail.optimum.net/cerulean/ "
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@View22/View22: C:\Program Files\View22\Version 3.10.50\NPView22.dll (View22 Technology)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/16 19:52:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/05 19:49:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/09 20:04:08 | 000,000,000 | ---D | M]

    [2011/01/09 14:46:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Peters\Application Data\Mozilla\Extensions
    [2009/02/16 11:48:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Peters\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2012/05/01 22:04:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Peters\Application Data\Mozilla\Firefox\Profiles\xf6fq6m9.default\extensions
    [2011/11/09 23:17:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/04/16 19:52:57 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
    [2010/03/16 22:02:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2012/05/05 19:49:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/07/13 17:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/07/13 17:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2011/10/05 10:53:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/09 23:17:06 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/05/17 20:36:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-255644176-2114812240-378072284-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-255644176-2114812240-378072284-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-255644176-2114812240-378072284-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-255644176-2114812240-378072284-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-255644176-2114812240-378072284-1006\..Trusted Ranges: Range1 ([*] in Trusted sites)
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqaio2/downloads/sysinfo.cab (SysData Class)
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.photogize.com/bponet/PhotogizeImageUploader4.cab (Image Uploader Control)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {BB28FF6E-2BF3-4897-9931-7CDFFAF09670} http://192.168.2.125:81/cgi-bin/design/html_template/WebACS.cab (WebRemotePlayerControl Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA2EA78A-45E4-40BB-8533-75631664F7D4}: DhcpNameServer = 192.168.2.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\David Peters\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\David Peters\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: iastor - %systemroot%\system32\sfsync02.dll File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Unable to start System Restore Service. Error code 1056

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/05/17 20:09:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/05/17 20:09:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/05/17 20:09:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/05/17 20:09:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/05/17 20:08:21 | 004,496,432 | R--- | C] (Swearware) -- C:\Documents and Settings\David Peters\Desktop\ComboFix.exe
    [2012/05/16 22:16:45 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\David Peters\Desktop\dds.scr
    [2012/05/15 18:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies(2)
    [2012/05/15 18:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
    [2012/05/08 23:08:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Peters\Local Settings\Application Data\ATI
    [2012/05/08 23:08:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
    [2012/05/08 23:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
    [2012/05/08 22:53:45 | 000,000,000 | ---D | C] -- C:\AMD
    [2012/05/08 21:35:59 | 000,000,000 | ---D | C] -- C:\RECYCLER(2)
    [2012/05/07 21:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Peters\My Documents\photoframe_files
    [2012/05/05 19:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2012/05/05 19:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla

    ========== Files - Modified Within 30 Days ==========

    [2012/05/17 21:14:11 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Peters\Desktop\OTL.exe
    [2012/05/17 20:43:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/05/17 20:37:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/05/17 20:36:42 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
    [2012/05/17 20:36:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/05/17 20:36:17 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/05/17 20:36:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/05/17 20:36:05 | 534,925,312 | -HS- | M] () -- C:\hiberfil.sys
    [2012/05/17 20:08:25 | 004,496,432 | R--- | M] (Swearware) -- C:\Documents and Settings\David Peters\Desktop\ComboFix.exe
    [2012/05/17 19:33:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/05/17 06:03:18 | 002,107,843 | ---- | M] () -- C:\Documents and Settings\David Peters\Desktop\tdsskiller.zip
    [2012/05/17 05:48:02 | 000,249,344 | ---- | M] () -- C:\Documents and Settings\David Peters\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/05/16 22:16:46 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\David Peters\Desktop\dds.scr
    [2012/05/16 20:26:12 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\David Peters\Desktop\nc9yegl7.exe
    [2012/05/16 20:22:19 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\David Peters\Desktop\MBR.dat
    [2012/05/16 05:38:20 | 000,406,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/05/16 03:10:21 | 000,445,798 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/05/16 03:10:21 | 000,073,004 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/05/16 03:05:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/05/15 06:38:34 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/05/14 10:42:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/05/07 21:23:40 | 000,011,374 | ---- | M] () -- C:\Documents and Settings\David Peters\My Documents\photoframe.htm
    [2012/04/26 06:14:46 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
    [2012/04/25 08:43:33 | 000,108,912 | ---- | M] () -- C:\Documents and Settings\David Peters\My Documents\Hotwire Airline Tickets, Hotel Reservations, Car Rentals - Discount Travel Deals, Last-Minute Travel Too!.htm
    [2012/04/24 22:39:07 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif

    ========== Files Created - No Company Name ==========

    [2012/05/17 20:09:14 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/05/17 20:09:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/05/17 20:09:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/05/17 20:09:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/05/17 20:09:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/05/16 20:26:11 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\David Peters\Desktop\nc9yegl7.exe
    [2012/05/16 20:22:19 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\David Peters\Desktop\MBR.dat
    [2012/05/15 19:22:23 | 534,925,312 | -HS- | C] () -- C:\hiberfil.sys
    [2012/05/15 18:07:50 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
    [2012/05/15 18:07:49 | 002,664,704 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
    [2012/05/15 18:07:48 | 000,245,896 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
    [2012/05/15 18:07:44 | 000,601,728 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2012/05/15 18:07:44 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
    [2012/05/07 21:23:38 | 000,011,374 | ---- | C] () -- C:\Documents and Settings\David Peters\My Documents\photoframe.htm
    [2012/05/05 11:16:48 | 000,172,999 | ---- | C] () -- C:\Documents and Settings\David Peters\My Documents\DSCN0646.JPG
    [2012/04/25 08:43:32 | 000,108,912 | ---- | C] () -- C:\Documents and Settings\David Peters\My Documents\Hotwire Airline Tickets, Hotel Reservations, Car Rentals - Discount Travel Deals, Last-Minute Travel Too!.htm
    [2012/04/24 22:39:02 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/04/23 05:18:21 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/02/15 06:37:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/11/12 15:25:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
    [2011/04/15 06:01:38 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/09/27 13:03:08 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
    [2010/09/27 12:57:26 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
    [2010/09/13 06:33:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lyejepefoqesod.bin
    [2010/09/13 06:33:07 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Qpohezenocopol.dat

    ========== LOP Check ==========

    [2008/12/20 16:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
    [2008/03/05 06:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
    [2008/12/20 16:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
    [2010/10/22 20:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
    [2008/02/01 06:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2008/12/20 16:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
    [2012/03/27 07:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2008/10/19 18:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
    [2011/10/25 21:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/11/06 09:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2005/12/30 10:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Peters\Application Data\ACD Systems
    [2008/04/06 10:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Peters\Application Data\ACDInTouch
    [2005/11/14 12:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Peters\Application Data\Aim
    [2010/01/06 06:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Peters\Application Data\GetRightToGo
    [2010/12/16 20:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Peters\Application Data\Gevesu
    [2009/11/14 09:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Peters\Application Data\GlarySoft
    [2005/11/14 12:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Peters\Application Data\Leadertech
    [2008/12/20 16:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Peters\Application Data\Nikon
    [2010/12/09 08:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Peters\Application Data\Xosyi

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2011/01/09 22:13:40 | 000,224,665 | ---- | M] () -- C:\aaw7boot.log
    [2009/02/15 14:04:37 | 034,543,112 | ---- | M] (Lavasoft ) -- C:\Ad-AwareAE.exe
    [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/02/26 06:12:01 | 000,891,208 | ---- | M] (AVG Technologies) -- C:\avg_free_stb_en_9_40.exe
    [2009/08/30 06:15:42 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/01/11 19:32:46 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2012/05/17 20:44:12 | 000,062,031 | ---- | M] () -- C:\ComboFix.txt
    [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2005/11/02 22:06:56 | 000,004,604 | ---- | M] () -- C:\data
    [2005/11/02 04:11:20 | 000,005,040 | RH-- | M] () -- C:\dell.sdr
    [2006/01/06 04:19:41 | 004,193,599 | ---- | M] () -- C:\EasyShare.dmp
    [2006/03/11 19:06:29 | 007,984,736 | ---- | M] () -- C:\ewido-setup.exe
    [2006/03/12 17:49:17 | 000,167,608 | ---- | M] (Symantec Corporation) -- C:\FxIstbar.exe
    [2012/05/17 20:36:05 | 534,925,312 | -HS- | M] () -- C:\hiberfil.sys
    [2006/03/12 17:47:59 | 000,218,112 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\HijackThis.exe
    [2009/09/12 16:55:48 | 000,010,301 | ---- | M] () -- C:\hijackthis.log
    [2012/05/05 11:37:00 | 000,306,363 | ---- | M] () -- C:\hpfr5550.log
    [2005/11/28 20:17:24 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2005/11/02 04:31:11 | 000,000,826 | -H-- | M] () -- C:\IPH.PH
    [2009/10/16 13:30:11 | 000,155,822 | ---- | M] () -- C:\iPod_log.txt
    [2011/07/08 06:30:05 | 000,060,310 | ---- | M] () -- C:\JavaRa.log
    [2010/12/25 17:50:33 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/01/10 12:04:15 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2012/05/17 20:36:03 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
    [2012/04/14 12:14:13 | 000,000,251 | ---- | M] () -- C:\rkill.log
    [2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
    [2009/09/13 09:12:51 | 000,001,637 | ---- | M] () -- C:\swlist.reg
    [2005/11/02 04:31:19 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
    [2011/04/16 14:12:18 | 000,048,762 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_16.04.2011_14.10.03_log.txt
    [2012/03/28 05:14:41 | 000,088,450 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_28.03.2012_05.04.25_log.txt
    [2012/03/28 05:52:06 | 000,098,612 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_28.03.2012_05.44.25_log.txt
    [2012/05/08 20:37:12 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.28.0_08.05.2012_20.37.01_log.txt
    [2012/04/15 13:14:39 | 000,090,796 | ---- | M] () -- C:\TDSSKiller.2.7.28.0_15.04.2012_13.09.42_log.txt
    [2012/04/15 13:30:55 | 000,002,740 | ---- | M] () -- C:\TDSSKiller.2.7.28.0_15.04.2012_13.30.46_log.txt
    [2012/04/15 14:31:57 | 000,088,024 | ---- | M] () -- C:\TDSSKiller.2.7.28.0_15.04.2012_14.22.43_log.txt
    [2012/05/08 20:40:20 | 000,090,164 | ---- | M] () -- C:\TDSSKiller.2.7.34.0_08.05.2012_20.37.56_log.txt
    [2012/05/17 06:03:00 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.34.0_17.05.2012_06.02.52_log.txt
    [2012/05/17 06:25:15 | 000,090,254 | ---- | M] () -- C:\TDSSKiller.2.7.35.0_17.05.2012_06.03.35_log.txt
    [2009/01/10 11:36:22 | 000,267,152 | ---- | M] () -- C:\zaSetup_en.exe

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2010/03/30 10:09:39 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2007/03/06 07:27:44 | 000,215,535 | ---- | M] () -- C:\Program Files\hijackthis.zip

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/10 14:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2004/08/10 14:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2004/08/10 14:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/01/10 12:14:25 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/03/30 10:14:22 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\David Peters\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2004/08/10 15:08:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\David Peters\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2012/04/15 11:50:22 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\David Peters\Desktop\aswMBR.exe
    [2012/05/17 20:08:25 | 004,496,432 | R--- | M] (Swearware) -- C:\Documents and Settings\David Peters\Desktop\ComboFix.exe
    [2010/09/27 12:56:08 | 000,016,505 | ---- | M] () -- C:\Documents and Settings\David Peters\Desktop\DelayInst.exe
    [2012/03/28 23:48:11 | 000,337,137 | ---- | M] () -- C:\Documents and Settings\David Peters\Desktop\FSS.exe
    [2010/09/27 12:56:34 | 000,221,315 | ---- | M] () -- C:\Documents and Settings\David Peters\Desktop\installservice.exe
    [2012/04/16 23:03:56 | 000,909,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\David Peters\Desktop\JavaSetup6u31.exe
    [2012/04/21 18:01:41 | 017,205,024 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\David Peters\Desktop\jre-6u31-windows-i586-s.exe
    [2012/05/16 20:26:12 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\David Peters\Desktop\nc9yegl7.exe
    [2012/05/17 21:14:11 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Peters\Desktop\OTL.exe
    [2012/03/28 23:43:49 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\David Peters\Desktop\SecurityCheck.exe
    [2012/03/28 23:53:53 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Peters\Desktop\TFC.exe
    [2010/09/27 13:05:24 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\David Peters\Desktop\vpnclient_setup.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/05/17 19:33:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/05/14 10:42:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2004/08/04 07:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
    [2012/05/17 20:36:17 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/05/17 20:43:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/05/17 20:36:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2009/04/11 08:32:08 | 000,939,956 | ---- | M] () -- C:\Documents and Settings\David Peters\My Documents\7z465.exe
    [2008/04/06 10:51:05 | 012,962,050 | ---- | M] () -- C:\Documents and Settings\David Peters\My Documents\acdsee31updater.exe
    [2009/04/02 06:28:38 | 102,612,888 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\David Peters\My Documents\CVSPhotoEditorPlus_120.exe
    [2011/05/25 06:22:57 | 000,912,736 | ---- | M] (DivX, LLC) -- C:\Documents and Settings\David Peters\My Documents\DivXInstaller.exe
    [2011/01/09 14:45:33 | 008,582,536 | ---- | M] (Mozilla) -- C:\Documents and Settings\David Peters\My Documents\Firefox Setup 3.6.13.exe
    [2012/03/31 09:26:06 | 008,767,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\David Peters\My Documents\install_flash_player_11_active_x_64bit.exe
    [2011/01/07 23:09:04 | 000,883,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\David Peters\My Documents\JavaSetup6u23.exe
    [2012/03/31 09:43:50 | 000,909,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\David Peters\My Documents\JavaSetup6u31.exe
    [2009/11/14 09:28:54 | 002,308,608 | ---- | M] (GlarySoft.com ) -- C:\Documents and Settings\David Peters\My Documents\qssetup.exe
    [2008/01/28 06:47:16 | 000,325,168 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\David Peters\My Documents\RealPlayer11GOLD.exe
    [2008/04/12 09:10:40 | 001,639,504 | ---- | M] (Acesoft, Inc. ) -- C:\Documents and Settings\David Peters\My Documents\te5.exe
    [2012/01/11 09:26:15 | 001,785,776 | ---- | M] (Acesoft, Inc. ) -- C:\Documents and Settings\David Peters\My Documents\te6.exe
    [2008/10/19 16:48:05 | 000,195,663 | ---- | M] () -- C:\Documents and Settings\David Peters\My Documents\unrarw32.exe
    [2010/03/28 20:05:05 | 008,287,608 | ---- | M] () -- C:\Documents and Settings\David Peters\My Documents\View22_Install_3_10_50.exe
    [2008/10/19 18:01:21 | 002,131,320 | ---- | M] () -- C:\Documents and Settings\David Peters\My Documents\wzipse31.exe
    [2009/09/01 13:08:29 | 000,366,552 | ---- | M] (Digital River, Inc.) -- C:\Documents and Settings\David Peters\My Documents\X12-30263-DLM.exe
    [2007/04/22 07:03:54 | 040,738,456 | ---- | M] () -- C:\Documents and Settings\David Peters\My Documents\zlsSetup_70_337_000_en.exe
    [2007/11/17 11:27:23 | 041,412,496 | ---- | M] () -- C:\Documents and Settings\David Peters\My Documents\zlsSetup_70_408_000_en.exe
    [2008/03/05 06:37:38 | 041,724,304 | ---- | M] () -- C:\Documents and Settings\David Peters\My Documents\zlsSetup_70_462_000_en.exe
    [2008/07/11 20:50:55 | 046,829,456 | ---- | M] () -- C:\Documents and Settings\David Peters\My Documents\zlsSetup_70_483_000_en.exe

    < %USERPROFILE%\*.exe >
    [2005/11/20 23:02:07 | 000,557,056 | ---- | M] (Citrix Online) -- C:\Documents and Settings\David Peters\chatlnk.exe
    [2005/11/18 11:19:36 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\David Peters\zzz.exe

    < %systemroot%\ADDINS\*.* >
    [2004/08/04 07:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/03/30 10:14:22 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\David Peters\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012/05/17 21:13:42 | 004,112,384 | -HS- | M] () -- C:\Documents and Settings\David Peters\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 03:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 03:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 03:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 03:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 03:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 03:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 03:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < >

    < End of report >
     
    dave1234,
    #31
  13. 2012/05/17
    dave1234

    dave1234 Well-Known Member Thread Starter

    Joined:
    2002/12/21
    Messages:
    196
    Likes Received:
    0
    Cant find or locate Extras.txt
     
    dave1234,
    #32
  14. 2012/05/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That's fine.

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
SRV - File not found [On_Demand | Stopped] -- C:\Documents and Settings\David Peters\Desktop\RampartSvc.exe -- (RampartSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfsync02.dll -- (iastor)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
O15 - HKU\S-1-5-21-255644176-2114812240-378072284-1006\..Trusted Ranges: Range1 ([*] in Trusted sites)
[2012/03/27 07:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ========================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan ".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #33
  15. 2012/05/17
    dave1234

    dave1234 Well-Known Member Thread Starter

    Joined:
    2002/12/21
    Messages:
    196
    Likes Received:
    0
    All processes killed
    ========== OTL ==========
    Service RampartSvc stopped successfully!
    Service RampartSvc deleted successfully!
    File C:\Documents and Settings\David Peters\Desktop\RampartSvc.exe not found.
    Service iastor stopped successfully!
    Service iastor deleted successfully!
    File %systemroot%\system32\sfsync02.dll not found.
    Error: No service named getPlusHelper) getPlus(R was found to stop!
    Service\Driver key getPlusHelper) getPlus(R not found.
    File C:\Program Files\NOS\bin\getPlus_Helper.dll not found.
    Error: No service named Winsock - Google Desktop Search Backup Before Last Install was found to stop!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock - Google Desktop Search Backup Before Last Install deleted successfully.
    Error: No service named Winsock - Google Desktop Search Backup Before First Install was found to stop!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock - Google Desktop Search Backup Before First Install deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-255644176-2114812240-378072284-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\ not found.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: David Peters
    ->Temp folder emptied: 111390 bytes
    ->Temporary Internet Files folder emptied: 10998428 bytes
    ->Java cache emptied: 22629 bytes
    ->FireFox cache emptied: 54525616 bytes
    ->Flash cache emptied: 1950 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: eMule_Secure
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 83034 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 747 bytes
    ->Flash cache emptied: 22382 bytes

    User: Owner

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 527755 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 20137798 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 83.00 mb


    [EMPTYJAVA]

    User: All Users

    User: David Peters
    ->Java cache emptied: 0 bytes

    User: Default User

    User: eMule_Secure

    User: LocalService
    ->Java cache emptied: 0 bytes

    User: NetworkService
    ->Java cache emptied: 0 bytes

    User: Owner

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: David Peters
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: eMule_Secure

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Owner

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.43.0 log created on 05172012_221759

    Files\Folders moved on Reboot...
    C:\Documents and Settings\David Peters\Local Settings\Temporary Internet Files\Content.IE5\BTY8A81V\xd_arbiter[1].htm moved successfully.
    C:\Documents and Settings\David Peters\Local Settings\Temporary Internet Files\Content.IE5\6BFPUAWV\si[1].htm moved successfully.
    C:\Documents and Settings\David Peters\Local Settings\Temporary Internet Files\Content.IE5\1J3K9UCP\ads[2].htm moved successfully.
    C:\Documents and Settings\David Peters\Local Settings\Temporary Internet Files\Content.IE5\1J3K9UCP\ads[3].htm moved successfully.
    File\Folder C:\WINDOWS\temp\TMP000000017475B51A28E96F2C not found!

    Registry entries deleted on Reboot...


    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    ESET Online Scanner v3
    Microsoft Security Essentials
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Out of date HijackThis installed!
    AdsGone Popup Killer Spyware Blocker by A1Tech.com
    SUPERAntiSpyware Free Edition
    HijackThis 1.99.1
    CCleaner
    Java(TM) 6 Update 26
    Out of date Java installed!
    Adobe Flash Player ( 10.0.12.36) Flash Player Out of Date!
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    ``````````End of Log````````````



    Farbar Service Scanner Version: 17-05-2012
    Ran by David Peters (administrator) on 17-05-2012 at 22:30:21
    Running from "C:\Documents and Settings\David Peters\Desktop "
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    DNE(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
    0x0A00000004000000010000000200000003000000080000005600000005000000060000000700000009000000
    IpSec Tag value is correct.

    **** End of log ****
     
    dave1234,
    #34
  16. 2012/05/18
    dave1234

    dave1234 Well-Known Member Thread Starter

    Joined:
    2002/12/21
    Messages:
    196
    Likes Received:
    0
    C:\Documents and Settings\David Peters\DoctorWeb\Quarantine\774de4b7-4cd91c78 Java/ClassLoader.Dummy.D trojan
    C:\Documents and Settings\David Peters\DoctorWeb\Quarantine\7dc55cf4-2af858ed Java/ClassLoader.Dummy.D trojan
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\afd.sys.vir a variant of Win32/Rootkit.Kryptik.MA trojan
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP50\A0031438.sys a variant of Win32/Rootkit.Kryptik.MA trojan
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP50\A0032436.sys a variant of Win32/Rootkit.Kryptik.MA trojan
    C:\TDSSKiller_Quarantine\15.04.2012_13.09.42\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AXZ trojan
    C:\TDSSKiller_Quarantine\15.04.2012_13.09.42\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan
     
    dave1234,
    #35
  17. 2012/05/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You forgot to update Java.

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    ====================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
    broni,
    #36
  18. 2012/05/19
    dave1234

    dave1234 Well-Known Member Thread Starter

    Joined:
    2002/12/21
    Messages:
    196
    Likes Received:
    0
    All processes killed
    Error: Unable to interpret <Code: > in the current context!
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: David Peters
    ->Temp folder emptied: 39221 bytes
    ->Temporary Internet Files folder emptied: 4669761 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 38408310 bytes
    ->Flash cache emptied: 1780 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: eMule_Secure
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 15066 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Owner

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 255 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 41.00 mb


    [EMPTYFLASH]

    User: All Users

    User: David Peters
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: eMule_Secure

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Owner

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: David Peters
    ->Java cache emptied: 0 bytes

    User: Default User

    User: eMule_Secure

    User: LocalService
    ->Java cache emptied: 0 bytes

    User: NetworkService
    ->Java cache emptied: 0 bytes

    User: Owner

    Total Java Files Cleaned = 0.00 mb

    Error creating restore point.

    OTL by OldTimer - Version 3.2.43.0 log created on 05192012_165931

    Files\Folders moved on Reboot...
    C:\Documents and Settings\David Peters\Local Settings\Temporary Internet Files\Content.IE5\VJ6QYDM8\;ord=1313107065[1].htm moved successfully.
    C:\Documents and Settings\David Peters\Local Settings\Temporary Internet Files\Content.IE5\VJ6QYDM8\ads[1].htm moved successfully.
    C:\Documents and Settings\David Peters\Local Settings\Temporary Internet Files\Content.IE5\VJ6QYDM8\p-01-0VIaSjnOLg[1].gif moved successfully.
    C:\Documents and Settings\David Peters\Local Settings\Temporary Internet Files\Content.IE5\O4270Q92\fastbutton[1].htm moved successfully.
    C:\Documents and Settings\David Peters\Local Settings\Temporary Internet Files\Content.IE5\O4270Q92\p-01-0VIaSjnOLg[1].gif moved successfully.
    C:\Documents and Settings\David Peters\Local Settings\Temporary Internet Files\Content.IE5\O4270Q92\xd_arbiter[1].htm moved successfully.
    C:\Documents and Settings\David Peters\Local Settings\Temporary Internet Files\Content.IE5\IZD0K1G5\like[1].htm moved successfully.
    C:\Documents and Settings\David Peters\Local Settings\Temporary Internet Files\Content.IE5\IZD0K1G5\xd_arbiter[1].htm moved successfully.
    C:\Documents and Settings\David Peters\Local Settings\Temporary Internet Files\Content.IE5\CGAMR012\102645-active-cant-boot-up-3[1].html moved successfully.
    C:\Documents and Settings\David Peters\Local Settings\Temporary Internet Files\Content.IE5\CGAMR012\5174[1].htm moved successfully.
    C:\Documents and Settings\David Peters\Local Settings\Temporary Internet Files\Content.IE5\CGAMR012\ba41f783-c96b-4b2d-8be8-46ee74bd1e3b__3rd_party_BBS.[1].htm moved successfully.
    C:\Documents and Settings\David Peters\Local Settings\Temporary Internet Files\Content.IE5\CGAMR012\si[1].htm moved successfully.

    Registry entries deleted on Reboot...
     
    dave1234,
    #37
  19. 2012/05/19
    dave1234

    dave1234 Well-Known Member Thread Starter

    Joined:
    2002/12/21
    Messages:
    196
    Likes Received:
    0
    Error creating restore point
    Also JavaRa error deleting old Java.
    Can I remove Eset virus in quarantine?

    Thanks
    Computer runs great!
     
    dave1234,
    #38
  20. 2012/05/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Great!

    Reset system restore manually.
    Turn system restore off.
    Restart computer.
    Turn system restore on.

    As for Java, go here: http://www.java.com/en/download/manual.jsp, download Windows Offline standalone installer and see if it'll install.

    Good luck and stay safe :)
     
    broni,
    #39
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...