Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Smart HDD Virus

Started by SMiller, May 16 2012 10:02 PM

This topic is locked
Go to first unread post

48 replies to this topic

#1
SMiller

Posted 16 May 2012 - 10:02 PM

Advanced Member

Honorary Members
110 posts

Gender:Male

Yesterday, I was hit with the Smart HDD Virus. I have followed the instructions on bleepingcomputer.com to remove it but it is still affecting my computer.

Any help is greatly appreciated.

#2
Maniac

Posted 17 May 2012 - 10:41 AM

Forum Deity

Experts
16,982 posts

Gender:Male
Location:Bulgaria, EU

Hello SMiller! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please follow the instructions here:
http://forums.malwar...?showtopic=9573

Post both log files in your next reply.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#3
SMiller

Posted 17 May 2012 - 09:35 PM

Advanced Member

Honorary Members
110 posts

Gender:Male

Maniac,

Thx for taking the time to help me. I currently do not have the full PRO version of MBAM but plan on purchasing it as soon as my computer is fixed.

Here are the 2 dds logs you requested:

DDS Log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Rob at 15:42:32 on 2012-05-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.554 [GMT -7:00]
.
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\sigservice.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\wuauclt.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\PROGRA~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\windows\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\downlo~1\DAPIEL~1.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe" -scheduler
mRun: [StacSysTray] c:\program files\sigmatel\c-major audio\controlpanel\StacSysTray.exe
mRun: [Adobe Version Cue CS2] c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
StartupFolder: c:\docume~1\rob\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\rob\application data\leadertech\powerregister\Seagate Product Registration.exe
mPolicies-explorer: <NO NAME> =
IE: &Clean Traces - c:\program files\download accelerator plus\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\download accelerator plus\dapextie.htm
IE: Download &all with DAP - c:\program files\download accelerator plus\dapextie2.htm
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: Web-Based Email Tools - hxxps://email.secureserver.net/Download.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196226844085
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-6-27 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-27 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-27 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-27 66616]
R2 SigService;Sigmatel Service;c:\program files\sigmatel\c-major audio\controlpanel\sigservice.exe [2007-11-27 81920]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 253600]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [2004-3-30 118106]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
.
=============== Created Last 30 ================
.
2012-05-15 22:30:52 -------- d-----w- C:\HDD Virus Fix Logs (May 15, 2012)
2012-04-26 01:48:13 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-04-25 22:47:53 53248 ----a-r- c:\documents and settings\rob\application data\microsoft\installer\{12baa98c-f8dd-4bc9-bbe6-1c8463114197}\ARPPRODUCTICON.exe
.
==================== Find3M ====================
.
2012-04-25 21:22:04 256 -c--a-w- c:\windows\system32\pool.bin
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 20:23:45 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-03 20:23:45 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 15:43:27.92 ===============

Attach Log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/27/2007 7:08:52 PM
System Uptime: 5/17/2012 3:36:11 PM (0 hours ago)
.
Motherboard: Gateway | | Gateway M675
Processor: Intel® Pentium® 4 CPU 2.80GHz | uFCPGA2 | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 10.229 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is Removable
H: is FIXED (NTFS) - 1863 GiB total, 68.414 GiB free.
I: is FIXED (NTFS) - 1397 GiB total, 1001.553 GiB free.
U: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Wireless-G PCI Adapter
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_041814E4&REV_03\4&3A321F38&0&10F0
Manufacturer: Linksys, A Division of Cisco Systems, Inc.
Name: Wireless-G PCI Adapter
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_041814E4&REV_03\4&3A321F38&0&10F0
Service: BCM43XX
.
==== System Restore Points ===================
.
RP29: 3/2/2012 11:15:17 AM - System Checkpoint
RP30: 3/4/2012 11:12:33 AM - Software Distribution Service 3.0
RP31: 3/12/2012 6:51:30 PM - Software Distribution Service 3.0
RP32: 3/17/2012 4:24:09 PM - System Checkpoint
RP33: 3/18/2012 8:16:36 PM - System Checkpoint
RP34: 3/20/2012 12:41:22 AM - System Checkpoint
RP35: 3/22/2012 4:23:02 PM - System Checkpoint
RP36: 3/28/2012 1:04:45 PM - System Checkpoint
RP37: 3/29/2012 2:05:46 PM - System Checkpoint
RP38: 4/3/2012 1:51:10 AM - System Checkpoint
RP39: 4/3/2012 1:21:45 PM - Before Install of Adobe Flash Update on 4-3-12...
RP40: 4/7/2012 2:55:32 PM - System Checkpoint
RP41: 4/9/2012 12:08:40 AM - Software Distribution Service 3.0
RP42: 4/12/2012 2:47:55 PM - System Checkpoint
RP43: 4/13/2012 9:02:10 PM - System Checkpoint
RP44: 4/19/2012 3:48:47 PM - Software Distribution Service 3.0
RP45: 4/23/2012 8:28:27 PM - System Checkpoint
RP46: 4/25/2012 3:40:32 PM - Before Install of BB AppLoader...
RP47: 4/25/2012 3:44:36 PM - Installed BlackBerry Device Software Updater.
RP48: 4/25/2012 6:48:13 PM - Installed Windows XP Wdf01009.
RP49: 5/3/2012 1:05:26 AM - Software Distribution Service 3.0
RP50: 5/3/2012 6:32:24 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
7-Zip 9.20
Acrobat.com
Adobe Acrobat 7.0 Professional
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Community Help
Adobe Creative Suite 2
Adobe Flash Player 11 ActiveX
Adobe GoLive CS2
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Media Player
Adobe Photoshop CS2
Adobe Photoshop CS5
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Version Cue CS2
Advanced SystemCare 3
Agere Systems AC'97 Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
BlackBerry Desktop Software 4.3
BlackBerry Device Software Updater
BlackBerry v4.2.2 for the 8830 Series Wireless Device
C-Major Audio Driver and Applications
Canon MF Toolbox 4.9.1.1.mf01
Canon MF6500 Series
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 4.0.9.322
Critical Update for Windows Media Player 11 (KB959772)
Desktop Notifier
Disk Recoup 2.1
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Download Accelerator Plus (DAP)
DVD Shrink 3.2
DVDFab 7.0.6.7 (30/05/2010)
DVDFab 8.0.0.5 (25/08/2010)
Encina DiscMaker
Far Cry
File Scavenger 3.2 (en)
Google Toolbar for Internet Explorer
Hitman 2: Silent Assassin
Hitman Blood Money
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IEEE 802.11g USB Wireless LAN Adapter
ImgBurn
Intel® PRO Network Connections Drivers
iTunes
Java Auto Updater
Java™ 6 Update 29
Logitech MouseWare 9.79.1
Magic ISO Maker v5.5 (build 0273)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.61.0.1400
Max Payne
Max Payne 2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Move Media Player
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
OGA Notifier 2.0.0048.0
OmniPage SE 2.0
PDF Settings CS5
PowerDVD
PowerISO
Presto! Mr.Photo 3
QuickTime
Roxio DLA
Roxio Express Labeler
Roxio Media Manager
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Rushmore Casino
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Update Manager
Sothink SWF Decompiler
Splinter Cell Pandora Tomorrow
Spybot - Search & Destroy
StreamTransport version: 1.0.2.1975
Suite Specific
swMSM
Tom Clancy's Splinter Cell
Ultimate Business Plan Starter
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB-IDE Bridge Driver
VC80CRTRedist - 8.0.50727.6195
VGA Dual-Mode Camera
VLC media player 1.1.9
Vuze
WebFldrs XP
Windows Driver Package - Camera Maker (MR97310_VGA_DUAL_CAMERA) Image 03/30/2004 2.0.0.0
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
XP Codec Pack
.
==== Event Viewer Messages From Past Week ========
.
5/16/2012 5:55:20 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
5/15/2012 8:05:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
5/15/2012 5:19:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips IntelIde intelppm ohci1394 SCDEmu ssmdrv
5/15/2012 3:16:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/15/2012 3:15:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/15/2012 3:15:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm SCDEmu ssmdrv
5/15/2012 3:04:21 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
5/11/2012 3:40:57 PM, error: Service Control Manager [7000] - The USB-IDE Bridge service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/10/2012 4:35:11 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
5/10/2012 4:35:11 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
5/10/2012 4:34:41 PM, error: Service Control Manager [7022] - The Distributed Link Tracking Client service hung on starting.
5/10/2012 4:34:11 PM, error: Service Control Manager [7022] - The Server service hung on starting.
.
==== End Of File ===========================

#4
Maniac

Posted 18 May 2012 - 06:17 AM

Forum Deity

Experts
16,982 posts

Gender:Male
Location:Bulgaria, EU

Step 1

Please uninstall Vuze, because of our policy:
http://forums.malwar...showtopic=97700

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

TDSSKiller log
Malwarebytes' Anti-Malware log
a new fresh DDS log file

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#5
SMiller

Posted 18 May 2012 - 02:00 PM

Advanced Member

Honorary Members
110 posts

Gender:Male

Ok. Will work on that. I am having to use a friend's computer to see your instructions so it takes me a little while to get the instructions, execute them, and then get back to you. Just FYI.

#6
Maniac

Posted 18 May 2012 - 02:40 PM

Forum Deity

Experts
16,982 posts

Gender:Male
Location:Bulgaria, EU

Thanks for letting me know!

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#7
SMiller

Posted 18 May 2012 - 07:37 PM

Advanced Member

Honorary Members
110 posts

Gender:Male

Maniac,

Here are the logs you requested. I also have 2 questions: 1- What is that ARPPRODUCTION.exe that has been created in about 12 diff folders? 2- Are all those services that are "hanging" on startup the reason it takes my computer about 5 mins to boot up?

Thx.

TDSSKiller Log:

12:48:25.0328 1444 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
12:48:25.0343 1444 ============================================================
12:48:25.0343 1444 Current date / time: 2012/05/18 12:48:25.0343
12:48:25.0343 1444 SystemInfo:
12:48:25.0343 1444
12:48:25.0343 1444 OS Version: 5.1.2600 ServicePack: 3.0
12:48:25.0343 1444 Product type: Workstation
12:48:25.0343 1444 ComputerName: ROB-CCA219EB460
12:48:25.0343 1444 UserName: Rob
12:48:25.0343 1444 Windows directory: C:\windows
12:48:25.0343 1444 System windows directory: C:\windows
12:48:25.0343 1444 Processor architecture: Intel x86
12:48:25.0343 1444 Number of processors: 2
12:48:25.0343 1444 Page size: 0x1000
12:48:25.0343 1444 Boot type: Normal boot
12:48:25.0343 1444 ============================================================
12:48:27.0875 1444 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:48:27.0906 1444 Drive \Device\Harddisk3\DR4 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:48:27.0937 1444 Drive \Device\Harddisk4\DR5 - Size: 0x15D50F65C00 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:48:27.0968 1444 ============================================================
12:48:27.0968 1444 \Device\Harddisk0\DR0:
12:48:27.0968 1444 MBR partitions:
12:48:27.0968 1444 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
12:48:27.0968 1444 \Device\Harddisk3\DR4:
12:48:27.0968 1444 MBR partitions:
12:48:27.0968 1444 \Device\Harddisk3\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
12:48:27.0968 1444 \Device\Harddisk4\DR5:
12:48:27.0984 1444 MBR partitions:
12:48:27.0984 1444 \Device\Harddisk4\DR5\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAEA86702
12:48:27.0984 1444 ============================================================
12:48:28.0000 1444 C: <-> \Device\Harddisk0\DR0\Partition0
12:48:28.0203 1444 H: <-> \Device\Harddisk3\DR4\Partition0
12:48:28.0296 1444 I: <-> \Device\Harddisk4\DR5\Partition0
12:48:28.0296 1444 ============================================================
12:48:28.0296 1444 Initialize success
12:48:28.0296 1444 ============================================================
12:48:34.0875 2340 ============================================================
12:48:34.0875 2340 Scan started
12:48:34.0875 2340 Mode: Manual; SigCheck; TDLFS;
12:48:34.0875 2340 ============================================================
12:48:36.0031 2340 Abiosdsk - ok
12:48:36.0031 2340 abp480n5 - ok
12:48:36.0093 2340 ACPI (8fd99680a539792a30e97944fdaecf17) C:\windows\system32\DRIVERS\ACPI.sys
12:48:37.0312 2340 ACPI - ok
12:48:37.0421 2340 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\DRIVERS\ACPIEC.sys
12:48:37.0578 2340 ACPIEC - ok
12:48:37.0687 2340 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
12:48:37.0718 2340 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
12:48:37.0718 2340 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
12:48:37.0812 2340 Adobe Version Cue CS2 (41d15ead554396bf35b7c5246ad47a28) C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
12:48:37.0828 2340 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - warning
12:48:37.0828 2340 Adobe Version Cue CS2 - detected UnsignedFile.Multi.Generic (1)
12:48:37.0906 2340 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:48:37.0953 2340 AdobeFlashPlayerUpdateSvc - ok
12:48:37.0953 2340 adpu160m - ok
12:48:38.0015 2340 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys
12:48:38.0171 2340 aec - ok
12:48:38.0234 2340 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\windows\System32\drivers\afd.sys
12:48:38.0296 2340 AFD - ok
12:48:38.0390 2340 AgereSoftModem (ec1896777c4096be6274c1e11466015f) C:\windows\system32\DRIVERS\AGRSM.sys
12:48:38.0515 2340 AgereSoftModem - ok
12:48:38.0546 2340 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\windows\system32\DRIVERS\agp440.sys
12:48:38.0718 2340 agp440 - ok
12:48:38.0718 2340 Aha154x - ok
12:48:38.0734 2340 aic78u2 - ok
12:48:38.0734 2340 aic78xx - ok
12:48:38.0796 2340 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\windows\system32\alrsvc.dll
12:48:38.0968 2340 Alerter - ok
12:48:39.0015 2340 ALG (8c515081584a38aa007909cd02020b3d) C:\windows\System32\alg.exe
12:48:39.0093 2340 ALG - ok
12:48:39.0093 2340 AliIde - ok
12:48:39.0109 2340 amsint - ok
12:48:39.0234 2340 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:48:39.0250 2340 AntiVirSchedulerService - ok
12:48:39.0312 2340 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:48:39.0343 2340 AntiVirService - ok
12:48:39.0437 2340 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
12:48:39.0453 2340 Apple Mobile Device - ok
12:48:39.0484 2340 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\windows\System32\appmgmts.dll
12:48:39.0562 2340 AppMgmt - ok
12:48:39.0593 2340 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\windows\system32\DRIVERS\arp1394.sys
12:48:39.0781 2340 Arp1394 - ok
12:48:39.0796 2340 asc - ok
12:48:39.0796 2340 asc3350p - ok
12:48:39.0812 2340 asc3550 - ok
12:48:39.0937 2340 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:48:39.0953 2340 aspnet_state - ok
12:48:39.0968 2340 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys
12:48:40.0156 2340 AsyncMac - ok
12:48:40.0171 2340 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys
12:48:40.0359 2340 atapi - ok
12:48:40.0359 2340 Atdisk - ok
12:48:40.0421 2340 Ati HotKey Poller (a2093ed04d20f3aca0c0d348234c6998) C:\windows\system32\Ati2evxx.exe
12:48:40.0500 2340 Ati HotKey Poller - ok
12:48:40.0531 2340 ATI Smart (4c2b0f9c0460cb3e4c80e04da0d5d507) C:\WINDOWS\system32\ati2sgag.exe
12:48:40.0593 2340 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
12:48:40.0593 2340 ATI Smart - detected UnsignedFile.Multi.Generic (1)
12:48:40.0703 2340 ati2mtag (99f6db087497f55d5f8d971f7689f054) C:\windows\system32\DRIVERS\ati2mtag.sys
12:48:40.0890 2340 ati2mtag - ok
12:48:41.0062 2340 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys
12:48:41.0234 2340 Atmarpc - ok
12:48:41.0265 2340 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\windows\System32\audiosrv.dll
12:48:41.0453 2340 AudioSrv - ok
12:48:41.0468 2340 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys
12:48:41.0656 2340 audstub - ok
12:48:41.0765 2340 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
12:48:41.0781 2340 avgio - ok
12:48:41.0812 2340 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys
12:48:41.0875 2340 avgntflt - ok
12:48:41.0890 2340 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys
12:48:41.0906 2340 avipbb - ok
12:48:41.0953 2340 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\windows\system32\DRIVERS\bcmwl5.sys
12:48:42.0046 2340 BCM43XX - ok
12:48:42.0062 2340 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys
12:48:42.0250 2340 Beep - ok
12:48:42.0312 2340 BITS (574738f61fca2935f5265dc4e5691314) C:\windows\system32\qmgr.dll
12:48:42.0578 2340 BITS - ok
12:48:42.0625 2340 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\windows\System32\browser.dll
12:48:42.0781 2340 Browser - ok
12:48:42.0937 2340 catchme - ok
12:48:42.0968 2340 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys
12:48:43.0156 2340 cbidf2k - ok
12:48:43.0171 2340 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\windows\system32\DRIVERS\CCDECODE.sys
12:48:43.0359 2340 CCDECODE - ok
12:48:43.0359 2340 cd20xrnt - ok
12:48:43.0390 2340 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys
12:48:43.0562 2340 Cdaudio - ok
12:48:43.0593 2340 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys
12:48:43.0750 2340 Cdfs - ok
12:48:43.0796 2340 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\windows\system32\DRIVERS\cdrom.sys
12:48:43.0828 2340 Cdrom - ok
12:48:43.0843 2340 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\windows\system32\drivers\cercsr6.sys
12:48:43.0843 2340 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
12:48:43.0843 2340 cercsr6 - detected UnsignedFile.Multi.Generic (1)
12:48:43.0859 2340 Changer - ok
12:48:43.0875 2340 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\windows\system32\cisvc.exe
12:48:44.0078 2340 CiSvc - ok
12:48:44.0093 2340 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\windows\system32\clipsrv.exe
12:48:44.0281 2340 ClipSrv - ok
12:48:44.0390 2340 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:48:44.0406 2340 clr_optimization_v2.0.50727_32 - ok
12:48:44.0453 2340 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\windows\system32\DRIVERS\CmBatt.sys
12:48:44.0625 2340 CmBatt - ok
12:48:44.0640 2340 CmdIde - ok
12:48:44.0671 2340 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\windows\system32\DRIVERS\compbatt.sys
12:48:44.0859 2340 Compbatt - ok
12:48:44.0859 2340 COMSysApp - ok
12:48:44.0875 2340 Cpqarray - ok
12:48:44.0921 2340 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\windows\System32\cryptsvc.dll
12:48:45.0093 2340 CryptSvc - ok
12:48:45.0093 2340 dac2w2k - ok
12:48:45.0109 2340 dac960nt - ok
12:48:45.0171 2340 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\windows\system32\rpcss.dll
12:48:45.0281 2340 DcomLaunch - ok
12:48:45.0328 2340 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\windows\System32\dhcpcsvc.dll
12:48:45.0515 2340 Dhcp - ok
12:48:45.0515 2340 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys
12:48:45.0703 2340 Disk - ok
12:48:45.0750 2340 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\windows\system32\DLA\DLABOIOM.SYS
12:48:45.0750 2340 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
12:48:45.0750 2340 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
12:48:45.0765 2340 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\windows\system32\Drivers\DLACDBHM.SYS
12:48:45.0781 2340 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
12:48:45.0781 2340 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
12:48:45.0796 2340 DLADResN (83545593e297f50a8e2524b4c071a153) C:\windows\system32\DLA\DLADResN.SYS
12:48:45.0812 2340 DLADResN ( UnsignedFile.Multi.Generic ) - warning
12:48:45.0812 2340 DLADResN - detected UnsignedFile.Multi.Generic (1)
12:48:45.0843 2340 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\windows\system32\DLA\DLAIFS_M.SYS
12:48:45.0875 2340 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
12:48:45.0875 2340 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
12:48:45.0890 2340 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\windows\system32\DLA\DLAOPIOM.SYS
12:48:45.0890 2340 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
12:48:45.0890 2340 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
12:48:45.0890 2340 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\windows\system32\DLA\DLAPoolM.SYS
12:48:45.0906 2340 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
12:48:45.0906 2340 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
12:48:45.0921 2340 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\windows\system32\Drivers\DLARTL_N.SYS
12:48:45.0921 2340 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
12:48:45.0921 2340 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
12:48:45.0937 2340 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\windows\system32\DLA\DLAUDFAM.SYS
12:48:45.0953 2340 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
12:48:45.0953 2340 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
12:48:45.0968 2340 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\windows\system32\DLA\DLAUDF_M.SYS
12:48:46.0000 2340 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
12:48:46.0000 2340 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
12:48:46.0000 2340 dmadmin - ok
12:48:46.0109 2340 dmboot (d992fe1274bde0f84ad826acae022a41) C:\windows\system32\drivers\dmboot.sys
12:48:46.0328 2340 dmboot - ok
12:48:46.0359 2340 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\windows\system32\drivers\dmio.sys
12:48:46.0546 2340 dmio - ok
12:48:46.0546 2340 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys
12:48:46.0718 2340 dmload - ok
12:48:46.0750 2340 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\windows\System32\dmserver.dll
12:48:46.0937 2340 dmserver - ok
12:48:46.0953 2340 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys
12:48:47.0125 2340 DMusic - ok
12:48:47.0156 2340 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\windows\System32\dnsrslvr.dll
12:48:47.0281 2340 Dnscache - ok
12:48:47.0312 2340 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\windows\System32\dot3svc.dll
12:48:47.0484 2340 Dot3svc - ok
12:48:47.0500 2340 dpti2o - ok
12:48:47.0515 2340 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys
12:48:47.0687 2340 drmkaud - ok
12:48:47.0703 2340 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\windows\system32\Drivers\DRVMCDB.SYS
12:48:47.0734 2340 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
12:48:47.0734 2340 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
12:48:47.0750 2340 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\windows\system32\Drivers\DRVNDDM.SYS
12:48:47.0765 2340 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
12:48:47.0765 2340 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
12:48:47.0828 2340 E1000 (de5d0ccce14b774d4de68e44c0d6d980) C:\windows\system32\DRIVERS\e1000325.sys
12:48:47.0875 2340 E1000 - ok
12:48:47.0906 2340 EapHost (2187855a7703adef0cef9ee4285182cc) C:\windows\System32\eapsvc.dll
12:48:48.0093 2340 EapHost - ok
12:48:48.0109 2340 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\windows\System32\ersvc.dll
12:48:48.0281 2340 ERSvc - ok
12:48:48.0343 2340 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\windows\system32\services.exe
12:48:48.0359 2340 Eventlog - ok
12:48:48.0390 2340 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
12:48:48.0437 2340 EventSystem - ok
12:48:48.0500 2340 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys
12:48:48.0656 2340 Fastfat - ok
12:48:48.0687 2340 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\windows\System32\shsvcs.dll
12:48:48.0765 2340 FastUserSwitchingCompatibility - ok
12:48:48.0796 2340 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys
12:48:48.0984 2340 Fdc - ok
12:48:49.0015 2340 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\windows\system32\drivers\Fips.sys
12:48:49.0203 2340 Fips - ok
12:48:49.0234 2340 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\drivers\Flpydisk.sys
12:48:49.0406 2340 Flpydisk - ok
12:48:49.0421 2340 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\drivers\fltmgr.sys
12:48:49.0593 2340 FltMgr - ok
12:48:49.0671 2340 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:48:49.0687 2340 FontCache3.0.0.0 - ok
12:48:49.0734 2340 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys
12:48:49.0890 2340 Fs_Rec - ok
12:48:49.0921 2340 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys
12:48:50.0078 2340 Ftdisk - ok
12:48:50.0093 2340 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
12:48:50.0093 2340 GEARAspiWDM - ok
12:48:50.0140 2340 getPlusHelper - ok
12:48:50.0156 2340 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys
12:48:50.0328 2340 Gpc - ok
12:48:50.0375 2340 gusvc (1bf044e23206fddc16891a32922d571b) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:48:50.0390 2340 gusvc - ok
12:48:50.0437 2340 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:48:50.0625 2340 helpsvc - ok
12:48:50.0656 2340 HidServ (deb04da35cc871b6d309b77e1443c796) C:\windows\System32\hidserv.dll
12:48:50.0812 2340 HidServ - ok
12:48:50.0843 2340 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys
12:48:51.0015 2340 HidUsb - ok
12:48:51.0062 2340 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\windows\System32\kmsvc.dll
12:48:51.0234 2340 hkmsvc - ok
12:48:51.0234 2340 hpn - ok
12:48:51.0281 2340 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys
12:48:51.0328 2340 HTTP - ok
12:48:51.0359 2340 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\windows\System32\w3ssl.dll
12:48:51.0546 2340 HTTPFilter - ok
12:48:51.0562 2340 i2omgmt - ok
12:48:51.0578 2340 i2omp - ok
12:48:51.0609 2340 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\windows\system32\DRIVERS\i8042prt.sys
12:48:51.0765 2340 i8042prt - ok
12:48:51.0859 2340 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:48:51.0875 2340 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:48:51.0875 2340 IDriverT - detected UnsignedFile.Multi.Generic (1)
12:48:51.0968 2340 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:48:52.0062 2340 idsvc - ok
12:48:52.0062 2340 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys
12:48:52.0234 2340 Imapi - ok
12:48:52.0281 2340 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\windows\system32\imapi.exe
12:48:52.0437 2340 ImapiService - ok
12:48:52.0453 2340 ini910u - ok
12:48:52.0468 2340 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\windows\system32\DRIVERS\intelide.sys
12:48:52.0640 2340 IntelIde - ok
12:48:52.0656 2340 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\windows\system32\DRIVERS\intelppm.sys
12:48:52.0828 2340 intelppm - ok
12:48:52.0859 2340 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\drivers\ip6fw.sys
12:48:53.0031 2340 Ip6Fw - ok
12:48:53.0031 2340 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys
12:48:53.0187 2340 IpFilterDriver - ok
12:48:53.0187 2340 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys
12:48:53.0375 2340 IpInIp - ok
12:48:53.0406 2340 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys
12:48:53.0546 2340 IpNat - ok
12:48:53.0593 2340 iPod Service (6e0faea90e71c5f1b9f3bc71b4cca2fa) C:\Program Files\iPod\bin\iPodService.exe
12:48:53.0625 2340 iPod Service - ok
12:48:53.0656 2340 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys
12:48:53.0828 2340 IPSec - ok
12:48:53.0843 2340 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys
12:48:53.0906 2340 IRENUM - ok
12:48:53.0937 2340 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\windows\system32\DRIVERS\isapnp.sys
12:48:54.0109 2340 isapnp - ok
12:48:54.0203 2340 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
12:48:54.0218 2340 JavaQuickStarterService - ok
12:48:54.0250 2340 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\windows\system32\DRIVERS\kbdclass.sys
12:48:54.0421 2340 Kbdclass - ok
12:48:54.0468 2340 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys
12:48:54.0640 2340 kmixer - ok
12:48:54.0687 2340 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys
12:48:54.0765 2340 KSecDD - ok
12:48:54.0812 2340 L8042pr2 (0f8b7bf7097d1e8d78f2f52a2bea03cd) C:\windows\system32\DRIVERS\L8042pr2.Sys
12:48:54.0875 2340 L8042pr2 - ok
12:48:54.0937 2340 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\windows\System32\srvsvc.dll
12:48:54.0968 2340 lanmanserver - ok
12:48:55.0046 2340 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\windows\System32\wkssvc.dll
12:48:55.0093 2340 lanmanworkstation - ok
12:48:55.0093 2340 lbrtfdc - ok
12:48:55.0140 2340 LHidFlt2 (3c357dfdbbf2b4b01aa4b9c8a26e4416) C:\windows\system32\DRIVERS\LHidFlt2.Sys
12:48:55.0171 2340 LHidFlt2 - ok
12:48:55.0218 2340 LHidUsb (ffb851b1b2f6596b7d3182b977a85206) C:\windows\system32\Drivers\LHidUsb.Sys
12:48:55.0281 2340 LHidUsb - ok
12:48:55.0328 2340 LmHosts (a7db739ae99a796d91580147e919cc59) C:\windows\System32\lmhsvc.dll
12:48:55.0500 2340 LmHosts - ok
12:48:55.0515 2340 LMouFlt2 (aef09673376a4d93c09e8341854f1bf4) C:\windows\system32\DRIVERS\LMouFlt2.Sys
12:48:55.0546 2340 LMouFlt2 - ok
12:48:55.0593 2340 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\windows\system32\DRIVERS\mcdbus.sys
12:48:55.0609 2340 mcdbus ( UnsignedFile.Multi.Generic ) - warning
12:48:55.0609 2340 mcdbus - detected UnsignedFile.Multi.Generic (1)
12:48:55.0656 2340 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\windows\System32\msgsvc.dll
12:48:55.0812 2340 Messenger - ok
12:48:55.0828 2340 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys
12:48:55.0984 2340 mnmdd - ok
12:48:56.0031 2340 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
12:48:56.0187 2340 mnmsrvc - ok
12:48:56.0218 2340 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\windows\system32\drivers\Modem.sys
12:48:56.0390 2340 Modem - ok
12:48:56.0406 2340 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\windows\system32\DRIVERS\mouclass.sys
12:48:56.0562 2340 Mouclass - ok
12:48:56.0609 2340 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\windows\system32\DRIVERS\mouhid.sys
12:48:56.0765 2340 mouhid - ok
12:48:56.0781 2340 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys
12:48:56.0937 2340 MountMgr - ok
12:48:56.0968 2340 MR97310_VGA_DUAL_CAMERA (15a7769df62938c56318ed8f95376001) C:\windows\system32\DRIVERS\mr97310v.sys
12:48:57.0000 2340 MR97310_VGA_DUAL_CAMERA - ok
12:48:57.0000 2340 mraid35x - ok
12:48:57.0031 2340 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys
12:48:57.0203 2340 MRxDAV - ok
12:48:57.0265 2340 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\windows\system32\DRIVERS\mrxsmb.sys
12:48:57.0312 2340 MRxSmb - ok
12:48:57.0359 2340 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
12:48:57.0500 2340 MSDTC - ok
12:48:57.0546 2340 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys
12:48:57.0718 2340 Msfs - ok
12:48:57.0718 2340 MSIServer - ok
12:48:57.0750 2340 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys
12:48:57.0890 2340 MSKSSRV - ok
12:48:57.0906 2340 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys
12:48:58.0078 2340 MSPCLOCK - ok
12:48:58.0078 2340 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys
12:48:58.0234 2340 MSPQM - ok
12:48:58.0265 2340 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys
12:48:58.0406 2340 mssmbios - ok
12:48:58.0437 2340 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\windows\system32\drivers\MSTEE.sys
12:48:58.0593 2340 MSTEE - ok
12:48:58.0640 2340 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\windows\system32\drivers\Mup.sys
12:48:58.0703 2340 Mup - ok
12:48:58.0718 2340 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\windows\system32\DRIVERS\NABTSFEC.sys
12:48:58.0875 2340 NABTSFEC - ok
12:48:58.0937 2340 napagent (0102140028fad045756796e1c685d695) C:\windows\System32\qagentrt.dll
12:48:59.0125 2340 napagent - ok
12:48:59.0171 2340 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys
12:48:59.0312 2340 NDIS - ok
12:48:59.0343 2340 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\windows\system32\DRIVERS\NdisIP.sys
12:48:59.0500 2340 NdisIP - ok
12:48:59.0546 2340 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\windows\system32\DRIVERS\ndistapi.sys
12:48:59.0609 2340 NdisTapi - ok
12:48:59.0625 2340 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys
12:48:59.0781 2340 Ndisuio - ok
12:48:59.0875 2340 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys
12:49:00.0078 2340 NdisWan - ok
12:49:00.0109 2340 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\windows\system32\drivers\NDProxy.sys
12:49:00.0156 2340 NDProxy - ok
12:49:00.0187 2340 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys
12:49:00.0343 2340 NetBIOS - ok
12:49:00.0375 2340 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys
12:49:00.0531 2340 NetBT - ok
12:49:00.0578 2340 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\windows\system32\netdde.exe
12:49:00.0750 2340 NetDDE - ok
12:49:00.0750 2340 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\windows\system32\netdde.exe
12:49:00.0906 2340 NetDDEdsdm - ok
12:49:00.0953 2340 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\windows\system32\lsass.exe
12:49:01.0125 2340 Netlogon - ok
12:49:01.0156 2340 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\windows\System32\netman.dll
12:49:01.0312 2340 Netman - ok
12:49:01.0406 2340 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:49:01.0437 2340 NetTcpPortSharing - ok
12:49:01.0484 2340 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\windows\system32\DRIVERS\nic1394.sys
12:49:01.0640 2340 NIC1394 - ok
12:49:01.0687 2340 Nla (943337d786a56729263071623bbb9de5) C:\windows\System32\mswsock.dll
12:49:01.0734 2340 Nla - ok
12:49:01.0750 2340 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys
12:49:01.0921 2340 Npfs - ok
12:49:01.0968 2340 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys
12:49:02.0187 2340 Ntfs - ok
12:49:02.0218 2340 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\windows\system32\lsass.exe
12:49:02.0375 2340 NtLmSsp - ok
12:49:02.0437 2340 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\windows\system32\ntmssvc.dll
12:49:02.0640 2340 NtmsSvc - ok
12:49:02.0640 2340 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys
12:49:02.0796 2340 Null - ok
12:49:02.0812 2340 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys
12:49:02.0984 2340 NwlnkFlt - ok
12:49:03.0000 2340 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys
12:49:03.0156 2340 NwlnkFwd - ok
12:49:03.0187 2340 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\windows\system32\DRIVERS\ohci1394.sys
12:49:03.0343 2340 ohci1394 - ok
12:49:03.0421 2340 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:49:03.0437 2340 ose - ok
12:49:03.0468 2340 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\windows\system32\DRIVERS\parport.sys
12:49:03.0625 2340 Parport - ok
12:49:03.0656 2340 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys
12:49:03.0812 2340 PartMgr - ok
12:49:03.0828 2340 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\windows\system32\drivers\ParVdm.sys
12:49:03.0968 2340 ParVdm - ok
12:49:03.0984 2340 PCI (a219903ccf74233761d92bef471a07b1) C:\windows\system32\DRIVERS\pci.sys
12:49:04.0125 2340 PCI - ok
12:49:04.0140 2340 PCIDump - ok
12:49:04.0156 2340 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\windows\system32\DRIVERS\pciide.sys
12:49:04.0328 2340 PCIIde - ok
12:49:04.0343 2340 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\windows\system32\DRIVERS\pcmcia.sys
12:49:04.0468 2340 Pcmcia - ok
12:49:04.0484 2340 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\windows\system32\Drivers\pcouffin.sys
12:49:04.0500 2340 pcouffin ( UnsignedFile.Multi.Generic ) - warning
12:49:04.0500 2340 pcouffin - detected UnsignedFile.Multi.Generic (1)
12:49:04.0500 2340 PDCOMP - ok
12:49:04.0500 2340 PDFRAME - ok
12:49:04.0515 2340 PDRELI - ok
12:49:04.0531 2340 PDRFRAME - ok
12:49:04.0531 2340 perc2 - ok
12:49:04.0546 2340 perc2hib - ok
12:49:04.0578 2340 PLSCSI (0876a00be67460b732ba57d1530fd1c9) C:\windows\system32\DRIVERS\sci0pl.sys
12:49:04.0593 2340 PLSCSI ( UnsignedFile.Multi.Generic ) - warning
12:49:04.0593 2340 PLSCSI - detected UnsignedFile.Multi.Generic (1)
12:49:04.0640 2340 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\windows\system32\services.exe
12:49:04.0656 2340 PlugPlay - ok
12:49:04.0656 2340 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\windows\system32\lsass.exe
12:49:04.0812 2340 PolicyAgent - ok
12:49:04.0828 2340 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys
12:49:04.0984 2340 PptpMiniport - ok
12:49:05.0000 2340 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\windows\system32\lsass.exe
12:49:05.0140 2340 ProtectedStorage - ok
12:49:05.0171 2340 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys
12:49:05.0328 2340 PSched - ok
12:49:05.0359 2340 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys
12:49:05.0515 2340 Ptilink - ok
12:49:05.0546 2340 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\windows\system32\Drivers\PxHelp20.sys
12:49:05.0562 2340 PxHelp20 - ok
12:49:05.0562 2340 ql1080 - ok
12:49:05.0578 2340 Ql10wnt - ok
12:49:05.0578 2340 ql12160 - ok
12:49:05.0593 2340 ql1240 - ok
12:49:05.0609 2340 ql1280 - ok
12:49:05.0625 2340 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys
12:49:05.0750 2340 RasAcd - ok
12:49:05.0812 2340 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\windows\System32\rasauto.dll
12:49:05.0968 2340 RasAuto - ok
12:49:06.0000 2340 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys
12:49:06.0140 2340 Rasl2tp - ok
12:49:06.0187 2340 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\windows\System32\rasmans.dll
12:49:06.0328 2340 RasMan - ok
12:49:06.0343 2340 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys
12:49:06.0500 2340 RasPppoe - ok
12:49:06.0500 2340 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys
12:49:06.0640 2340 Raspti - ok
12:49:06.0656 2340 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys
12:49:06.0812 2340 Rdbss - ok
12:49:06.0828 2340 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys
12:49:06.0968 2340 RDPCDD - ok
12:49:07.0000 2340 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\windows\system32\DRIVERS\rdpdr.sys
12:49:07.0171 2340 rdpdr - ok
12:49:07.0218 2340 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\windows\system32\drivers\RDPWD.sys
12:49:07.0296 2340 RDPWD - ok
12:49:07.0343 2340 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:49:07.0484 2340 RDSessMgr - ok
12:49:07.0515 2340 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\windows\system32\DRIVERS\redbook.sys
12:49:07.0656 2340 redbook - ok
12:49:07.0703 2340 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\windows\System32\mprdim.dll
12:49:07.0843 2340 RemoteAccess - ok
12:49:07.0890 2340 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\windows\system32\regsvc.dll
12:49:08.0046 2340 RemoteRegistry - ok
12:49:08.0093 2340 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\windows\system32\Drivers\RimUsb.sys
12:49:08.0156 2340 RimUsb - ok
12:49:08.0203 2340 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\windows\system32\DRIVERS\RimSerial.sys
12:49:08.0234 2340 RimVSerPort - ok
12:49:08.0250 2340 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\windows\system32\Drivers\RootMdm.sys
12:49:08.0406 2340 ROOTMODEM - ok
12:49:08.0531 2340 Roxio UPnP Renderer 9 (f3395d205dec030dce54d4575774cfba) C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
12:49:08.0546 2340 Roxio UPnP Renderer 9 - ok
12:49:08.0578 2340 Roxio Upnp Server 9 (95519cbef94773af7cd2b26029dceea7) C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
12:49:08.0625 2340 Roxio Upnp Server 9 - ok
12:49:08.0734 2340 RoxLiveShare9 (b9ea6e59e526b10a2a09f5b9d729797d) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
12:49:08.0781 2340 RoxLiveShare9 - ok
12:49:08.0859 2340 RoxMediaDB9 (3daf385624abf3c3bbfb05cff2aca7d6) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
12:49:08.0953 2340 RoxMediaDB9 - ok
12:49:08.0968 2340 RoxWatch9 (8f366d03a7fda7527f76f01f695b0205) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
12:49:09.0000 2340 RoxWatch9 - ok
12:49:09.0171 2340 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\windows\system32\locator.exe
12:49:09.0312 2340 RpcLocator - ok
12:49:09.0375 2340 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\windows\System32\rpcss.dll
12:49:09.0406 2340 RpcSs - ok
12:49:09.0437 2340 RSVP (471b3f9741d762abe75e9deea4787e47) C:\windows\system32\rsvp.exe
12:49:09.0578 2340 RSVP - ok
12:49:09.0609 2340 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\windows\system32\lsass.exe
12:49:09.0734 2340 SamSs - ok
12:49:09.0765 2340 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\windows\System32\SCardSvr.exe
12:49:09.0921 2340 SCardSvr - ok
12:49:09.0968 2340 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\windows\system32\drivers\SCDEmu.sys
12:49:10.0000 2340 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
12:49:10.0000 2340 SCDEmu - detected UnsignedFile.Multi.Generic (1)
12:49:10.0031 2340 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\windows\system32\schedsvc.dll
12:49:10.0218 2340 Schedule - ok
12:49:10.0250 2340 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys
12:49:10.0328 2340 Secdrv - ok
12:49:10.0343 2340 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\windows\System32\seclogon.dll
12:49:10.0515 2340 seclogon - ok
12:49:10.0531 2340 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\windows\system32\sens.dll
12:49:10.0703 2340 SENS - ok
12:49:10.0718 2340 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\windows\system32\drivers\Serial.sys
12:49:10.0859 2340 Serial - ok
12:49:10.0890 2340 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys
12:49:11.0046 2340 Sfloppy - ok
12:49:11.0109 2340 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\windows\System32\shsvcs.dll
12:49:11.0125 2340 ShellHWDetection - ok
12:49:11.0218 2340 SigService (71c8de1523a36af512c57de801be90ca) C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\sigservice.exe
12:49:11.0250 2340 SigService ( UnsignedFile.Multi.Generic ) - warning
12:49:11.0250 2340 SigService - detected UnsignedFile.Multi.Generic (1)
12:49:11.0250 2340 Simbad - ok
12:49:11.0296 2340 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\windows\system32\DRIVERS\SLIP.sys
12:49:11.0468 2340 SLIP - ok
12:49:11.0500 2340 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\windows\system32\DRIVERS\SONYPVU1.SYS
12:49:11.0656 2340 SONYPVU1 - ok
12:49:11.0656 2340 Sparrow - ok
12:49:11.0671 2340 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys
12:49:11.0812 2340 splitter - ok
12:49:11.0843 2340 Spooler (60784f891563fb1b767f70117fc2428f) C:\windows\system32\spoolsv.exe
12:49:11.0890 2340 Spooler - ok
12:49:11.0937 2340 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\windows\system32\DRIVERS\sr.sys
12:49:12.0000 2340 sr - ok
12:49:12.0062 2340 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\windows\system32\srsvc.dll
12:49:12.0140 2340 srservice - ok
12:49:12.0203 2340 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\windows\system32\DRIVERS\srv.sys
12:49:12.0296 2340 Srv - ok
12:49:12.0312 2340 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\windows\System32\ssdpsrv.dll
12:49:12.0390 2340 SSDPSRV - ok
12:49:12.0406 2340 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
12:49:12.0421 2340 ssmdrv - ok
12:49:12.0484 2340 STAC97 (a334facf4302f406d260a4051e583132) C:\windows\system32\drivers\STAC97.sys
12:49:12.0546 2340 STAC97 - ok
12:49:12.0593 2340 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\windows\system32\wiaservc.dll
12:49:12.0812 2340 stisvc - ok
12:49:12.0843 2340 streamip (77813007ba6265c4b6098187e6ed79d2) C:\windows\system32\DRIVERS\StreamIP.sys
12:49:13.0000 2340 streamip - ok
12:49:13.0015 2340 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys
12:49:13.0171 2340 swenum - ok
12:49:13.0359 2340 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:49:13.0437 2340 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
12:49:13.0437 2340 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
12:49:13.0484 2340 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys
12:49:13.0640 2340 swmidi - ok
12:49:13.0640 2340 SwPrv - ok
12:49:13.0656 2340 symc810 - ok
12:49:13.0671 2340 symc8xx - ok
12:49:13.0671 2340 sym_hi - ok
12:49:13.0687 2340 sym_u3 - ok
12:49:13.0703 2340 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys
12:49:13.0843 2340 sysaudio - ok
12:49:13.0906 2340 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\windows\system32\smlogsvc.exe
12:49:14.0046 2340 SysmonLog - ok
12:49:14.0125 2340 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\windows\System32\tapisrv.dll
12:49:14.0296 2340 TapiSrv - ok
12:49:14.0343 2340 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys
12:49:14.0406 2340 Tcpip - ok
12:49:14.0437 2340 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys
12:49:14.0593 2340 TDPIPE - ok
12:49:14.0609 2340 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys
12:49:14.0750 2340 TDTCP - ok
12:49:14.0765 2340 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys
12:49:14.0906 2340 TermDD - ok
12:49:14.0953 2340 TermService (ff3477c03be7201c294c35f684b3479f) C:\windows\System32\termsrv.dll
12:49:15.0093 2340 TermService - ok
12:49:15.0140 2340 Themes (99bc0b50f511924348be19c7c7313bbf) C:\windows\System32\shsvcs.dll
12:49:15.0156 2340 Themes - ok
12:49:15.0187 2340 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
12:49:15.0281 2340 TlntSvr - ok
12:49:15.0281 2340 TosIde - ok
12:49:15.0312 2340 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\windows\system32\trkwks.dll
12:49:15.0453 2340 TrkWks - ok
12:49:15.0484 2340 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys
12:49:15.0625 2340 Udfs - ok
12:49:15.0640 2340 ultra - ok
12:49:15.0687 2340 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys
12:49:15.0906 2340 Update - ok
12:49:15.0937 2340 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\windows\System32\upnphost.dll
12:49:16.0031 2340 upnphost - ok
12:49:16.0046 2340 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\windows\System32\ups.exe
12:49:16.0203 2340 UPS - ok
12:49:16.0250 2340 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\windows\system32\Drivers\usbaapl.sys
12:49:16.0281 2340 USBAAPL - ok
12:49:16.0312 2340 USBAtapi2000 (59d65b6b73ad9f721f67f4e0d03b3bce) C:\windows\system32\DRIVERS\sci1pl.sys
12:49:16.0328 2340 USBAtapi2000 ( UnsignedFile.Multi.Generic ) - warning
12:49:16.0328 2340 USBAtapi2000 - detected UnsignedFile.Multi.Generic (1)
12:49:16.0343 2340 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys
12:49:16.0484 2340 usbccgp - ok
12:49:16.0515 2340 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys
12:49:16.0671 2340 usbehci - ok
12:49:16.0687 2340 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys
12:49:16.0828 2340 usbhub - ok
12:49:16.0859 2340 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys
12:49:17.0000 2340 usbprint - ok
12:49:17.0031 2340 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys
12:49:17.0187 2340 usbscan - ok
12:49:17.0203 2340 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS
12:49:17.0343 2340 usbstor - ok
12:49:17.0359 2340 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\windows\system32\DRIVERS\usbuhci.sys
12:49:17.0515 2340 usbuhci - ok
12:49:17.0515 2340 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys
12:49:17.0656 2340 VgaSave - ok
12:49:17.0671 2340 ViaIde - ok
12:49:17.0703 2340 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\windows\system32\drivers\VolSnap.sys
12:49:17.0843 2340 VolSnap - ok
12:49:17.0859 2340 vsdatant - ok
12:49:17.0921 2340 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\windows\System32\vssvc.exe
12:49:18.0000 2340 VSS - ok
12:49:18.0046 2340 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\windows\system32\w32time.dll
12:49:18.0218 2340 W32Time - ok
12:49:18.0250 2340 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys
12:49:18.0406 2340 Wanarp - ok
12:49:18.0468 2340 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\windows\system32\Drivers\wdf01000.sys
12:49:18.0500 2340 Wdf01000 - ok
12:49:18.0515 2340 WDICA - ok
12:49:18.0546 2340 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys
12:49:18.0687 2340 wdmaud - ok
12:49:18.0703 2340 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\windows\System32\webclnt.dll
12:49:18.0859 2340 WebClient - ok
12:49:18.0921 2340 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\windows\system32\wbem\WMIsvc.dll
12:49:19.0062 2340 winmgmt - ok
12:49:19.0125 2340 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:49:19.0171 2340 WmdmPmSN - ok
12:49:19.0250 2340 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\windows\System32\advapi32.dll
12:49:19.0328 2340 Wmi - ok
12:49:19.0390 2340 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:49:19.0531 2340 WmiApSrv - ok
12:49:19.0671 2340 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:49:19.0765 2340 WMPNetworkSvc - ok
12:49:19.0843 2340 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\windows\system32\DRIVERS\wpdusb.sys
12:49:19.0859 2340 WpdUsb - ok
12:49:19.0890 2340 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\windows\System32\drivers\ws2ifsl.sys
12:49:20.0031 2340 WS2IFSL - ok
12:49:20.0078 2340 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\windows\system32\wscsvc.dll
12:49:20.0218 2340 wscsvc - ok
12:49:20.0250 2340 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\windows\system32\DRIVERS\WSTCODEC.SYS
12:49:20.0406 2340 WSTCODEC - ok
12:49:20.0453 2340 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:49:20.0578 2340 wuauserv - ok
12:49:20.0609 2340 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\windows\system32\DRIVERS\WudfPf.sys
12:49:20.0656 2340 WudfPf - ok
12:49:20.0687 2340 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\windows\system32\DRIVERS\wudfrd.sys
12:49:20.0734 2340 WudfRd - ok
12:49:20.0765 2340 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\windows\System32\WUDFSvc.dll
12:49:20.0796 2340 WudfSvc - ok
12:49:20.0828 2340 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\windows\System32\wzcsvc.dll
12:49:21.0031 2340 WZCSVC - ok
12:49:21.0062 2340 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\windows\System32\xmlprov.dll
12:49:21.0203 2340 xmlprov - ok
12:49:21.0250 2340 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:49:21.0828 2340 \Device\Harddisk0\DR0 - ok
12:49:21.0875 2340 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR4
12:49:22.0937 2340 \Device\Harddisk3\DR4 - ok
12:49:22.0984 2340 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR5
12:49:24.0031 2340 \Device\Harddisk4\DR5 - ok
12:49:24.0046 2340 Boot (0x1200) (29f40f90a5cc7df459aa24ede5a10b6e) \Device\Harddisk0\DR0\Partition0
12:49:24.0046 2340 \Device\Harddisk0\DR0\Partition0 - ok
12:49:24.0062 2340 Boot (0x1200) (11b2d23e3d9e991d022d5fdbcc1c17c5) \Device\Harddisk3\DR4\Partition0
12:49:24.0078 2340 \Device\Harddisk3\DR4\Partition0 - ok
12:49:24.0093 2340 Boot (0x1200) (53bcd970fbea92024ecfaaddd90e03b9) \Device\Harddisk4\DR5\Partition0
12:49:24.0109 2340 \Device\Harddisk4\DR5\Partition0 - ok
12:49:24.0109 2340 ============================================================
12:49:24.0109 2340 Scan finished
12:49:24.0109 2340 ============================================================
12:49:24.0234 1592 Detected object count: 23
12:49:24.0234 1592 Actual detected object count: 23
12:49:44.0187 1592 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:44.0187 1592 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:44.0187 1592 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:44.0187 1592 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:44.0203 1592 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:44.0203 1592 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:44.0203 1592 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:44.0203 1592 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:44.0203 1592 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:44.0203 1592 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:44.0203 1592 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:44.0203 1592 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:44.0203 1592 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:44.0203 1592 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:44.0203 1592 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:44.0203 1592 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:44.0218 1592 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:44.0218 1592 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:44.0218 1592 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:44.0218 1592 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:44.0218 1592 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:44.0218 1592 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:44.0218 1592 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:44.0218 1592 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:44.0218 1592 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:44.0218 1592 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:44.0218 1592 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:44.0218 1592 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:44.0234 1592 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:44.0234 1592 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:44.0234 1592 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:44.0234 1592 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:44.0234 1592 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:44.0234 1592 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:44.0234 1592 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:44.0234 1592 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:44.0234 1592 PLSCSI ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:44.0234 1592 PLSCSI ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:44.0250 1592 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:44.0250 1592 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:44.0250 1592 SigService ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:44.0250 1592 SigService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:44.0250 1592 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:44.0250 1592 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:44.0250 1592 USBAtapi2000 ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:44.0250 1592 USBAtapi2000 ( UnsignedFile.Multi.Generic ) - User select action: Skip

MBAM Log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.15.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Rob :: ROB-CCA219EB460 [administrator]
5/18/2012 12:55:25
mbam-log-2012-05-18 (12-55-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 247941
Time elapsed: 20 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

DDS Log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Rob at 13:16:35 on 2012-05-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.514 [GMT -7:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\sigservice.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\PROGRA~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\windows\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\wuauclt.exe
C:\WINDOWS\system32\freecell.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\downlo~1\DAPIEL~1.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe" -scheduler
mRun: [StacSysTray] c:\program files\sigmatel\c-major audio\controlpanel\StacSysTray.exe
mRun: [Adobe Version Cue CS2] c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
StartupFolder: c:\docume~1\rob\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\rob\application data\leadertech\powerregister\Seagate Product Registration.exe
mPolicies-explorer: <NO NAME> =
IE: &Clean Traces - c:\program files\download accelerator plus\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\download accelerator plus\dapextie.htm
IE: Download &all with DAP - c:\program files\download accelerator plus\dapextie2.htm
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: Web-Based Email Tools - hxxps://email.secureserver.net/Download.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196226844085
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-6-27 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-27 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-27 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-27 66616]
R2 SigService;Sigmatel Service;c:\program files\sigmatel\c-major audio\controlpanel\sigservice.exe [2007-11-27 81920]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 253600]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [2004-3-30 118106]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
.
=============== Created Last 30 ================
.
2012-05-15 22:30:52 -------- d-----w- C:\HDD Virus Fix Logs (May 15, 2012)
2012-04-26 01:48:13 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-04-25 22:47:53 53248 ----a-r- c:\documents and settings\rob\application data\microsoft\installer\{12baa98c-f8dd-4bc9-bbe6-1c8463114197}\ARPPRODUCTICON.exe
.
==================== Find3M ====================
.
2012-04-25 21:22:04 256 -c--a-w- c:\windows\system32\pool.bin
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 20:23:45 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-03 20:23:45 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 13:17:26.60 ===============

Attach Log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/27/2007 7:08:52 PM
System Uptime: 5/18/2012 12:02:39 PM (1 hours ago)
.
Motherboard: Gateway | | Gateway M675
Processor: Intel® Pentium® 4 CPU 2.80GHz | uFCPGA2 | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 10.312 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is Removable
G: is CDROM (CDFS)
H: is FIXED (NTFS) - 1863 GiB total, 68.415 GiB free.
I: is FIXED (NTFS) - 1397 GiB total, 1001.553 GiB free.
K: is Removable
U: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Wireless-G PCI Adapter
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_041814E4&REV_03\4&3A321F38&0&10F0
Manufacturer: Linksys, A Division of Cisco Systems, Inc.
Name: Wireless-G PCI Adapter
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_041814E4&REV_03\4&3A321F38&0&10F0
Service: BCM43XX
.
==== System Restore Points ===================
.
RP29: 3/2/2012 11:15:17 AM - System Checkpoint
RP30: 3/4/2012 11:12:33 AM - Software Distribution Service 3.0
RP31: 3/12/2012 6:51:30 PM - Software Distribution Service 3.0
RP32: 3/17/2012 4:24:09 PM - System Checkpoint
RP33: 3/18/2012 8:16:36 PM - System Checkpoint
RP34: 3/20/2012 12:41:22 AM - System Checkpoint
RP35: 3/22/2012 4:23:02 PM - System Checkpoint
RP36: 3/28/2012 1:04:45 PM - System Checkpoint
RP37: 3/29/2012 2:05:46 PM - System Checkpoint
RP38: 4/3/2012 1:51:10 AM - System Checkpoint
RP39: 4/3/2012 1:21:45 PM - Before Install of Adobe Flash Update on 4-3-12...
RP40: 4/7/2012 2:55:32 PM - System Checkpoint
RP41: 4/9/2012 12:08:40 AM - Software Distribution Service 3.0
RP42: 4/12/2012 2:47:55 PM - System Checkpoint
RP43: 4/13/2012 9:02:10 PM - System Checkpoint
RP44: 4/19/2012 3:48:47 PM - Software Distribution Service 3.0
RP45: 4/23/2012 8:28:27 PM - System Checkpoint
RP46: 4/25/2012 3:40:32 PM - Before Install of BB AppLoader...
RP47: 4/25/2012 3:44:36 PM - Installed BlackBerry Device Software Updater.
RP48: 4/25/2012 6:48:13 PM - Installed Windows XP Wdf01009.
RP49: 5/3/2012 1:05:26 AM - Software Distribution Service 3.0
RP50: 5/3/2012 6:32:24 PM - Software Distribution Service 3.0
RP51: 5/17/2012 7:19:54 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
7-Zip 9.20
Acrobat.com
Adobe Acrobat 7.0 Professional
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Community Help
Adobe Creative Suite 2
Adobe Flash Player 11 ActiveX
Adobe GoLive CS2
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Media Player
Adobe Photoshop CS2
Adobe Photoshop CS5
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Version Cue CS2
Advanced SystemCare 3
Agere Systems AC'97 Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
BlackBerry Desktop Software 4.3
BlackBerry Device Software Updater
BlackBerry v4.2.2 for the 8830 Series Wireless Device
C-Major Audio Driver and Applications
Canon MF Toolbox 4.9.1.1.mf01
Canon MF6500 Series
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 4.0.9.322
Critical Update for Windows Media Player 11 (KB959772)
Desktop Notifier
Disk Recoup 2.1
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Download Accelerator Plus (DAP)
DVD Shrink 3.2
DVDFab 7.0.6.7 (30/05/2010)
DVDFab 8.0.0.5 (25/08/2010)
Encina DiscMaker
Far Cry
File Scavenger 3.2 (en)
Google Toolbar for Internet Explorer
Hitman 2: Silent Assassin
Hitman Blood Money
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IEEE 802.11g USB Wireless LAN Adapter
ImgBurn
Intel® PRO Network Connections Drivers
iTunes
Java Auto Updater
Java™ 6 Update 29
Logitech MouseWare 9.79.1
Magic ISO Maker v5.5 (build 0273)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.61.0.1400
Max Payne
Max Payne 2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Move Media Player
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
OGA Notifier 2.0.0048.0
OmniPage SE 2.0
PDF Settings CS5
PowerDVD
PowerISO
Presto! Mr.Photo 3
QuickTime
Roxio DLA
Roxio Express Labeler
Roxio Media Manager
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Rushmore Casino
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Update Manager
Sothink SWF Decompiler
Splinter Cell Pandora Tomorrow
Spybot - Search & Destroy
StreamTransport version: 1.0.2.1975
Suite Specific
swMSM
Tom Clancy's Splinter Cell
Ultimate Business Plan Starter
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB-IDE Bridge Driver
VC80CRTRedist - 8.0.50727.6195
VGA Dual-Mode Camera
VLC media player 1.1.9
WebFldrs XP
Windows Driver Package - Camera Maker (MR97310_VGA_DUAL_CAMERA) Image 03/30/2004 2.0.0.0
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
XP Codec Pack
.
==== Event Viewer Messages From Past Week ========
.
5/16/2012 5:55:20 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
5/15/2012 8:05:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
5/15/2012 8:05:07 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
5/15/2012 8:05:05 PM, error: Service Control Manager [7022] - The Distributed Link Tracking Client service hung on starting.
5/15/2012 5:19:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips IntelIde intelppm ohci1394 SCDEmu ssmdrv
5/15/2012 5:19:18 PM, error: Service Control Manager [7022] - The Server service hung on starting.
5/15/2012 5:19:18 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
5/15/2012 3:16:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/15/2012 3:15:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/15/2012 3:15:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm SCDEmu ssmdrv
5/15/2012 3:04:21 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
5/11/2012 3:40:57 PM, error: Service Control Manager [7000] - The USB-IDE Bridge service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================

#8
Maniac

Posted 19 May 2012 - 06:35 AM

Forum Deity

Experts
16,982 posts

Gender:Male
Location:Bulgaria, EU

Quote

1- What is that ARPPRODUCTION.exe that has been created in about 12 diff folders?

ARPPRODUCTION.exe is the product icon use by the ARPPRODUCTICON property. This property contains a key to the Icon table which contains the producticon displayed in the Add/Remove programs.

Quote

2- Are all those services that are "hanging" on startup the reason it takes my computer about 5 mins to boot up?

You have many unnecessary processes that start with your Windows. Can make many improvements to run faster your computer. Later, you can help yourself through this article:
http://forums.malwar...showtopic=81990

Now:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#9
SMiller

Posted 19 May 2012 - 05:41 PM

Advanced Member

Honorary Members
110 posts

Gender:Male

Maniac,

Ran ComboFix v12.5.19.2.

- No ComboFix.txt report was generated.
- The output file shown at the end of ComboFix running showed C:\32788R22FWJFW.
- C:\32788R22FWJFW has a computer and monitor as its icon.
- The properties for C:\32788R22FWJFW show it is 12.3 MB.

*** C:\32788R22FWJFW "shows the disk drives and hardware connected to this computer" (I see this when I hold my cursor over it.)

Thx for the info on my startup prob. I will wait until we are done fixing the main prob to mess with that. Just wasn't sure if the virus was causing all that.

#10
Maniac

Posted 20 May 2012 - 05:25 AM

Forum Deity

Experts
16,982 posts

Gender:Male
Location:Bulgaria, EU

Please try agian in Safe Mode with Networking:
http://www.microsoft...t_failsafe.mspx

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#11
SMiller

Posted 21 May 2012 - 03:23 AM

Advanced Member

Honorary Members
110 posts

Gender:Male

Maniac,

I am familiar with starting in safe mode and did so. Unforturnately, no log was created when running ComboFix again. The same output file that was created in the C: drive before was created again. Thoughts?

#12
Maniac

Posted 21 May 2012 - 02:25 PM

Forum Deity

Experts
16,982 posts

Gender:Male
Location:Bulgaria, EU

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#13
SMiller

Posted 21 May 2012 - 06:44 PM

Advanced Member

Honorary Members
110 posts

Gender:Male

I saved the OTL file on my desktop. After checking "All Users", I ran the Quick Scan. The only report generated was the OTL.txt. No Extras log was generated. I just realized that I may have run "defogger" when following the instructions from bleepingcomputer.com that I told you I executed before asking for your help. Could that be the cause for the Extras log not showing up? I doubt it but just thought I'd mention it.

OTL Log:

OTL logfile created on: 5/21/2012 3:25:12 PM - Run 4
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Rob\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 654.31 Mb Available Physical Memory | 63.96% Memory free
1.66 Gb Paging File | 1.34 Gb Available in Paging File | 81.15% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 10.23 Gb Free Space | 13.73% Space Free | Partition Type: NTFS
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 1863.01 Gb Total Space | 57.63 Gb Free Space | 3.09% Space Free | Partition Type: NTFS
Drive I: | 1397.26 Gb Total Space | 1001.55 Gb Free Space | 71.68% Space Free | Partition Type: NTFS
Drive K: | 7.47 Gb Total Space | 5.72 Gb Free Space | 76.53% Space Free | Partition Type: FAT32

Computer Name: ROB-CCA219EB460 | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/21 14:58:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe
PRC - [2011/07/01 12:34:36 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/28 21:11:06 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/11/03 09:54:28 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/11/17 17:06:24 | 000,210,208 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/04 19:58:30 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
PRC - [2004/04/29 15:16:38 | 000,102,400 | ---- | M] (Sigmatel) -- C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\stacsystray.exe
PRC - [2004/04/29 15:15:10 | 000,081,920 | ---- | M] () -- C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\sigservice.exe
PRC - [2004/04/29 15:11:52 | 000,815,174 | ---- | M] () -- C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\stacsrv.exe
PRC - [2004/01/08 09:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE

========== Modules (No Company Name) ==========

MOD - [2010/01/28 13:57:58 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008/06/20 09:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2004/04/29 15:15:10 | 000,081,920 | ---- | M] () -- C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\sigservice.exe
MOD - [2004/04/29 15:11:52 | 000,815,174 | ---- | M] () -- C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\stacsrv.exe
MOD - [2003/08/30 09:35:00 | 000,389,120 | ---- | M] () -- C:\WINDOWS\system32\actskn43.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2012/04/03 13:23:45 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/07/01 12:34:36 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/28 21:11:06 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2005/04/04 19:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
SRV - [2004/04/29 15:15:10 | 000,081,920 | ---- | M] () [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\sigservice.exe -- (SigService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Rob\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/07/01 12:34:41 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/01 12:34:41 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/08/06 17:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/09 22:35:42 | 001,273,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/12/22 02:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/04/15 09:18:34 | 000,262,128 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/03/30 11:29:36 | 000,118,106 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310v.sys -- (MR97310_VGA_DUAL_CAMERA)
DRV - [2003/12/17 09:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 09:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2003/12/17 09:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/12/17 09:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/11/26 02:31:26 | 001,205,418 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2000/12/12 16:45:52 | 000,008,679 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCI0PL.SYS -- (PLSCSI)
DRV - [2000/12/12 16:41:54 | 000,021,510 | ---- | M] ( ) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SCI1PL.SYS -- (USBAtapi2000)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1644491937-562591055-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1644491937-562591055-725345543-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1644491937-562591055-725345543-1003\..\SearchScopes\${searchCLSID}: "URL" = http://search.yahoo....&q={searchTerms}
IE - HKU\S-1-5-21-1644491937-562591055-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1644491937-562591055-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1644491937-562591055-725345543-1003\..\SearchScopes\{F7908592-680D-4A94-8911-954B0684D0E0}: "URL" = http://search.yahoo....&q={searchTerms}
IE - HKU\S-1-5-21-1644491937-562591055-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Rob\Application Data\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Rob\Application Data\Move Networks\plugins\npqmp071500000347.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/11 23:34:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Rob\Application Data\Move Networks [2009/05/11 22:41:47 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/05/15 00:08:53 | 000,000,882 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Download Accelerator Plus\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-1644491937-562591055-725345543-1003\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-1644491937-562591055-725345543-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Logitech Utility] C:\windows\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StacSysTray] C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\stacsystray.exe (Sigmatel)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1644491937-562591055-725345543-1003..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - Startup: C:\Documents and Settings\Rob\Start Menu\Programs\Startup\Seagate Product Registration.lnk = C:\Documents and Settings\Rob\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe (Leader Technologies/Seagate)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-562591055-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1644491937-562591055-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1644491937-562591055-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1644491937-562591055-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Clean Traces - C:\Program Files\Download Accelerator Plus\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\Download Accelerator Plus\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\Download Accelerator Plus\dapextie2.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1196226844085 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: Web-Based Email Tools https://email.secure...et/Download.CAB (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\windows\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/27 20:05:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 05:26:23 | 000,000,309 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012/01/13 16:57:45 | 000,000,000 | ---- | M] () - I:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/21 15:24:48 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe
[2012/05/19 14:29:34 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/05/16 16:47:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Rob\Desktop\aswMBR.exe
[2012/05/16 16:45:14 | 004,495,010 | R--- | C] (Swearware) -- C:\Documents and Settings\Rob\Desktop\ComboFix.exe
[2012/05/16 16:43:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Rob\Desktop\dds.scr
[2012/05/15 15:30:52 | 000,000,000 | ---D | C] -- C:\HDD Virus Fix Logs (May 15, 2012)
[2012/05/15 15:07:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rob\Recent
[5 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/21 15:11:05 | 000,001,374 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2012/05/21 15:10:45 | 000,000,236 | ---- | M] () -- C:\windows\tasks\OGALogon.job
[2012/05/21 15:06:20 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/21 14:58:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe
[2012/05/21 00:57:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/05/19 22:47:33 | 000,738,517 | ---- | M] () -- C:\Documents and Settings\Rob\Application Data\vso_ts_preview.xml
[2012/05/18 18:40:44 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/16 19:33:28 | 000,001,324 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
[2012/05/16 16:48:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Rob\defogger_reenable
[2012/05/16 16:47:25 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Rob\Desktop\aswMBR.exe
[2012/05/16 16:45:14 | 004,495,010 | R--- | M] (Swearware) -- C:\Documents and Settings\Rob\Desktop\ComboFix.exe
[2012/05/16 16:43:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Rob\Desktop\dds.scr
[2012/05/16 16:42:41 | 000,879,714 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\SecurityCheck.exe
[2012/05/16 16:42:26 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\Defogger.exe
[2012/05/16 07:40:44 | 002,126,424 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Rob\Desktop\TDSSKiller.exe
[2012/05/15 18:04:25 | 001,012,656 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\iExplore.exe
[2012/05/15 15:41:28 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/09 13:40:13 | 000,001,176 | ---- | M] () -- C:\Documents and Settings\Rob\Start Menu\Programs\Startup\Seagate Product Registration.lnk
[2012/04/25 18:48:50 | 000,000,000 | ---- | M] () -- C:\windows\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2012/04/25 18:48:49 | 000,000,000 | ---- | M] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/04/25 14:22:04 | 000,000,256 | ---- | M] () -- C:\windows\System32\pool.bin
[2012/04/24 20:46:30 | 000,273,222 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\Swiss Legend Challenger Chrono - ALL BLK = $88 with code DDS3242412124204.pdf
[5 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/16 16:48:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rob\defogger_reenable
[2012/05/16 16:42:37 | 000,879,714 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\SecurityCheck.exe
[2012/05/16 16:42:26 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\Defogger.exe
[2012/05/15 18:04:26 | 001,012,656 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\iExplore.exe
[2012/04/25 18:48:50 | 000,000,000 | ---- | C] () -- C:\windows\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2012/04/25 18:48:49 | 000,000,000 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/04/24 20:46:30 | 000,273,222 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\Swiss Legend Challenger Chrono - ALL BLK = $88 with code DDS3242412124204.pdf
[2012/02/16 19:12:12 | 000,003,072 | ---- | C] () -- C:\windows\System32\iacenc.dll
[2011/11/20 19:34:49 | 000,037,376 | ---- | C] () -- C:\windows\System32\VbVfw.dll
[2011/11/01 13:24:51 | 000,000,023 | ---- | C] () -- C:\windows\SWFDecompiler.INI
[2011/05/17 14:45:59 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Rob\Application Data\Adobe BMP Format CS5 Prefs
[2011/04/28 00:30:27 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/04/28 00:11:19 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Rob\Application Data\Adobe PNG Format CS5 Prefs
[2010/11/14 02:39:16 | 000,086,016 | ---- | C] () -- C:\Documents and Settings\Rob\Application Data\00000540_VTS_1.IFO
[2010/11/06 00:56:51 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\ymnq.sys
[2010/07/12 21:55:53 | 000,000,050 | ---- | C] () -- C:\windows\MegaManager.INI
[2010/06/25 12:20:40 | 000,000,038 | ---- | C] () -- C:\windows\AviSplitter.INI
[2010/06/18 21:17:25 | 000,001,324 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2010/06/18 20:12:05 | 000,000,000 | ---- | C] () -- C:\windows\Rxesalifipulukel.bin
[2010/06/18 20:12:04 | 000,000,120 | ---- | C] () -- C:\windows\Jqoqokezezocohof.dat

========== LOP Check ==========

[2009/02/15 16:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2007/11/28 19:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2008/01/28 16:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/03/06 19:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/10/21 17:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/10/03 11:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MipKukSoft
[2007/12/13 04:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/02/21 17:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2007/11/30 16:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/05/06 22:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/04/14 13:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/08/27 21:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2008/10/01 14:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/10/01 14:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2012/05/12 21:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/18 00:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2010/06/13 23:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/10/27 20:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/12/17 22:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CC51AE54-B346-4954-ADDB-30BD4F138CF2}
[2011/11/19 20:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\096F53D8
[2012/01/14 13:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Azureus
[2008/04/14 01:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Blackberry Desktop
[2010/07/11 22:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Boilsoft
[2011/04/28 10:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/01/16 17:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/11 23:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\DDMSettings
[2007/12/13 05:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Eyeblaster
[2011/04/23 01:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\FLV Extract
[2010/06/16 17:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Free AVI MPEG WMV MP4 FLV Video Joiner
[2007/12/13 05:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\GameHouse
[2010/06/09 13:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\ImgBurn
[2010/03/06 20:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\IObit
[2009/02/20 17:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Leadertech
[2010/06/13 14:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Moyea
[2007/12/12 19:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Opera
[2007/11/29 18:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Research In Motion
[2008/10/01 14:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\ScanSoft
[2010/08/27 21:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Toolbar4
[2008/03/05 02:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Uniblue
[2012/05/19 22:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Vso
[2010/06/23 11:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Waim
[2012/05/21 15:10:45 | 000,000,236 | ---- | M] () -- C:\windows\Tasks\OGALogon.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\windows\AGRSMMSG.exe:SummaryInformation
@Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4CA4D70
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:010ADD2C
< End of report >

#14
Maniac

Posted 22 May 2012 - 10:31 AM

Forum Deity

Experts
16,982 posts

Gender:Male
Location:Bulgaria, EU

No, this problem is not due to Defogger. Thanks for letting me know!

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\vsdatant.sys -- (vsdatant)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
[2012/05/19 14:29:34 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Rob\LOCALS~1\Temp\catchme.sys -- (catchme)
[2010/06/18 20:12:05 | 000,000,000 | ---- | C] () -- C:\windows\Rxesalifipulukel.bin
[2010/06/18 20:12:04 | 000,000,120 | ---- | C] () -- C:\windows\Jqoqokezezocohof.dat
[2009/02/15 16:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2012/01/14 13:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Azureus
[2010/08/27 21:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Toolbar4

:Commands
[emptytemp]
[clearallrestorepoints]
[resethosts]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#15
SMiller

Posted 22 May 2012 - 04:59 PM

Advanced Member

Honorary Members
110 posts

Gender:Male

Maniac,

FYI, here is exactly what I did before I asked for you help:

http://www.bleepingc...emove-smart-hdd

I followed these instructions in both Safe Mode and Normal Mode. When I still had issues, I posted on here. I ran OTL with the fix you suggested and rebooted my computer. My biggest concern is that all my programs showing from the Start --> Programs are empty. They don't show the executable files or much of anything. This is true for both BEFORE and AFTER the OTL fix. I hope that deleting the TEMP folders was ok as the fix on bleepingcomputer told me not to do that as the Unhide program needs the Temp folder to restore the proper links, etc.

Here is the OTL Fix Log:

All processes killed
========== OTL ==========
Service vsdatant stopped successfully!
Service vsdatant deleted successfully!
File System32\vsdatant.sys not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
C:\32788R22FWJFW\N_ folder moved successfully.
C:\32788R22FWJFW\License folder moved successfully.
C:\32788R22FWJFW\EN-US folder moved successfully.
C:\32788R22FWJFW folder moved successfully.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\Rob\LOCALS~1\Temp\catchme.sys not found.
C:\WINDOWS\Rxesalifipulukel.bin moved successfully.
C:\WINDOWS\Jqoqokezezocohof.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\Azureus folder moved successfully.
C:\Documents and Settings\Rob\Application Data\Azureus\updates folder moved successfully.
C:\Documents and Settings\Rob\Application Data\Azureus\torrents folder moved successfully.
C:\Documents and Settings\Rob\Application Data\Azureus\tmp folder moved successfully.
C:\Documents and Settings\Rob\Application Data\Azureus\subs\temp folder moved successfully.
C:\Documents and Settings\Rob\Application Data\Azureus\subs folder moved successfully.
C:\Documents and Settings\Rob\Application Data\Azureus\shares folder moved successfully.
C:\Documents and Settings\Rob\Application Data\Azureus\rss folder moved successfully.
C:\Documents and Settings\Rob\Application Data\Azureus\plugins\hvi folder moved successfully.
C:\Documents and Settings\Rob\Application Data\Azureus\plugins\azupnpav folder moved successfully.
C:\Documents and Settings\Rob\Application Data\Azureus\plugins\azump\mplayer folder moved successfully.
C:\Documents and Settings\Rob\Application Data\Azureus\plugins\azump folder moved successfully.
C:\Documents and Settings\Rob\Application Data\Azureus\plugins\azemp folder moved successfully.
C:\Documents and Settings\Rob\Application Data\Azureus\plugins\aefeatman_v folder moved successfully.
C:\Documents and Settings\Rob\Application Data\Azureus\plugins folder moved successfully.
C:\Documents and Settings\Rob\Application Data\Azureus\net folder moved successfully.
C:\Documents and Settings\Rob\Application Data\Azureus\logs\save folder moved successfully.
C:\Documents and Settings\Rob\Application Data\Azureus\logs folder moved successfully.
C:\Documents and Settings\Rob\Application Data\Azureus\dht folder moved successfully.
C:\Documents and Settings\Rob\Application Data\Azureus\devices folder moved successfully.
C:\Documents and Settings\Rob\Application Data\Azureus\active\90E7CF25B656E6DABA39AD07ABE063B95A595504 folder moved successfully.
C:\Documents and Settings\Rob\Application Data\Azureus\active folder moved successfully.
C:\Documents and Settings\Rob\Application Data\Azureus folder moved successfully.
C:\Documents and Settings\Rob\Application Data\Toolbar4 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 726333 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 821105159 bytes
->Flash cache emptied: 13541 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 375653131 bytes
->Java cache emptied: 1013 bytes
->Flash cache emptied: 30492 bytes

User: Rob
->Temp folder emptied: 125781003 bytes
->Temporary Internet Files folder emptied: 2113486659 bytes
->Java cache emptied: 489926 bytes
->Flash cache emptied: 77813 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2175612 bytes
%systemroot%\System32 .tmp files removed: 90112 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3813009 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 913710 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1505386366 bytes

Total Files Cleaned = 4,721.00 mb

Restore point Set: OTL Restore Point
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.43.1 log created on 05222012_142815
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...

#16
Maniac

Posted 23 May 2012 - 05:57 AM

Forum Deity

Experts
16,982 posts

Gender:Male
Location:Bulgaria, EU

Even after unhide.exe Start Menu is still empty?

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#17
SMiller

Posted 23 May 2012 - 02:55 PM

Advanced Member

Honorary Members
110 posts

Gender:Male

Unhide made the icons reappear on my desktop. However, when I go to my list of programs via the Start button, they are listed with folders, but those folders are empty. Also, the list of programs seems a lot shorter.

#18
Maniac

Posted 24 May 2012 - 06:05 AM

Forum Deity

Experts
16,982 posts

Gender:Male
Location:Bulgaria, EU

Please try to run this tool and let me know:
http://download.blee...it-sm-reset.exe

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#19
SMiller

Posted 24 May 2012 - 10:06 PM

Advanced Member

Honorary Members
110 posts

Gender:Male

As far as I can tell nothing has changed with the folders in the Start --> Programs.

#20
Maniac

Posted 25 May 2012 - 02:26 AM

Forum Deity

Experts
16,982 posts

Gender:Male
Location:Bulgaria, EU

What's missing there? Main shortcuts?

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

Back to Resolved HijackThis Logs · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Malwarebytes

Smart HDD Virus