tduro

Honorary Members
  • Content count

    60
  • Joined

  • Last visited

About tduro

  • Rank
    Regular Member

Contact Methods

  • ICQ
    0
  1. So far, so good. I have a WD external HD that I unplugged when I started this cleanup. Can I just plug it back in, or should I do something to ensure it's clean too?
  2. 27 suspicious files, but none malicious. No prompt to reboot, but I'll do so now. Here's the report: 18:24:49.0828 2224 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18 18:24:50.0125 2224 ============================================================ 18:24:50.0125 2224 Current date / time: 2012/03/27 18:24:50.0125 18:24:50.0125 2224 SystemInfo: 18:24:50.0125 2224 18:24:50.0125 2224 OS Version: 5.1.2600 ServicePack: 3.0 18:24:50.0125 2224 Product type: Workstation 18:24:50.0125 2224 ComputerName: YOUR-4DACD0EA75 18:24:50.0125 2224 UserName: HP_Administrator 18:24:50.0125 2224 Windows directory: C:\WINDOWS 18:24:50.0125 2224 System windows directory: C:\WINDOWS 18:24:50.0125 2224 Processor architecture: Intel x86 18:24:50.0125 2224 Number of processors: 1 18:24:50.0125 2224 Page size: 0x1000 18:24:50.0125 2224 Boot type: Normal boot 18:24:50.0125 2224 ============================================================ 18:24:54.0546 2224 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 18:24:54.0656 2224 \Device\Harddisk0\DR0: 18:24:54.0656 2224 MBR used 18:24:54.0656 2224 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1105758 18:24:54.0656 2224 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1105797, BlocksNum 0x16394769 18:24:54.0703 2224 Initialize success 18:24:54.0703 2224 ============================================================ 18:25:15.0484 0964 ============================================================ 18:25:15.0484 0964 Scan started 18:25:15.0484 0964 Mode: Manual; SigCheck; TDLFS; 18:25:15.0484 0964 ============================================================ 18:25:15.0875 0964 Abiosdsk - ok 18:25:15.0890 0964 abp480n5 - ok 18:25:16.0062 0964 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 18:25:16.0484 0964 ACDaemon - ok 18:25:16.0546 0964 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 18:25:18.0015 0964 ACPI - ok 18:25:18.0156 0964 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 18:25:18.0312 0964 ACPIEC - ok 18:25:18.0328 0964 adpu160m - ok 18:25:18.0390 0964 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 18:25:18.0562 0964 aec - ok 18:25:18.0609 0964 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys 18:25:18.0656 0964 Afc - ok 18:25:18.0703 0964 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 18:25:18.0765 0964 AFD - ok 18:25:18.0781 0964 Aha154x - ok 18:25:18.0796 0964 aic78u2 - ok 18:25:18.0812 0964 aic78xx - ok 18:25:19.0000 0964 ALCXWDM (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 18:25:19.0718 0964 ALCXWDM ( UnsignedFile.Multi.Generic ) - warning 18:25:19.0718 0964 ALCXWDM - detected UnsignedFile.Multi.Generic (1) 18:25:19.0859 0964 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 18:25:20.0015 0964 Alerter - ok 18:25:20.0046 0964 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 18:25:20.0171 0964 ALG - ok 18:25:20.0218 0964 AliIde - ok 18:25:20.0265 0964 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 18:25:20.0312 0964 AmdK8 ( UnsignedFile.Multi.Generic ) - warning 18:25:20.0312 0964 AmdK8 - detected UnsignedFile.Multi.Generic (1) 18:25:20.0328 0964 amsint - ok 18:25:20.0437 0964 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files\Avira\AntiVir Desktop\sched.exe 18:25:20.0515 0964 AntiVirSchedulerService - ok 18:25:20.0546 0964 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 18:25:20.0578 0964 AntiVirService - ok 18:25:20.0687 0964 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 18:25:20.0718 0964 Apple Mobile Device - ok 18:25:20.0828 0964 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 18:25:20.0984 0964 AppMgmt - ok 18:25:21.0046 0964 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys 18:25:21.0093 0964 aracpi - ok 18:25:21.0187 0964 ArcCD (a82f1a1b09593c73efd02a59dc94920c) C:\WINDOWS\system32\drivers\ArcCD.sys 18:25:21.0218 0964 ArcCD ( UnsignedFile.Multi.Generic ) - warning 18:25:21.0218 0964 ArcCD - detected UnsignedFile.Multi.Generic (1) 18:25:21.0250 0964 ArcRec (1af9061b61741a912368ab4dc309d25e) C:\WINDOWS\system32\drivers\ArcRec.sys 18:25:21.0281 0964 ArcRec ( UnsignedFile.Multi.Generic ) - warning 18:25:21.0281 0964 ArcRec - detected UnsignedFile.Multi.Generic (1) 18:25:21.0312 0964 ArcUdfs (3ee9e41102a2c6b8f7dbad5d44abda05) C:\WINDOWS\system32\drivers\ArcUdfs.sys 18:25:21.0375 0964 ArcUdfs ( UnsignedFile.Multi.Generic ) - warning 18:25:21.0375 0964 ArcUdfs - detected UnsignedFile.Multi.Generic (1) 18:25:21.0406 0964 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys 18:25:21.0437 0964 arhidfltr - ok 18:25:21.0531 0964 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys 18:25:21.0562 0964 arkbcfltr - ok 18:25:21.0640 0964 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys 18:25:21.0703 0964 armoucfltr - ok 18:25:21.0765 0964 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 18:25:21.0921 0964 Arp1394 - ok 18:25:21.0968 0964 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys 18:25:22.0015 0964 ARPolicy - ok 18:25:22.0062 0964 ARSVC (9a0d9b2e263bede80fb79ddbad240ec1) C:\WINDOWS\arservice.exe 18:25:23.0843 0964 ARSVC - ok 18:25:23.0953 0964 asc - ok 18:25:24.0000 0964 asc3350p - ok 18:25:24.0015 0964 asc3550 - ok 18:25:24.0125 0964 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 18:25:24.0187 0964 aspnet_state - ok 18:25:24.0234 0964 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 18:25:24.0375 0964 AsyncMac - ok 18:25:24.0437 0964 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 18:25:24.0562 0964 atapi - ok 18:25:24.0578 0964 Atdisk - ok 18:25:24.0625 0964 Ati HotKey Poller (d21352bcaab174948eb9672bc203bb0f) C:\WINDOWS\system32\Ati2evxx.exe 18:25:24.0703 0964 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - warning 18:25:24.0703 0964 Ati HotKey Poller - detected UnsignedFile.Multi.Generic (1) 18:25:24.0781 0964 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 18:25:24.0890 0964 ati2mtag ( UnsignedFile.Multi.Generic ) - warning 18:25:24.0890 0964 ati2mtag - detected UnsignedFile.Multi.Generic (1) 18:25:24.0921 0964 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 18:25:25.0062 0964 Atmarpc - ok 18:25:25.0109 0964 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 18:25:25.0250 0964 AudioSrv - ok 18:25:25.0359 0964 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 18:25:25.0515 0964 audstub - ok 18:25:25.0609 0964 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 18:25:25.0625 0964 avgio - ok 18:25:25.0687 0964 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 18:25:25.0718 0964 avgntflt - ok 18:25:25.0765 0964 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 18:25:25.0796 0964 avipbb - ok 18:25:25.0828 0964 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 18:25:25.0984 0964 Beep - ok 18:25:26.0046 0964 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 18:25:26.0265 0964 BITS - ok 18:25:26.0359 0964 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files\Bonjour\mDNSResponder.exe 18:25:26.0406 0964 Bonjour Service - ok 18:25:26.0515 0964 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 18:25:26.0687 0964 Browser - ok 18:25:26.0796 0964 btaudio (74ef010b27a2bf44dd5649dd331899a0) C:\WINDOWS\system32\drivers\btaudio.sys 18:25:26.0890 0964 btaudio ( UnsignedFile.Multi.Generic ) - warning 18:25:26.0890 0964 btaudio - detected UnsignedFile.Multi.Generic (1) 18:25:26.0937 0964 BTDriver (3c7c61c3d0b0f87136ad925ca624dc1c) C:\WINDOWS\system32\DRIVERS\btport.sys 18:25:26.0984 0964 BTDriver ( UnsignedFile.Multi.Generic ) - warning 18:25:26.0984 0964 BTDriver - detected UnsignedFile.Multi.Generic (1) 18:25:27.0046 0964 BTKRNL (515617cc36e7c5bee744b3c62affb4f5) C:\WINDOWS\system32\DRIVERS\btkrnl.sys 18:25:27.0218 0964 BTKRNL ( UnsignedFile.Multi.Generic ) - warning 18:25:27.0218 0964 BTKRNL - detected UnsignedFile.Multi.Generic (1) 18:25:27.0359 0964 btwdins (cba04ea1d394951549d26ea2ec3d85e6) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 18:25:27.0421 0964 btwdins ( UnsignedFile.Multi.Generic ) - warning 18:25:27.0421 0964 btwdins - detected UnsignedFile.Multi.Generic (1) 18:25:27.0546 0964 BTWDNDIS (2ccd954aac705aaa98ad7e545bd44efe) C:\WINDOWS\system32\DRIVERS\btwdndis.sys 18:25:27.0593 0964 BTWDNDIS ( UnsignedFile.Multi.Generic ) - warning 18:25:27.0593 0964 BTWDNDIS - detected UnsignedFile.Multi.Generic (1) 18:25:27.0640 0964 btwhid (af60e6ffef11cc9653d5edc0b238893b) C:\WINDOWS\system32\DRIVERS\btwhid.sys 18:25:27.0671 0964 btwhid ( UnsignedFile.Multi.Generic ) - warning 18:25:27.0671 0964 btwhid - detected UnsignedFile.Multi.Generic (1) 18:25:27.0718 0964 btwmodem (a1da2b09932f7ba210174695644f1490) C:\WINDOWS\system32\DRIVERS\btwmodem.sys 18:25:27.0765 0964 btwmodem ( UnsignedFile.Multi.Generic ) - warning 18:25:27.0765 0964 btwmodem - detected UnsignedFile.Multi.Generic (1) 18:25:27.0796 0964 BTWUSB (dceffeeae5672e57dd1343236fbb5763) C:\WINDOWS\system32\Drivers\btwusb.sys 18:25:27.0812 0964 BTWUSB ( UnsignedFile.Multi.Generic ) - warning 18:25:27.0812 0964 BTWUSB - detected UnsignedFile.Multi.Generic (1) 18:25:27.0875 0964 Ca100v (9b908a67f3b344b60cdaaf984ad547d1) C:\WINDOWS\system32\Drivers\Ca100v.sys 18:25:28.0062 0964 Ca100v - ok 18:25:28.0203 0964 catchme - ok 18:25:28.0250 0964 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 18:25:28.0406 0964 cbidf2k - ok 18:25:28.0546 0964 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 18:25:28.0687 0964 CCDECODE - ok 18:25:28.0734 0964 cd20xrnt - ok 18:25:28.0750 0964 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 18:25:28.0906 0964 Cdaudio - ok 18:25:28.0968 0964 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 18:25:29.0093 0964 Cdfs - ok 18:25:29.0140 0964 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 18:25:29.0281 0964 Cdrom - ok 18:25:29.0296 0964 Changer - ok 18:25:29.0343 0964 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 18:25:29.0484 0964 CiSvc - ok 18:25:29.0531 0964 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 18:25:29.0671 0964 ClipSrv - ok 18:25:29.0781 0964 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:25:29.0843 0964 clr_optimization_v2.0.50727_32 - ok 18:25:29.0937 0964 CmdIde - ok 18:25:29.0968 0964 COMSysApp - ok 18:25:30.0078 0964 cpextender (7684bc5b9ec71ca29776efa194108df5) C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe 18:25:30.0156 0964 cpextender ( UnsignedFile.Multi.Generic ) - warning 18:25:30.0156 0964 cpextender - detected UnsignedFile.Multi.Generic (1) 18:25:30.0187 0964 Cpqarray - ok 18:25:30.0203 0964 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 18:25:30.0343 0964 CryptSvc - ok 18:25:30.0359 0964 dac2w2k - ok 18:25:30.0375 0964 dac960nt - ok 18:25:30.0437 0964 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 18:25:30.0531 0964 DcomLaunch - ok 18:25:30.0609 0964 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 18:25:30.0734 0964 Dhcp - ok 18:25:30.0968 0964 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 18:25:31.0125 0964 Disk - ok 18:25:31.0265 0964 dmadmin - ok 18:25:31.0359 0964 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 18:25:31.0609 0964 dmboot - ok 18:25:31.0656 0964 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 18:25:31.0828 0964 dmio - ok 18:25:31.0875 0964 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 18:25:32.0015 0964 dmload - ok 18:25:32.0109 0964 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 18:25:32.0250 0964 dmserver - ok 18:25:32.0343 0964 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 18:25:32.0484 0964 DMusic - ok 18:25:32.0515 0964 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 18:25:32.0625 0964 Dnscache - ok 18:25:32.0671 0964 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 18:25:32.0828 0964 Dot3svc - ok 18:25:32.0843 0964 dpti2o - ok 18:25:32.0890 0964 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 18:25:33.0015 0964 drmkaud - ok 18:25:33.0046 0964 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 18:25:33.0187 0964 EapHost - ok 18:25:33.0265 0964 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe 18:25:33.0296 0964 ehRecvr - ok 18:25:33.0375 0964 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe 18:25:33.0453 0964 ehSched - ok 18:25:33.0562 0964 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 18:25:33.0687 0964 ERSvc - ok 18:25:33.0734 0964 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 18:25:33.0828 0964 Eventlog - ok 18:25:33.0875 0964 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 18:25:33.0937 0964 EventSystem - ok 18:25:34.0000 0964 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 18:25:34.0125 0964 Fastfat - ok 18:25:34.0171 0964 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 18:25:34.0250 0964 FastUserSwitchingCompatibility - ok 18:25:34.0328 0964 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe 18:25:34.0500 0964 Fax - ok 18:25:34.0562 0964 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 18:25:34.0703 0964 Fdc - ok 18:25:34.0781 0964 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 18:25:34.0921 0964 Fips - ok 18:25:34.0968 0964 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 18:25:35.0125 0964 Flpydisk - ok 18:25:35.0218 0964 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 18:25:35.0375 0964 FltMgr - ok 18:25:35.0484 0964 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 18:25:35.0531 0964 FontCache3.0.0.0 - ok 18:25:35.0625 0964 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 18:25:35.0781 0964 Fs_Rec - ok 18:25:35.0843 0964 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 18:25:36.0015 0964 Ftdisk - ok 18:25:36.0078 0964 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys 18:25:36.0125 0964 ftsata2 ( UnsignedFile.Multi.Generic ) - warning 18:25:36.0125 0964 ftsata2 - detected UnsignedFile.Multi.Generic (1) 18:25:36.0218 0964 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 18:25:36.0234 0964 GEARAspiWDM - ok 18:25:36.0281 0964 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 18:25:36.0406 0964 Gpc - ok 18:25:36.0531 0964 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 18:25:36.0546 0964 gupdate - ok 18:25:36.0593 0964 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 18:25:36.0593 0964 gupdatem - ok 18:25:36.0656 0964 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 18:25:36.0703 0964 gusvc - ok 18:25:36.0781 0964 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 18:25:36.0921 0964 helpsvc - ok 18:25:36.0968 0964 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll 18:25:37.0109 0964 HidServ - ok 18:25:37.0234 0964 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 18:25:37.0375 0964 HidUsb - ok 18:25:37.0453 0964 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 18:25:37.0625 0964 hkmsvc - ok 18:25:37.0640 0964 hpn - ok 18:25:37.0687 0964 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 18:25:37.0812 0964 HPZid412 - ok 18:25:37.0828 0964 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 18:25:37.0906 0964 HPZipr12 - ok 18:25:37.0937 0964 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 18:25:38.0015 0964 HPZius12 - ok 18:25:38.0062 0964 HSFHWBS2 (5df616addb75c1ad36c1f9e4de0f7654) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 18:25:38.0140 0964 HSFHWBS2 - ok 18:25:38.0203 0964 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 18:25:38.0375 0964 HSF_DP - ok 18:25:38.0531 0964 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 18:25:38.0593 0964 HTTP - ok 18:25:38.0640 0964 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 18:25:38.0781 0964 HTTPFilter - ok 18:25:38.0796 0964 i2omgmt - ok 18:25:38.0812 0964 i2omp - ok 18:25:38.0859 0964 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 18:25:39.0000 0964 i8042prt - ok 18:25:39.0078 0964 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys 18:25:39.0250 0964 iaStor ( UnsignedFile.Multi.Generic ) - warning 18:25:39.0250 0964 iaStor - detected UnsignedFile.Multi.Generic (1) 18:25:39.0406 0964 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 18:25:39.0468 0964 IDriverT ( UnsignedFile.Multi.Generic ) - warning 18:25:39.0468 0964 IDriverT - detected UnsignedFile.Multi.Generic (1) 18:25:39.0687 0964 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 18:25:39.0906 0964 idsvc - ok 18:25:40.0031 0964 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 18:25:40.0171 0964 Imapi - ok 18:25:40.0234 0964 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 18:25:40.0343 0964 ImapiService - ok 18:25:40.0359 0964 ini910u - ok 18:25:40.0375 0964 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 18:25:40.0500 0964 IntelIde - ok 18:25:40.0578 0964 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 18:25:40.0703 0964 intelppm - ok 18:25:40.0750 0964 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 18:25:40.0875 0964 Ip6Fw - ok 18:25:40.0921 0964 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 18:25:41.0078 0964 IpFilterDriver - ok 18:25:41.0125 0964 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 18:25:41.0250 0964 IpInIp - ok 18:25:41.0296 0964 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 18:25:41.0421 0964 IpNat - ok 18:25:41.0468 0964 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 18:25:41.0593 0964 IPSec - ok 18:25:41.0625 0964 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 18:25:41.0734 0964 IRENUM - ok 18:25:41.0812 0964 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 18:25:41.0953 0964 isapnp - ok 18:25:41.0968 0964 ivusb - ok 18:25:42.0093 0964 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe 18:25:42.0140 0964 JavaQuickStarterService - ok 18:25:42.0187 0964 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 18:25:42.0312 0964 Kbdclass - ok 18:25:42.0343 0964 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 18:25:42.0468 0964 kbdhid - ok 18:25:42.0500 0964 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 18:25:42.0609 0964 kmixer - ok 18:25:42.0656 0964 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 18:25:42.0750 0964 KSecDD - ok 18:25:42.0796 0964 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 18:25:42.0859 0964 lanmanserver - ok 18:25:42.0890 0964 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 18:25:42.0968 0964 lanmanworkstation - ok 18:25:43.0046 0964 lbrtfdc - ok 18:25:43.0156 0964 LightScribeService (6e68e520e6f2f5dce97a9ff947038769) C:\Program Files\Common Files\LightScribe\LSSrvc.exe 18:25:43.0203 0964 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 18:25:43.0203 0964 LightScribeService - detected UnsignedFile.Multi.Generic (1) 18:25:43.0265 0964 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 18:25:43.0406 0964 LmHosts - ok 18:25:43.0484 0964 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe 18:25:43.0546 0964 McrdSvc - ok 18:25:43.0562 0964 MCSTRM - ok 18:25:43.0625 0964 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 18:25:43.0671 0964 MDM - ok 18:25:43.0703 0964 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 18:25:43.0765 0964 mdmxsdk - ok 18:25:43.0796 0964 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 18:25:43.0953 0964 Messenger - ok 18:25:44.0031 0964 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll 18:25:44.0140 0964 MHN ( UnsignedFile.Multi.Generic ) - warning 18:25:44.0140 0964 MHN - detected UnsignedFile.Multi.Generic (1) 18:25:44.0250 0964 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 18:25:44.0296 0964 MHNDRV ( UnsignedFile.Multi.Generic ) - warning 18:25:44.0296 0964 MHNDRV - detected UnsignedFile.Multi.Generic (1) 18:25:44.0359 0964 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 18:25:44.0515 0964 mnmdd - ok 18:25:44.0546 0964 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 18:25:44.0671 0964 mnmsrvc - ok 18:25:44.0718 0964 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 18:25:44.0828 0964 Modem - ok 18:25:44.0843 0964 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 18:25:44.0984 0964 Mouclass - ok 18:25:45.0015 0964 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 18:25:45.0203 0964 mouhid - ok 18:25:45.0250 0964 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 18:25:45.0390 0964 MountMgr - ok 18:25:45.0406 0964 mraid35x - ok 18:25:45.0437 0964 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 18:25:45.0578 0964 MRxDAV - ok 18:25:45.0640 0964 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 18:25:45.0828 0964 MRxSmb - ok 18:25:45.0906 0964 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 18:25:46.0031 0964 MSDTC - ok 18:25:46.0140 0964 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 18:25:46.0265 0964 Msfs - ok 18:25:46.0281 0964 MSIServer - ok 18:25:46.0328 0964 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 18:25:46.0453 0964 MSKSSRV - ok 18:25:46.0484 0964 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 18:25:46.0609 0964 MSPCLOCK - ok 18:25:46.0656 0964 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 18:25:46.0781 0964 MSPQM - ok 18:25:46.0828 0964 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 18:25:46.0937 0964 mssmbios - ok 18:25:46.0984 0964 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 18:25:47.0125 0964 MSTEE - ok 18:25:47.0156 0964 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 18:25:47.0203 0964 Mup - ok 18:25:47.0234 0964 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 18:25:47.0359 0964 NABTSFEC - ok 18:25:47.0453 0964 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 18:25:47.0687 0964 napagent - ok 18:25:47.0796 0964 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 18:25:47.0937 0964 NDIS - ok 18:25:48.0000 0964 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 18:25:48.0125 0964 NdisIP - ok 18:25:48.0171 0964 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 18:25:48.0234 0964 NdisTapi - ok 18:25:48.0281 0964 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 18:25:48.0453 0964 Ndisuio - ok 18:25:48.0515 0964 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 18:25:48.0640 0964 NdisWan - ok 18:25:48.0687 0964 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 18:25:48.0750 0964 NDProxy - ok 18:25:48.0828 0964 NEOFLTR_600_14137 (8624b03dc85183f1dcf8432c502cbcf4) C:\WINDOWS\system32\Drivers\NEOFLTR_600_14137.SYS 18:25:48.0859 0964 NEOFLTR_600_14137 - ok 18:25:48.0937 0964 NEOFLTR_700_17289 (21795b5ee8f96d094ed4e6b87ad31895) C:\WINDOWS\system32\Drivers\NEOFLTR_700_17289.SYS 18:25:48.0953 0964 NEOFLTR_700_17289 - ok 18:25:49.0031 0964 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 18:25:49.0171 0964 NetBIOS - ok 18:25:49.0203 0964 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 18:25:49.0343 0964 NetBT - ok 18:25:49.0375 0964 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 18:25:49.0515 0964 NetDDE - ok 18:25:49.0531 0964 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 18:25:49.0625 0964 NetDDEdsdm - ok 18:25:49.0687 0964 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 18:25:49.0812 0964 Netlogon - ok 18:25:49.0843 0964 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 18:25:49.0953 0964 Netman - ok 18:25:50.0078 0964 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:25:50.0125 0964 NetTcpPortSharing - ok 18:25:50.0203 0964 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 18:25:50.0312 0964 NIC1394 - ok 18:25:50.0406 0964 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 18:25:50.0421 0964 Nla - ok 18:25:50.0484 0964 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 18:25:50.0625 0964 Npfs - ok 18:25:50.0687 0964 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 18:25:50.0906 0964 Ntfs - ok 18:25:50.0953 0964 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 18:25:51.0062 0964 NtLmSsp - ok 18:25:51.0109 0964 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 18:25:51.0312 0964 NtmsSvc - ok 18:25:51.0359 0964 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 18:25:51.0515 0964 Null - ok 18:25:51.0546 0964 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 18:25:51.0687 0964 NwlnkFlt - ok 18:25:51.0718 0964 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 18:25:51.0875 0964 NwlnkFwd - ok 18:25:51.0906 0964 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 18:25:52.0031 0964 ohci1394 - ok 18:25:52.0078 0964 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 18:25:52.0203 0964 Parport - ok 18:25:52.0281 0964 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 18:25:52.0406 0964 PartMgr - ok 18:25:52.0421 0964 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 18:25:52.0593 0964 ParVdm - ok 18:25:52.0625 0964 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 18:25:52.0765 0964 PCI - ok 18:25:52.0781 0964 PCIDump - ok 18:25:52.0828 0964 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 18:25:52.0984 0964 PCIIde - ok 18:25:53.0031 0964 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 18:25:53.0171 0964 Pcmcia - ok 18:25:53.0187 0964 PDCOMP - ok 18:25:53.0203 0964 PDFRAME - ok 18:25:53.0218 0964 PDRELI - ok 18:25:53.0234 0964 PDRFRAME - ok 18:25:53.0250 0964 perc2 - ok 18:25:53.0265 0964 perc2hib - ok 18:25:53.0343 0964 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 18:25:53.0578 0964 PlugPlay - ok 18:25:53.0718 0964 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE 18:25:53.0781 0964 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 18:25:53.0781 0964 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 18:25:53.0859 0964 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 18:25:53.0968 0964 PolicyAgent - ok 18:25:54.0046 0964 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 18:25:54.0171 0964 PptpMiniport - ok 18:25:54.0203 0964 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 18:25:54.0312 0964 Processor - ok 18:25:54.0328 0964 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 18:25:54.0437 0964 ProtectedStorage - ok 18:25:54.0484 0964 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys 18:25:54.0531 0964 Ps2 - ok 18:25:54.0546 0964 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 18:25:54.0687 0964 PSched - ok 18:25:54.0734 0964 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 18:25:54.0875 0964 Ptilink - ok 18:25:54.0921 0964 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 18:25:54.0953 0964 PxHelp20 - ok 18:25:55.0000 0964 ql1080 - ok 18:25:55.0015 0964 Ql10wnt - ok 18:25:55.0031 0964 ql12160 - ok 18:25:55.0046 0964 ql1240 - ok 18:25:55.0062 0964 ql1280 - ok 18:25:55.0078 0964 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 18:25:55.0234 0964 RasAcd - ok 18:25:55.0281 0964 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 18:25:55.0421 0964 RasAuto - ok 18:25:55.0453 0964 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 18:25:55.0593 0964 Rasl2tp - ok 18:25:55.0640 0964 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 18:25:55.0765 0964 RasMan - ok 18:25:55.0828 0964 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 18:25:55.0953 0964 RasPppoe - ok 18:25:55.0984 0964 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 18:25:56.0140 0964 Raspti - ok 18:25:56.0187 0964 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 18:25:56.0328 0964 Rdbss - ok 18:25:56.0375 0964 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 18:25:56.0531 0964 RDPCDD - ok 18:25:56.0562 0964 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 18:25:56.0718 0964 rdpdr - ok 18:25:56.0812 0964 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 18:25:56.0921 0964 RDPWD - ok 18:25:57.0031 0964 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 18:25:57.0171 0964 RDSessMgr - ok 18:25:57.0250 0964 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 18:25:57.0375 0964 redbook - ok 18:25:57.0421 0964 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 18:25:57.0546 0964 RemoteAccess - ok 18:25:57.0593 0964 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 18:25:57.0734 0964 RemoteRegistry - ok 18:25:57.0765 0964 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 18:25:57.0937 0964 RpcLocator - ok 18:25:58.0000 0964 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll 18:25:58.0093 0964 RpcSs - ok 18:25:58.0171 0964 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 18:25:58.0390 0964 RSVP - ok 18:25:58.0453 0964 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys 18:25:58.0515 0964 RTL8023xp - ok 18:25:58.0546 0964 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 18:25:58.0625 0964 rtl8139 - ok 18:25:58.0656 0964 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 18:25:58.0750 0964 SamSs - ok 18:25:58.0781 0964 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 18:25:58.0921 0964 SCardSvr - ok 18:25:58.0984 0964 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 18:25:59.0125 0964 Schedule - ok 18:25:59.0187 0964 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 18:25:59.0312 0964 Secdrv - ok 18:25:59.0359 0964 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 18:25:59.0468 0964 seclogon - ok 18:25:59.0500 0964 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 18:25:59.0609 0964 SENS - ok 18:25:59.0687 0964 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 18:25:59.0812 0964 Serial - ok 18:25:59.0875 0964 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 18:26:00.0000 0964 Sfloppy - ok 18:26:00.0062 0964 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 18:26:00.0218 0964 SharedAccess - ok 18:26:00.0281 0964 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 18:26:00.0296 0964 ShellHWDetection - ok 18:26:00.0343 0964 Simbad - ok 18:26:00.0390 0964 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 18:26:00.0515 0964 SLIP - ok 18:26:00.0531 0964 Sparrow - ok 18:26:00.0578 0964 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 18:26:00.0687 0964 splitter - ok 18:26:00.0750 0964 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 18:26:00.0812 0964 Spooler - ok 18:26:00.0890 0964 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 18:26:01.0015 0964 sr - ok 18:26:01.0109 0964 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 18:26:01.0250 0964 srservice - ok 18:26:01.0296 0964 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 18:26:01.0421 0964 Srv - ok 18:26:01.0453 0964 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 18:26:01.0609 0964 SSDPSRV - ok 18:26:01.0781 0964 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 18:26:01.0859 0964 ssmdrv - ok 18:26:01.0906 0964 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 18:26:02.0125 0964 stisvc - ok 18:26:02.0187 0964 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 18:26:02.0328 0964 streamip - ok 18:26:02.0375 0964 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 18:26:02.0515 0964 swenum - ok 18:26:02.0562 0964 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 18:26:02.0687 0964 swmidi - ok 18:26:02.0703 0964 SwPrv - ok 18:26:02.0718 0964 symc810 - ok 18:26:02.0734 0964 symc8xx - ok 18:26:02.0750 0964 sym_hi - ok 18:26:02.0765 0964 sym_u3 - ok 18:26:02.0796 0964 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 18:26:02.0937 0964 sysaudio - ok 18:26:02.0984 0964 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 18:26:03.0234 0964 SysmonLog - ok 18:26:03.0281 0964 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 18:26:03.0406 0964 TapiSrv - ok 18:26:03.0468 0964 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 18:26:03.0531 0964 Tcpip - ok 18:26:03.0609 0964 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 18:26:03.0750 0964 TDPIPE - ok 18:26:03.0781 0964 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 18:26:03.0906 0964 TDTCP - ok 18:26:03.0968 0964 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 18:26:04.0093 0964 TermDD - ok 18:26:04.0140 0964 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 18:26:04.0296 0964 TermService - ok 18:26:04.0343 0964 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 18:26:04.0359 0964 Themes - ok 18:26:04.0390 0964 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 18:26:04.0515 0964 TlntSvr - ok 18:26:04.0562 0964 TosIde - ok 18:26:04.0625 0964 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 18:26:04.0750 0964 TrkWks - ok 18:26:04.0812 0964 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 18:26:04.0953 0964 Udfs - ok 18:26:04.0984 0964 ultra - ok 18:26:05.0000 0964 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe 18:26:05.0062 0964 UMWdf - ok 18:26:05.0125 0964 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 18:26:05.0296 0964 Update - ok 18:26:05.0343 0964 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 18:26:05.0484 0964 upnphost - ok 18:26:05.0515 0964 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 18:26:05.0640 0964 UPS - ok 18:26:05.0687 0964 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys 18:26:05.0765 0964 USBAAPL - ok 18:26:05.0843 0964 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys 18:26:05.0937 0964 usbbus - ok 18:26:06.0031 0964 USBCamera (0c28dd9ec68ccb6e95d49bfd24fd2c11) C:\WINDOWS\system32\Drivers\Bulk100.sys 18:26:06.0078 0964 USBCamera - ok 18:26:06.0140 0964 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 18:26:06.0265 0964 usbccgp - ok 18:26:06.0312 0964 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys 18:26:06.0359 0964 UsbDiag - ok 18:26:06.0406 0964 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 18:26:06.0546 0964 usbehci - ok 18:26:06.0578 0964 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 18:26:06.0750 0964 usbhub - ok 18:26:06.0828 0964 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys 18:26:06.0875 0964 USBModem - ok 18:26:06.0968 0964 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 18:26:07.0078 0964 usbohci - ok 18:26:07.0125 0964 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 18:26:07.0234 0964 usbprint - ok 18:26:07.0312 0964 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 18:26:07.0437 0964 usbscan - ok 18:26:07.0468 0964 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 18:26:07.0578 0964 usbstor - ok 18:26:07.0640 0964 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 18:26:07.0765 0964 usbuhci - ok 18:26:07.0812 0964 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 18:26:07.0937 0964 VgaSave - ok 18:26:07.0984 0964 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 18:26:08.0109 0964 ViaIde - ok 18:26:08.0156 0964 VNA (3bb079ac39b37b257a88e68116808069) C:\WINDOWS\system32\DRIVERS\vna.sys 18:26:08.0203 0964 VNA - ok 18:26:08.0250 0964 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 18:26:08.0375 0964 VolSnap - ok 18:26:08.0453 0964 vpnagent (5ea22cb6b100212837a97f281edb3c47) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe 18:26:08.0546 0964 vpnagent - ok 18:26:08.0671 0964 vpnva (e1f2333a88ec4a5c8ea6be357323b72d) C:\WINDOWS\system32\DRIVERS\vpnva.sys 18:26:08.0703 0964 vpnva - ok 18:26:08.0765 0964 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 18:26:08.0937 0964 VSS - ok 18:26:09.0000 0964 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 18:26:09.0125 0964 W32Time - ok 18:26:09.0156 0964 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 18:26:09.0312 0964 Wanarp - ok 18:26:09.0359 0964 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys 18:26:09.0437 0964 WDC_SAM - ok 18:26:09.0546 0964 WDDMService (5ae4bfd04563afe55a0f666da23f252f) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe 18:26:09.0578 0964 WDDMService ( UnsignedFile.Multi.Generic ) - warning 18:26:09.0578 0964 WDDMService - detected UnsignedFile.Multi.Generic (1) 18:26:09.0625 0964 WDFME (f1361e91bc6e118a6ed0480ba60eab39) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe 18:26:09.0718 0964 WDFME ( UnsignedFile.Multi.Generic ) - warning 18:26:09.0718 0964 WDFME - detected UnsignedFile.Multi.Generic (1) 18:26:09.0812 0964 WDICA - ok 18:26:09.0859 0964 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 18:26:10.0000 0964 wdmaud - ok 18:26:10.0015 0964 WDSC (637cd767a88938560e8ee26572080729) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe 18:26:10.0140 0964 WDSC ( UnsignedFile.Multi.Generic ) - warning 18:26:10.0140 0964 WDSC - detected UnsignedFile.Multi.Generic (1) 18:26:10.0203 0964 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 18:26:10.0343 0964 WebClient - ok 18:26:10.0421 0964 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 18:26:10.0546 0964 winachsf - ok 18:26:10.0609 0964 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 18:26:10.0750 0964 winmgmt - ok 18:26:10.0843 0964 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe 18:26:10.0937 0964 WLSetupSvc - ok 18:26:11.0015 0964 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll 18:26:11.0062 0964 WmdmPmSN - ok 18:26:11.0140 0964 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll 18:26:11.0250 0964 Wmi - ok 18:26:11.0296 0964 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 18:26:11.0453 0964 WmiApSrv - ok 18:26:11.0531 0964 WpdUsb (bbaeaca1ffa3c86361cf0998474f6c3a) C:\WINDOWS\system32\Drivers\wpdusb.sys 18:26:11.0578 0964 WpdUsb - ok 18:26:11.0625 0964 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 18:26:11.0781 0964 WS2IFSL - ok 18:26:11.0812 0964 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 18:26:11.0953 0964 wscsvc - ok 18:26:12.0000 0964 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 18:26:12.0125 0964 WSTCODEC - ok 18:26:12.0218 0964 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 18:26:12.0343 0964 wuauserv - ok 18:26:12.0406 0964 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 18:26:12.0578 0964 WZCSVC - ok 18:26:12.0609 0964 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 18:26:12.0750 0964 xmlprov - ok 18:26:12.0796 0964 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0 18:26:12.0875 0964 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 18:26:12.0875 0964 \Device\Harddisk0\DR0 - detected TDSS File System (1) 18:26:12.0875 0964 Boot (0x1200) (24cfe822ba3421ec6520f040f536559e) \Device\Harddisk0\DR0\Partition0 18:26:12.0875 0964 \Device\Harddisk0\DR0\Partition0 - ok 18:26:12.0875 0964 Boot (0x1200) (f9144b3a6772d7992b16247922b7cffb) \Device\Harddisk0\DR0\Partition1 18:26:12.0890 0964 \Device\Harddisk0\DR0\Partition1 - ok 18:26:12.0890 0964 ============================================================ 18:26:12.0890 0964 Scan finished 18:26:12.0890 0964 ============================================================ 18:26:13.0031 2348 Detected object count: 27 18:26:13.0031 2348 Actual detected object count: 27 18:27:02.0828 2348 ALCXWDM ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0828 2348 ALCXWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0828 2348 AmdK8 ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0828 2348 AmdK8 ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0828 2348 ArcCD ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0828 2348 ArcCD ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0828 2348 ArcRec ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0828 2348 ArcRec ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0828 2348 ArcUdfs ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0828 2348 ArcUdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0828 2348 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0828 2348 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0843 2348 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0843 2348 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0843 2348 btaudio ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0843 2348 btaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0843 2348 BTDriver ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0843 2348 BTDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0843 2348 BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0843 2348 BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0843 2348 btwdins ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0843 2348 btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0843 2348 BTWDNDIS ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0843 2348 BTWDNDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0843 2348 btwhid ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0843 2348 btwhid ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0843 2348 btwmodem ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0843 2348 btwmodem ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0843 2348 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0843 2348 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0843 2348 cpextender ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0843 2348 cpextender ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0843 2348 ftsata2 ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0843 2348 ftsata2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0843 2348 iaStor ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0843 2348 iaStor ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0859 2348 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0859 2348 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0859 2348 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0859 2348 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0859 2348 MHN ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0859 2348 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0859 2348 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0859 2348 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0859 2348 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0859 2348 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0859 2348 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0859 2348 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0859 2348 WDFME ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0859 2348 WDFME ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0859 2348 WDSC ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:02.0859 2348 WDSC ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:02.0859 2348 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 18:27:02.0859 2348 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  3. Wow! That seemed too easy. No more symptoms. Google and Bing home pages are accessible. Links to search results no longer redirect. Is there anything else I need to do as a final cleanup?
  4. Hi MrC. Thank you for helping me. I ran RogueKiller. Below is the report. RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: HP_Administrator [Admin rights] Mode: Scan -- Date: 03/27/2012 12:33:03 ¤¤¤ Bad processes: 2 ¤¤¤ [sUSP PATH] arpwrmsg.exe -- C:\WINDOWS\ARPWRMSG.EXE -> KILLED [TermProc] [sUSP PATH] prmlt.dll -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\prmlt.dll -> KILLED [TermProc] ¤¤¤ Registry Entries: 2 ¤¤¤ [bLACKLIST DLL] HKLM\[...]\Run : prmlt (rundll32.exe "C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\prmlt.dll",EnumMCCustomSetNumberRelease) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[25] : NtClose @ 0x805BC530 -> HOOKED (Unknown @ 0xF7CEA114) SSDT[41] : NtCreateKey @ 0x806240F0 -> HOOKED (Unknown @ 0xF7CEA0CE) SSDT[50] : NtCreateSection @ 0x805AB3C8 -> HOOKED (Unknown @ 0xF7CEA11E) SSDT[53] : NtCreateThread @ 0x805D1018 -> HOOKED (Unknown @ 0xF7CEA0C4) SSDT[63] : NtDeleteKey @ 0x8062458C -> HOOKED (Unknown @ 0xF7CEA0D3) SSDT[65] : NtDeleteValueKey @ 0x8062475C -> HOOKED (Unknown @ 0xF7CEA0DD) SSDT[68] : NtDuplicateObject @ 0x805BE008 -> HOOKED (Unknown @ 0xF7CEA10F) SSDT[98] : NtLoadKey @ 0x80626314 -> HOOKED (Unknown @ 0xF7CEA0E2) SSDT[122] : NtOpenProcess @ 0x805CB440 -> HOOKED (Unknown @ 0xF7CEA0B0) SSDT[128] : NtOpenThread @ 0x805CB6CC -> HOOKED (Unknown @ 0xF7CEA0B5) SSDT[193] : NtReplaceKey @ 0x806261C4 -> HOOKED (Unknown @ 0xF7CEA0EC) SSDT[204] : NtRestoreKey @ 0x80625AD0 -> HOOKED (Unknown @ 0xF7CEA0E7) SSDT[213] : NtSetContextThread @ 0x805D173A -> HOOKED (Unknown @ 0xF7CEA123) SSDT[247] : NtSetValueKey @ 0x80622662 -> HOOKED (Unknown @ 0xF7CEA0D8) SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (Unknown @ 0xF7CEA0BF) S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xF7CEA128) S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xF7CEA12D) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 87.229.126.40 www.google.com 87.229.126.41 www.bing.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD2000JD-60KLB0 +++++ --- User --- [MBR] 263c68a8674ee29e5ccfabab0b247ed4 [bSP] 8a7884da59e414827f91c43dcf324e78 : Toshiba tatooed MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 8714 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 17848215 | Size: 182056 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  5. When I click a link from a Google search, I'm redirected to a bogus search engine or a bogus antivirus site. I updated and ran Malwarebytes and Avira Antivirus. Both found threats and purportedly eliminated them, but the problem remained. I'm not sure if this is related, but I can no longer access a Google or Bing front page. I can, however, get to other sites if I have a link to it or type it in the search bar directly. I ran DDS and the DDS.txt and Attach.txt are posted below: DDS.TXT . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by HP_Administrator at 18:18:01 on 2012-03-26 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.332 [GMT -4:00] . AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\ARPWRMSG.EXE C:\Program Files\DISC\DISCover.exe C:\Program Files\DISC\DiscUpdateMgr.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe C:\Program Files\DISC\DiscStreamHub.exe c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\internet explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe mRun: [DISCover] c:\program files\disc\DISCover.exe mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [prmlt] rundll32.exe "c:\docume~1\hp_adm~1\locals~1\temp\prmlt.dll",EnumMCCustomSetNumberRelease StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\hp_administrator\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - c:\program files\amazon\add to wish list ie extension\run.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Trusted Zone: trymedia.com DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://secure.ugi.com/CACHE/stc/6/binaries/vpnweb.cab DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} - hxxps://secure.ugi.com/CACHE/sdesktop/install/binaries/instweb.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxps://vpn.ugi.com/sre/ICSScanner.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://vpn.ugi.com/SNX/CSHELL/extender.cab DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} - hxxp://24.229.34.148/viewer/activeXViewer/activexviewer.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://secure.shh.org/dana-cached/setup/JuniperSetupSP1.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 TCP: Interfaces\{B7BBC842-5ECC-4F76-943A-4A4EE4342D2B} : DhcpNameServer = 192.168.1.1 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll Hosts: 87.229.126.40 www.google.com Hosts: 87.229.126.41 www.bing.com . ============= SERVICES / DRIVERS =============== . R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-25 11608] R1 NEOFLTR_600_14137;Juniper Networks TDI Filter Driver (NEOFLTR_600_14137);c:\windows\system32\drivers\NEOFLTR_600_14137.sys [2009-4-1 64160] R1 NEOFLTR_700_17289;Juniper Networks TDI Filter Driver (NEOFLTR_700_17289);c:\windows\system32\drivers\NEOFLTR_700_17289.SYS [2011-6-30 84336] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-25 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-25 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-25 66616] R2 cpextender;Check Point SSL Network Extender;c:\program files\checkpoint\ssl network extender\slimsvc.exe [2006-9-12 307295] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856] R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-10-5 237056] R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-10-5 1060352] R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-10-5 484352] R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2011-5-30 36224] R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2006-9-12 109008] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-12-6 11520] R4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2011-5-30 134912] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664] S3 Ca100v;PenCam SD, WDM Video Capture;c:\windows\system32\drivers\Ca100v.sys [2007-1-4 516635] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?] . =============== File Associations =============== . .scr=DWGTrueViewScriptFile . =============== Created Last 30 ================ . 2012-03-24 17:01:31 884 ---ha-r- c:\windows\system32\drivers\etc\hosts.sys 2012-03-24 02:22:20 -------- d-----w- c:\documents and settings\hp_administrator\application data\Waavy 2012-03-24 02:22:20 -------- d-----w- c:\documents and settings\hp_administrator\application data\Muycad 2012-03-11 13:02:44 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\PMB Files 2012-03-10 01:32:32 4431872 ----a-w- c:\windows\system32\GPhotos.scr . ==================== Find3M ==================== . 2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ============= FINISH: 18:20:05.98 =============== ATTACH.TXT . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 3/17/2006 8:59:42 PM System Uptime: 3/26/2012 5:23:14 PM (1 hours ago) . Motherboard: ASUSTek Computer INC. | | Amberine M Processor: AMD Athlon 64 Processor 3700+ | Socket 939 | 2188/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 178 GiB total, 62.227 GiB free. D: is FIXED (FAT32) - 9 GiB total, 1.117 GiB free. E: is CDROM () G: is Removable H: is Removable I: is Removable J: is Removable K: is CDROM (UDF) L: is Removable M: is FIXED (NTFS) - 1862 GiB total, 1756.306 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows Device ID: ROOT\NET\0001 Manufacturer: Cisco Systems Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows PNP Device ID: ROOT\NET\0001 Service: vpnva . ==== System Restore Points =================== . RP220: 12/28/2011 11:45:07 AM - System Checkpoint RP221: 12/29/2011 3:40:43 PM - System Checkpoint RP222: 12/30/2011 3:45:09 PM - System Checkpoint RP223: 1/1/2012 2:20:22 PM - System Checkpoint RP224: 1/2/2012 2:45:02 PM - System Checkpoint RP225: 1/3/2012 3:45:02 PM - System Checkpoint RP226: 1/4/2012 4:33:18 PM - System Checkpoint RP227: 1/5/2012 4:50:50 PM - System Checkpoint RP228: 1/6/2012 7:16:18 PM - System Checkpoint RP229: 1/7/2012 8:00:46 PM - System Checkpoint RP230: 1/8/2012 9:00:41 PM - System Checkpoint RP231: 1/9/2012 10:00:44 PM - System Checkpoint RP232: 1/10/2012 10:03:33 PM - System Checkpoint RP233: 1/11/2012 2:00:25 AM - Software Distribution Service 3.0 RP234: 1/12/2012 2:00:47 AM - System Checkpoint RP235: 1/13/2012 2:05:32 AM - System Checkpoint RP236: 1/14/2012 3:05:23 AM - System Checkpoint RP237: 1/15/2012 4:05:32 AM - System Checkpoint RP238: 1/16/2012 4:46:46 AM - System Checkpoint RP239: 1/17/2012 5:46:46 AM - System Checkpoint RP240: 1/18/2012 6:46:39 AM - System Checkpoint RP241: 1/19/2012 6:52:41 AM - System Checkpoint RP242: 1/20/2012 7:37:04 AM - System Checkpoint RP243: 1/21/2012 10:08:02 AM - System Checkpoint RP244: 1/22/2012 10:46:18 AM - System Checkpoint RP245: 1/23/2012 11:25:59 AM - System Checkpoint RP246: 1/24/2012 12:26:01 PM - System Checkpoint RP247: 1/25/2012 12:38:08 PM - System Checkpoint RP248: 1/26/2012 2:00:17 AM - Software Distribution Service 3.0 RP249: 1/27/2012 2:22:30 AM - System Checkpoint RP250: 1/28/2012 3:22:31 AM - System Checkpoint RP251: 1/29/2012 4:22:23 AM - System Checkpoint RP252: 1/30/2012 5:22:35 AM - System Checkpoint RP253: 1/31/2012 6:22:35 AM - System Checkpoint RP254: 2/1/2012 7:38:36 AM - System Checkpoint RP255: 2/2/2012 8:22:25 AM - System Checkpoint RP256: 2/3/2012 8:41:06 AM - System Checkpoint RP257: 2/4/2012 9:41:13 AM - System Checkpoint RP258: 2/5/2012 11:02:16 AM - System Checkpoint RP259: 2/6/2012 11:42:39 AM - System Checkpoint RP260: 2/7/2012 11:53:08 AM - System Checkpoint RP261: 2/8/2012 12:29:38 PM - System Checkpoint RP262: 2/9/2012 12:41:57 PM - System Checkpoint RP263: 2/10/2012 9:11:40 PM - System Checkpoint RP264: 2/11/2012 10:21:47 PM - System Checkpoint RP265: 2/12/2012 11:03:48 PM - System Checkpoint RP266: 2/14/2012 12:04:00 AM - System Checkpoint RP267: 2/15/2012 1:04:01 AM - System Checkpoint RP268: 2/16/2012 2:00:20 AM - Software Distribution Service 3.0 RP269: 2/16/2012 9:03:27 PM - Removed iTunes RP270: 2/17/2012 9:20:05 PM - System Checkpoint RP271: 2/18/2012 9:48:11 PM - System Checkpoint RP272: 2/19/2012 11:08:19 PM - System Checkpoint RP273: 2/20/2012 11:24:06 PM - System Checkpoint RP274: 2/22/2012 12:24:17 AM - System Checkpoint RP275: 2/23/2012 1:24:17 AM - System Checkpoint RP276: 2/24/2012 2:24:09 AM - System Checkpoint RP277: 2/25/2012 3:24:21 AM - System Checkpoint RP278: 2/26/2012 4:24:10 AM - System Checkpoint RP279: 2/27/2012 5:24:29 AM - System Checkpoint RP280: 2/28/2012 6:24:16 AM - System Checkpoint RP281: 2/29/2012 7:51:31 AM - System Checkpoint RP282: 3/1/2012 8:24:14 AM - System Checkpoint RP283: 3/2/2012 8:41:59 AM - System Checkpoint RP284: 3/3/2012 9:42:00 AM - System Checkpoint RP285: 3/4/2012 10:42:04 AM - System Checkpoint RP286: 3/5/2012 11:42:03 AM - System Checkpoint RP287: 3/6/2012 12:42:06 PM - System Checkpoint RP288: 3/7/2012 1:39:41 PM - System Checkpoint RP289: 3/8/2012 2:39:44 PM - System Checkpoint RP290: 3/9/2012 5:52:19 PM - System Checkpoint RP291: 3/10/2012 7:16:25 PM - System Checkpoint RP292: 3/11/2012 10:31:02 PM - System Checkpoint RP293: 3/12/2012 10:35:38 PM - System Checkpoint RP294: 3/13/2012 11:35:51 PM - System Checkpoint RP295: 3/14/2012 2:00:26 AM - Software Distribution Service 3.0 RP296: 3/15/2012 2:17:01 AM - System Checkpoint RP297: 3/16/2012 2:52:50 AM - System Checkpoint RP298: 3/17/2012 3:17:15 AM - System Checkpoint RP299: 3/18/2012 4:17:05 AM - System Checkpoint RP300: 3/19/2012 5:17:07 AM - System Checkpoint RP301: 3/20/2012 6:17:06 AM - System Checkpoint RP302: 3/21/2012 6:41:34 AM - System Checkpoint RP303: 3/22/2012 8:11:40 AM - System Checkpoint RP304: 3/23/2012 8:41:47 AM - System Checkpoint RP305: 3/24/2012 10:45:49 AM - System Checkpoint RP306: 3/25/2012 11:30:13 AM - System Checkpoint RP307: 3/26/2012 12:20:37 PM - System Checkpoint . ==== Installed Programs ====================== . 1600 1600_Help 1600Trb 5 Card Slingo from HP Media Center (remove only) Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader Korean Fonts Adobe Reader X (10.0.1) Adobe Shockwave Player 11.5 AIM 6 AiO_Scan AiO_Scan_CDA AiOSoftware AiOSoftwareNPI Amazon Add to Wish List IE Extension 1.1 AnswerWorks 5.0 English Runtime Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft MediaImpression for Kodak AstroPop Deluxe from HP Media Center (remove only) ATI Control Panel ATI Display Driver Audacity 1.2.6 Avira AntiVir Personal - Free Antivirus Barnyard Invasion from HP Media Center (remove only) Bejeweled 2 Deluxe from HP Media Center (remove only) Blackhawk Striker 2 from HP Media Center (remove only) Blasterball 2 from HP Media Center (remove only) Blasterball 2 Remix from HP Media Center (remove only) Boggle Supreme from HP Media Center (remove only) Bonjour Bookworm Deluxe from HP Media Center (remove only) Bounce Symphony from HP Media Center (remove only) BufferChm CameraDrivers Check Point SSL Network Extender Components Shell Check Point SSL Network Extender Service Chuzzle Deluxe from HP Media Center (remove only) Cisco AnyConnect VPN Client Coupon Printer for Windows CP_AtenaShokunin1Config CP_CalendarTemplates1 cp_LightScribeConfig cp_LightScribePlugin CP_Package_Basic1 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CP_Panorama1Config Crystal Maze from HP Media Center (remove only) CueTour Customer Experience Enhancement Destinations DeviceManagementQFolder DISCover DocProc DocumentViewer DocumentViewerQFolder Dropbox DWG TrueView 2007 Easy Internet Sign-up Easy MOV Converter 1.3.7 Enhanced Multimedia Keyboard Solution ESET Online Scanner v3 Exif Viewer Ver.1.1 Family Feud Family Tree Maker Fax Fax_CDA Fellowes/NEATO MediaFACE FMS Free M4a to MP3 Converter 6.2 GCalc 3 GdiplusUpgrade GemMaster Mystic Google Earth Plug-in Google Toolbar for Internet Explorer Google Update Helper Google Updater Hallmark Card Studio High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Boot Optimizer HP Deskjet Printer Preload HP DigitalMedia Archive HP Document Viewer 5.3 HP Game Console and games HP Image Zone 5.3 HP Image Zone for Media Center PC HP Imaging Device Functions 5.3 HP Photosmart 330,380,420,470,7800,8000,8200 Series HP Photosmart Cameras 5.0 HP Product Assistant HP PSC & OfficeJet 5.3.A HP PSC & OfficeJet 5.3.B HP Software Update HP Solution Center & Imaging Support Tools 5.3 HPProductAssistant HpSdpAppCoreApp Insaniquarium Deluxe from HP Media Center (remove only) InstantShareDevices InterVideo WinDVD Player Java Auto Updater Java 6 Update 24 Juniper Networks Secure Application Manager Juniper Networks Setup Client Juniper Networks Setup Client Activex Control K-Lite Codec Pack 4.0.0 (Full) League of Legends Lemonade Tycoon 2 from HP Media Center (remove only) Lexibox Deluxe from HP Media Center (remove only) LG USB Modem driver LightScribe 1.4.52.1 Mah Jong Quest from HP Media Center (remove only) Malwarebytes Anti-Malware version 1.60.1.1000 Microsoft .NET Framework 1.0 Hotfix (KB2572066) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Away Mode Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Premium Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mp3tag v2.48 MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB973686) muvee autoProducer 4.5 muvee autoProducer unPlugged 1.2 NewCopy NewCopy_CDA Otto Pando Media Booster PanoStandAlone PC-Doctor 5 for Windows PenCam SD Manager PhotoGallery Picasa 3 Polar Bowler from HP Media Center (remove only) Polar Golfer from HP Media Center (remove only) ProductContext Protected Music Converter 1.0.0.10 PS2 PSPrinters08 PSTAPlugin Puzzle Express from HP Media Center (remove only) Python 2.2 pywin32 extensions (build 203) Python 2.2.3 QBrew (remove only) Quicken 2010 QuickTime RandMap Readme RealPlayer Remove IntelliMover Demo Ricochet Lost Worlds from HP Media Center (remove only) Scan ScannerCopy SCRABBLE from HP Media Center (remove only) Screen Cleaner Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 2.0 (KB928365) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165-v2) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Shooting Stars Pool from HP Media Center (remove only) Shrek 2 Ogre Bowler from HP Media Center (remove only) Sibelius Scorch Plugin SkinsHP1 Skype Toolbars Skype™ 4.2 Slingo Deluxe from HP Media Center (remove only) Snowboard SuperJam from HP Media Center (remove only) SolutionCenter Sonic Express Labeler Sonic MyDVD Plus Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Sonic_PrimoSDK Status Super Granny from HP Media Center (remove only) TaxACT 2005 TaxACT 2006 TaxACT 2007 TaxACT 2008 TaxACT 2008 Pennsylvania TaxACT 2009 TaxACT 2009 Pennsylvania TaxACT 2010 TaxACT 2010 Pennsylvania TaxACT 2011 - 1040 Edition TaxACT 2011 Pennsylvania TaxACT Pennsylvania 2005 TaxACT Pennsylvania 2006 TaxACT Pennsylvania 2007 Tradewinds from HP Media Center (remove only) TrayApp Unload Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 7 (KB980182) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB982632) Update for Windows Media Player 10 (KB910393) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB953356) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update Rollup 2 for Windows XP Media Center Edition 2005 Updates from HP (remove only) V CAST Music with Rhapsody Visual CADD 4 WD SmartWare WebFldrs XP WebReg WIDCOMM Bluetooth Software WildTangent Web Driver Winamp (remove only) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live installer Windows Live Messenger Windows Live Sign-in Assistant Windows Media Format Runtime Windows XP Media Center Edition 2005 KB2502898 Windows XP Media Center Edition 2005 KB2619340 Windows XP Media Center Edition 2005 KB2628259 Windows XP Media Center Edition 2005 KB908250 Windows XP Media Center Edition 2005 KB973768 Windows XP Service Pack 3 Zuma Deluxe from HP Media Center (remove only) . ==== Event Viewer Messages From Past Week ======== . 3/24/2012 6:52:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor IntelIde ViaIde 3/24/2012 10:47:39 PM, error: VolSnap [20] - The shadow copy of volume M: was aborted because of a failed free space computation. 3/20/2012 6:46:36 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WDFME service. 3/20/2012 2:38:47 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the vpnagent service. 3/20/2012 2:37:57 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified. . ==== End Of File ===========================
  6. Hi Elise, I ran the "netsh firewall reset" command as you suggested. Shortly after that, following a reboot, I got another "firewall is turned off" warning. But I don't think it's happened again since then. Everything else seems to be running fine too. I get an occasional Avira pop-up saying it found a virus (which I've removed). Then I run an update and full scan and it finds nothing else. I guess it's working. Thanks, Tom
  7. Elise, I got an e-mail reply from WD. They suggested I format the disk. I tried that and it seems to have worked, except for one thing. It's supposed to be backing up my entire C-drive, but it omitted all the user accounts under documents and settings except for HP_Administrator, and All Users. The rest of my family's data doesn't get backed up. But that's not your problem. I'll take that up with WD, now that I've established contact with them. One more potential problem: I keep getting a balloon message in the system tray(?) - lower right hand corner of the screen, saying my firewall's been turned off. It seems the firewall turns itself on and off randomly. Other than that, everything seems fine. Tom
  8. Elise, I'm not clear on this part of the instruction: You have indicated that there are more than one hard drive attached to your computer. So, use the arrow (up and down) keys to highlight the disk called /dev/sdb (or however your K drive is listed there, if you are not sure, let me know what is listed and post back). Note: If /dev/sda isn't listed or you have more than one hard drive, STOP and post back here. With /dev/sda selected, press Enter I'm instructed to select /dev/sdb, but then I'm instructed to select /dev/sda. Also, although I've indicated that there are more than one hard drive attached (1 internal and 1 external), I'm instructed to STOP and post back if I have more than one hard drive. Thanks, Tom
  9. Elise, here's the Avira log from today. Everything seems to be running fine except the external HD. I tried running the checkdisk on it, but when I click the scan button, the scan window closes and nothing happens. I think the drive is showing up as drive K, although it used to have a name like "WD MyBook" or something like that. When I click on drive K, it says it's not formatted. Everything else says it's running fine. Avira AntiVir Personal Report file date: Monday, December 06, 2010 07:20 Scanning for 3121214 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : YOUR-4DACD0EA75 Version information: BUILD.DAT : 10.0.0.596 31825 Bytes 11/16/2010 15:57:00 AVSCAN.EXE : 10.0.3.1 434344 Bytes 8/2/2010 21:09:58 AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:06 LUKE.DLL : 10.0.2.3 104296 Bytes 8/2/2010 21:10:02 LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:50 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 01:00:41 VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:00:41 VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 05:19:23 VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 05:18:37 VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 05:16:43 VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 02:48:52 VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 12:01:42 VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 00:56:34 VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 23:16:10 VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 23:17:04 VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 23:17:05 VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 23:17:05 VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 23:17:06 VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 23:17:22 VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 23:17:28 VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 23:17:30 VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 22:46:31 VBASE017.VDF : 7.10.13.243 147456 Bytes 11/15/2010 22:46:32 VBASE018.VDF : 7.10.14.15 142848 Bytes 11/17/2010 15:23:48 VBASE019.VDF : 7.10.14.41 134144 Bytes 11/19/2010 03:10:41 VBASE020.VDF : 7.10.14.63 128000 Bytes 11/22/2010 03:10:49 VBASE021.VDF : 7.10.14.87 143872 Bytes 11/24/2010 03:10:56 VBASE022.VDF : 7.10.14.116 140800 Bytes 11/26/2010 13:10:03 VBASE023.VDF : 7.10.14.147 150528 Bytes 11/30/2010 13:10:03 VBASE024.VDF : 7.10.14.175 126464 Bytes 12/3/2010 13:10:12 VBASE025.VDF : 7.10.14.176 2048 Bytes 12/3/2010 13:10:13 VBASE026.VDF : 7.10.14.177 2048 Bytes 12/3/2010 13:10:13 VBASE027.VDF : 7.10.14.178 2048 Bytes 12/3/2010 13:10:13 VBASE028.VDF : 7.10.14.179 2048 Bytes 12/3/2010 13:10:14 VBASE029.VDF : 7.10.14.180 2048 Bytes 12/3/2010 13:10:14 VBASE030.VDF : 7.10.14.181 2048 Bytes 12/3/2010 13:10:14 VBASE031.VDF : 7.10.14.195 74752 Bytes 12/6/2010 12:18:47 Engineversion : 8.2.4.120 AEVDF.DLL : 8.1.2.1 106868 Bytes 8/1/2010 13:29:13 AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 12/4/2010 13:13:26 AESCN.DLL : 8.1.7.2 127349 Bytes 11/26/2010 03:13:04 AESBX.DLL : 8.1.3.2 254324 Bytes 11/26/2010 03:13:43 AERDL.DLL : 8.1.9.2 635252 Bytes 11/10/2010 23:18:25 AEPACK.DLL : 8.2.4.1 512375 Bytes 12/4/2010 13:12:56 AEOFFICE.DLL : 8.1.1.10 201084 Bytes 11/26/2010 03:13:00 AEHEUR.DLL : 8.1.2.52 3109238 Bytes 12/4/2010 13:12:35 AEHELP.DLL : 8.1.16.0 246136 Bytes 12/4/2010 13:10:35 AEGEN.DLL : 8.1.5.0 397685 Bytes 12/4/2010 13:10:34 AEEMU.DLL : 8.1.3.0 393589 Bytes 11/26/2010 03:11:17 AECORE.DLL : 8.1.19.0 196984 Bytes 12/4/2010 13:10:34 AEBB.DLL : 8.1.1.0 53618 Bytes 4/24/2010 02:36:33 AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/2/2010 21:09:58 AVPREF.DLL : 10.0.0.0 44904 Bytes 8/2/2010 21:09:56 AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 20:27:14 AVREG.DLL : 10.0.3.2 53096 Bytes 8/2/2010 21:09:56 AVSCPLR.DLL : 10.0.3.1 83816 Bytes 8/2/2010 21:09:58 AVARKT.DLL : 10.0.0.14 227176 Bytes 8/2/2010 21:09:56 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/2/2010 21:09:56 SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:24 AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/2/2010 21:09:58 NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 20:27:22 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:22 RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/2/2010 21:10:10 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Start of the scan: Monday, December 06, 2010 07:20 Starting search for hidden objects. HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\RNG\seed [NOTE] The registry entry is invisible. The scan of running processes will be started Scan process 'GPhotos.scr' - '42' Module(s) have been scanned Scan process 'msdtc.exe' - '40' Module(s) have been scanned Scan process 'dllhost.exe' - '62' Module(s) have been scanned Scan process 'dllhost.exe' - '45' Module(s) have been scanned Scan process 'vssvc.exe' - '48' Module(s) have been scanned Scan process 'avscan.exe' - '67' Module(s) have been scanned Scan process 'avcenter.exe' - '63' Module(s) have been scanned Scan process 'hpsysdrv.exe' - '14' Module(s) have been scanned Scan process 'atiptaxx.exe' - '33' Module(s) have been scanned Scan process 'ALCXMNTR.EXE' - '31' Module(s) have been scanned Scan process 'PresentationFontCache.exe' - '28' Module(s) have been scanned Scan process 'hpqSTE08.exe' - '65' Module(s) have been scanned Scan process 'iPodService.exe' - '30' Module(s) have been scanned Scan process 'DiscStreamHub.exe' - '65' Module(s) have been scanned Scan process 'WDDMStatus.exe' - '64' Module(s) have been scanned Scan process 'hpqtra08.exe' - '70' Module(s) have been scanned Scan process 'BTTray.exe' - '46' Module(s) have been scanned Scan process 'ctfmon.exe' - '25' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '64' Module(s) have been scanned Scan process 'jusched.exe' - '21' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '69' Module(s) have been scanned Scan process 'KBD.EXE' - '59' Module(s) have been scanned Scan process 'avgnt.exe' - '52' Module(s) have been scanned Scan process 'HPwuSchd2.exe' - '18' Module(s) have been scanned Scan process 'DiscUpdateMgr.exe' - '45' Module(s) have been scanned Scan process 'DISCover.exe' - '54' Module(s) have been scanned Scan process 'ARPWRMSG.EXE' - '14' Module(s) have been scanned Scan process 'ehtray.exe' - '42' Module(s) have been scanned Scan process 'Explorer.EXE' - '140' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '20' Module(s) have been scanned Scan process 'wmiprvse.exe' - '48' Module(s) have been scanned Scan process 'alg.exe' - '33' Module(s) have been scanned Scan process 'mcrdsvc.exe' - '29' Module(s) have been scanned Scan process 'WDSC.exe' - '34' Module(s) have been scanned Scan process 'WDFME.exe' - '65' Module(s) have been scanned Scan process 'WDDMService.exe' - '26' Module(s) have been scanned Scan process 'wdfmgr.exe' - '15' Module(s) have been scanned Scan process 'svchost.exe' - '40' Module(s) have been scanned Scan process 'svchost.exe' - '36' Module(s) have been scanned Scan process 'HPZIPM12.EXE' - '21' Module(s) have been scanned Scan process 'MDM.EXE' - '21' Module(s) have been scanned Scan process 'LSSrvc.exe' - '16' Module(s) have been scanned Scan process 'jqs.exe' - '33' Module(s) have been scanned Scan process 'slimsvc.exe' - '40' Module(s) have been scanned Scan process 'btwdins.exe' - '26' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned Scan process 'avshadow.exe' - '26' Module(s) have been scanned Scan process 'arservice.exe' - '24' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '33' Module(s) have been scanned Scan process 'avguard.exe' - '57' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'sched.exe' - '57' Module(s) have been scanned Scan process 'spoolsv.exe' - '73' Module(s) have been scanned Scan process 'vpnagent.exe' - '77' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'svchost.exe' - '168' Module(s) have been scanned Scan process 'svchost.exe' - '41' Module(s) have been scanned Scan process 'svchost.exe' - '53' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '15' Module(s) have been scanned Scan process 'lsass.exe' - '58' Module(s) have been scanned Scan process 'services.exe' - '36' Module(s) have been scanned Scan process 'winlogon.exe' - '80' Module(s) have been scanned Scan process 'csrss.exe' - '14' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '1786' files ). Starting the file scan: Begin scan in 'C:\' <HP_PAVILION> C:\hp\bin\KillIt.exe [DETECTION] Contains recognition pattern of the APPL/KillApp.A application C:\hp\bin\KillWind.exe [DETECTION] Contains recognition pattern of the APPL/KillApplicat.A application Begin scan in 'D:\' <HP_RECOVERY> Beginning disinfection: C:\hp\bin\KillWind.exe [DETECTION] Contains recognition pattern of the APPL/KillApplicat.A application [NOTE] The file was moved to the quarantine directory under the name '4bf2b79e.qua'. C:\hp\bin\KillIt.exe [DETECTION] Contains recognition pattern of the APPL/KillApp.A application [NOTE] The file was moved to the quarantine directory under the name '53659839.qua'. End of the scan: Monday, December 06, 2010 11:43 Used time: 2:35:57 Hour(s) The scan has been done completely. 19714 Scanned directories 683473 Files were scanned 2 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 2 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 683471 Files not concerned 17796 Archives were scanned 0 Warnings 2 Notes 543006 Objects were scanned with rootkit scan 1 Hidden objects were found
  10. Hi Elise, I'd appreciate it very much if you could help me diagnose the external HD problem, although maybe you should wait until I can give you more details on the symptoms. If I recall, I could see the drive in Windows Explorer, but I can't write to it by dragging and dropping files. Also, its backup utility doesn't work. I ran some (but not all) of the diagnostic tools that came with it, and they so far they indicate everything's fine. Also, I may still be having virus issues. I tried again to backup my system to the external HD. The on screen message said it was preparing to backup, so I let it sit overnight. This morning, there was no progress, but an Avira window said it found a virus, which I instructed it to remove. Before leaving for work, I started a full scan w/ Avira. I'll check it at lunch time and let you know what it found. Thanks, Tom
  11. Hi Elise, Sorry for the delayed response. All seemed to be fine after the last fix, except that I had trouble cleaning out the external hard drive. The delete operation failed with errors, although the drive appeared to be emptied. Now I can no longer access the drive. When I run the configuration it says it's successful, but it remains unusable. I tried uninstalling and reinstalling, to no avail. I sent Western Digital an e-mail, and am awaiting their reply. Then we had an internet outage that lasted most of today. I thought it might be related to our recent activity, but now I think it was the provider's problem. Internet access now seems fine. Tom
  12. Elise, Antivir ran fine and produced the following log. I have a follow-up question. I have an external USB hard drive that I use for backups. I've had it disconnected during this cleanup effort. I suspect it may also contain the viruses that caused my PC troubles. Am I better off wiping it clean and making a new backup, or checking/cleaning it with Antivir? Avira AntiVir Personal Report file date: Saturday, December 04, 2010 08:30 Scanning for 3118676 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : YOUR-4DACD0EA75 Version information: BUILD.DAT : 10.0.0.596 31825 Bytes 11/16/2010 15:57:00 AVSCAN.EXE : 10.0.3.1 434344 Bytes 8/2/2010 21:09:58 AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:06 LUKE.DLL : 10.0.2.3 104296 Bytes 8/2/2010 21:10:02 LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:50 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 01:00:41 VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:00:41 VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 05:19:23 VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 05:18:37 VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 05:16:43 VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 02:48:52 VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 12:01:42 VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 00:56:34 VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 23:16:10 VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 23:17:04 VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 23:17:05 VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 23:17:05 VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 23:17:06 VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 23:17:22 VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 23:17:28 VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 23:17:30 VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 22:46:31 VBASE017.VDF : 7.10.13.243 147456 Bytes 11/15/2010 22:46:32 VBASE018.VDF : 7.10.14.15 142848 Bytes 11/17/2010 15:23:48 VBASE019.VDF : 7.10.14.41 134144 Bytes 11/19/2010 03:10:41 VBASE020.VDF : 7.10.14.63 128000 Bytes 11/22/2010 03:10:49 VBASE021.VDF : 7.10.14.87 143872 Bytes 11/24/2010 03:10:56 VBASE022.VDF : 7.10.14.116 140800 Bytes 11/26/2010 13:10:03 VBASE023.VDF : 7.10.14.147 150528 Bytes 11/30/2010 13:10:03 VBASE024.VDF : 7.10.14.175 126464 Bytes 12/3/2010 13:10:12 VBASE025.VDF : 7.10.14.176 2048 Bytes 12/3/2010 13:10:13 VBASE026.VDF : 7.10.14.177 2048 Bytes 12/3/2010 13:10:13 VBASE027.VDF : 7.10.14.178 2048 Bytes 12/3/2010 13:10:13 VBASE028.VDF : 7.10.14.179 2048 Bytes 12/3/2010 13:10:14 VBASE029.VDF : 7.10.14.180 2048 Bytes 12/3/2010 13:10:14 VBASE030.VDF : 7.10.14.181 2048 Bytes 12/3/2010 13:10:14 VBASE031.VDF : 7.10.14.189 37888 Bytes 12/3/2010 13:10:17 Engineversion : 8.2.4.120 AEVDF.DLL : 8.1.2.1 106868 Bytes 8/1/2010 13:29:13 AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 12/4/2010 13:13:26 AESCN.DLL : 8.1.7.2 127349 Bytes 11/26/2010 03:13:04 AESBX.DLL : 8.1.3.2 254324 Bytes 11/26/2010 03:13:43 AERDL.DLL : 8.1.9.2 635252 Bytes 11/10/2010 23:18:25 AEPACK.DLL : 8.2.4.1 512375 Bytes 12/4/2010 13:12:56 AEOFFICE.DLL : 8.1.1.10 201084 Bytes 11/26/2010 03:13:00 AEHEUR.DLL : 8.1.2.52 3109238 Bytes 12/4/2010 13:12:35 AEHELP.DLL : 8.1.16.0 246136 Bytes 12/4/2010 13:10:35 AEGEN.DLL : 8.1.5.0 397685 Bytes 12/4/2010 13:10:34 AEEMU.DLL : 8.1.3.0 393589 Bytes 11/26/2010 03:11:17 AECORE.DLL : 8.1.19.0 196984 Bytes 12/4/2010 13:10:34 AEBB.DLL : 8.1.1.0 53618 Bytes 4/24/2010 02:36:33 AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/2/2010 21:09:58 AVPREF.DLL : 10.0.0.0 44904 Bytes 8/2/2010 21:09:56 AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 20:27:14 AVREG.DLL : 10.0.3.2 53096 Bytes 8/2/2010 21:09:56 AVSCPLR.DLL : 10.0.3.1 83816 Bytes 8/2/2010 21:09:58 AVARKT.DLL : 10.0.0.14 227176 Bytes 8/2/2010 21:09:56 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/2/2010 21:09:56 SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:24 AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/2/2010 21:09:58 NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 20:27:22 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:22 RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/2/2010 21:10:10 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Saturday, December 04, 2010 08:30 Starting search for hidden objects. HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\RNG\seed [NOTE] The registry entry is invisible. The scan of running processes will be started Scan process 'GPhotos.scr' - '42' Module(s) have been scanned Scan process 'msdtc.exe' - '40' Module(s) have been scanned Scan process 'dllhost.exe' - '62' Module(s) have been scanned Scan process 'dllhost.exe' - '45' Module(s) have been scanned Scan process 'vssvc.exe' - '48' Module(s) have been scanned Scan process 'avscan.exe' - '67' Module(s) have been scanned Scan process 'avcenter.exe' - '63' Module(s) have been scanned Scan process 'hpsysdrv.exe' - '14' Module(s) have been scanned Scan process 'atiptaxx.exe' - '33' Module(s) have been scanned Scan process 'ALCXMNTR.EXE' - '31' Module(s) have been scanned Scan process 'hpqSTE08.exe' - '65' Module(s) have been scanned Scan process 'iPodService.exe' - '30' Module(s) have been scanned Scan process 'WDDMStatus.exe' - '61' Module(s) have been scanned Scan process 'hpqtra08.exe' - '70' Module(s) have been scanned Scan process 'BTTray.exe' - '46' Module(s) have been scanned Scan process 'DiscStreamHub.exe' - '65' Module(s) have been scanned Scan process 'DiscUpdMgr.exe' - '35' Module(s) have been scanned Scan process 'ctfmon.exe' - '25' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '55' Module(s) have been scanned Scan process 'jusched.exe' - '45' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '69' Module(s) have been scanned Scan process 'KBD.EXE' - '47' Module(s) have been scanned Scan process 'avgnt.exe' - '51' Module(s) have been scanned Scan process 'HPwuSchd2.exe' - '18' Module(s) have been scanned Scan process 'DISCover.exe' - '53' Module(s) have been scanned Scan process 'ARPWRMSG.EXE' - '14' Module(s) have been scanned Scan process 'ehtray.exe' - '42' Module(s) have been scanned Scan process 'Explorer.EXE' - '114' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '20' Module(s) have been scanned Scan process 'alg.exe' - '33' Module(s) have been scanned Scan process 'wmiprvse.exe' - '50' Module(s) have been scanned Scan process 'mcrdsvc.exe' - '29' Module(s) have been scanned Scan process 'WDSC.exe' - '34' Module(s) have been scanned Scan process 'WDFME.exe' - '64' Module(s) have been scanned Scan process 'WDDMService.exe' - '26' Module(s) have been scanned Scan process 'wdfmgr.exe' - '15' Module(s) have been scanned Scan process 'svchost.exe' - '40' Module(s) have been scanned Scan process 'svchost.exe' - '36' Module(s) have been scanned Scan process 'HPZIPM12.EXE' - '21' Module(s) have been scanned Scan process 'MDM.EXE' - '21' Module(s) have been scanned Scan process 'LSSrvc.exe' - '16' Module(s) have been scanned Scan process 'jqs.exe' - '33' Module(s) have been scanned Scan process 'slimsvc.exe' - '40' Module(s) have been scanned Scan process 'btwdins.exe' - '26' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned Scan process 'avshadow.exe' - '26' Module(s) have been scanned Scan process 'arservice.exe' - '24' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '33' Module(s) have been scanned Scan process 'avguard.exe' - '56' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'sched.exe' - '57' Module(s) have been scanned Scan process 'spoolsv.exe' - '73' Module(s) have been scanned Scan process 'vpnagent.exe' - '78' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'svchost.exe' - '173' Module(s) have been scanned Scan process 'svchost.exe' - '41' Module(s) have been scanned Scan process 'svchost.exe' - '53' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '15' Module(s) have been scanned Scan process 'lsass.exe' - '58' Module(s) have been scanned Scan process 'services.exe' - '27' Module(s) have been scanned Scan process 'winlogon.exe' - '72' Module(s) have been scanned Scan process 'csrss.exe' - '14' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Master boot sector HD2 [iNFO] No virus was found! Master boot sector HD3 [iNFO] No virus was found! Master boot sector HD4 [iNFO] No virus was found! Master boot sector HD5 [iNFO] No virus was found! Master boot sector HD6 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '1787' files ). Starting the file scan: Begin scan in 'C:\' <HP_PAVILION> C:\hp\bin\HPCONTXT.exe [DETECTION] Is the TR/Trash.Gen Trojan Begin scan in 'D:\' <HP_RECOVERY> Beginning disinfection: C:\hp\bin\HPCONTXT.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '4ba6cf26.qua'. End of the scan: Saturday, December 04, 2010 11:25 Used time: 2:00:35 Hour(s) The scan has been done completely. 19677 Scanned directories 676943 Files were scanned 1 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 676942 Files not concerned 17793 Archives were scanned 0 Warnings 1 Notes 534905 Objects were scanned with rootkit scan 1 Hidden objects were found
  13. Elise, everything seems to work OK, so far, although I've been cautious and haven't tested everything. The Java update went OK. But I'm not sure about the ESET scanner. It took an hour or so to get to 100% of the virus signature download, then I got an Error #2002 or something like that, and there didn't seem to be any install process. Tom
  14. All ran smoothly. Here's the logs: ComboFix 10-12-02.01 - HP_Administrator 12/03/2010 7:15.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.447 [GMT -5:00] Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((( Files Created from 2010-11-03 to 2010-12-03 ))))))))))))))))))))))))))))))) . 2010-12-02 12:27 . 2010-12-02 12:27 -------- d-----w- C:\_OTL 2010-12-01 17:16 . 2005-06-29 18:03 175104 ----a-w- c:\windows\system32\drivers\ftsata2.sys 2010-11-29 01:21 . 2010-11-29 03:57 -------- d-----w- c:\windows\system32\NtmsData 2010-11-29 01:03 . 2010-11-29 01:03 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Avira 2010-11-26 14:21 . 2010-09-23 23:27 10450432 ------w- c:\temp\RockboxUtility.exe 2010-11-26 13:27 . 2010-11-26 13:28 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Adobe 2010-11-25 12:41 . 2010-11-25 12:41 -------- d-sh--w- c:\documents and settings\Guest\PrivacIE 2010-11-25 03:02 . 2010-11-25 03:02 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer 2010-11-25 03:01 . 2010-11-25 03:01 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Western Digital 2010-11-25 03:00 . 2010-11-25 03:00 -------- d-sh--w- c:\documents and settings\Guest\IETldCache 2010-11-24 20:02 . 2010-11-24 20:02 -------- d-----w- c:\documents and settings\Jessica\Local Settings\Application Data\Western Digital 2010-11-09 22:04 . 2010-11-09 22:06 -------- d-----w- C:\.www.rs7server.com_Webclient_Cache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-26 03:13 . 2009-07-25 11:19 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-09-18 16:23 . 2004-08-10 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2004-08-10 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2004-08-10 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2004-08-10 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 05:58 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58 . 2004-08-10 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58 . 2004-08-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-09-05 06:13 . 2010-09-05 06:13 398744 ----a-r- c:\windows\cpnprt2.cid 2010-09-05 06:13 . 2010-09-05 06:13 398744 ------w- c:\windows\system32\cpnprt2.cid . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "DISCover"="c:\program files\DISC\DISCover.exe" [2006-04-15 1073152] "DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-09-27 61440] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740] "HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-6-7 553021] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-10-5 5200384] c:\documents and settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-2 27136] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= R1 NEOFLTR_600_14137;Juniper Networks TDI Filter Driver (NEOFLTR_600_14137);c:\windows\system32\drivers\NEOFLTR_600_14137.sys [4/1/2009 10:27 PM 64160] R1 NEOFLTR_630_13725;Juniper Networks TDI Filter Driver (NEOFLTR_630_13725);c:\windows\system32\drivers\NEOFLTR_630_13725.sys [11/21/2008 3:37 AM 64480] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/25/2009 6:19 AM 135336] R2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [9/12/2006 5:14 PM 307295] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [12/17/2009 5:32 PM 497856] R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [10/5/2010 2:24 PM 237056] R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [10/5/2010 2:28 PM 1060352] R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [10/5/2010 2:27 PM 484352] R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [9/12/2006 5:14 PM 109008] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 7:20 AM 135664] S3 Ca100v;PenCam SD, WDM Video Capture;c:\windows\system32\drivers\Ca100v.sys [1/4/2007 5:46 PM 516635] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [10/29/2010 7:54 PM 11520] . Contents of the 'Scheduled Tasks' folder 2010-12-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-06 03:16] 2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 12:20] 2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 12:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Trusted Zone: trymedia.com Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://secure.ugi.com/CACHE/stc/6/binaries/vpnweb.cab DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} - hxxps://secure.ugi.com/CACHE/sdesktop/install/binaries/instweb.cab DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxps://vpn.ugi.com/sre/ICSScanner.cab DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://vpn.ugi.com/SNX/CSHELL/extender.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-03 07:30 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(760) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(412) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2010-12-03 07:33:46 ComboFix-quarantined-files.txt 2010-12-03 12:33 ComboFix2.txt 2010-12-02 23:09 ComboFix3.txt 2010-07-16 01:52 Pre-Run: 130,892,034,048 bytes free Post-Run: 130,845,474,816 bytes free - - End Of File - - EBEF3560126537884CE116AAF8323F10 Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5214 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/3/2010 9:11:26 AM mbam-log-2010-12-03 (09-11-26).txt Scan type: Full scan (C:\|D:\|E:\|G:\|H:\|I:\|J:\|L:\|) Objects scanned: 350509 Time elapsed: 1 hour(s), 32 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  15. Here it is: ComboFix 10-12-02.01 - HP_Administrator 12/02/2010 17:31:53.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.419 [GMT -5:00] Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_usnjsvc ((((((((((((((((((((((((( Files Created from 2010-11-02 to 2010-12-02 ))))))))))))))))))))))))))))))) . 2010-12-02 12:27 . 2010-12-02 12:27 -------- d-----w- C:\_OTL 2010-12-01 17:16 . 2005-06-29 18:03 175104 ----a-w- c:\windows\system32\drivers\ftsata2.sys 2010-11-29 01:21 . 2010-11-29 03:57 -------- d-----w- c:\windows\system32\NtmsData 2010-11-29 01:03 . 2010-11-29 01:03 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Avira 2010-11-26 14:21 . 2010-09-23 23:27 10450432 ------w- c:\temp\RockboxUtility.exe 2010-11-26 13:27 . 2010-11-26 13:28 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Adobe 2010-11-25 12:41 . 2010-11-25 12:41 -------- d-sh--w- c:\documents and settings\Guest\PrivacIE 2010-11-25 03:02 . 2010-11-25 03:02 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer 2010-11-25 03:01 . 2010-11-25 03:01 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Western Digital 2010-11-25 03:00 . 2010-11-25 03:00 -------- d-sh--w- c:\documents and settings\Guest\IETldCache 2010-11-24 20:02 . 2010-11-24 20:02 -------- d-----w- c:\documents and settings\Jessica\Local Settings\Application Data\Western Digital 2010-11-09 22:04 . 2010-11-09 22:06 -------- d-----w- C:\.www.rs7server.com_Webclient_Cache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-26 03:13 . 2009-07-25 11:19 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-09-18 16:23 . 2004-08-10 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2004-08-10 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2004-08-10 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2004-08-10 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 05:58 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58 . 2004-08-10 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58 . 2004-08-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-09-05 06:13 . 2010-09-05 06:13 398744 ----a-r- c:\windows\cpnprt2.cid 2010-09-05 06:13 . 2010-09-05 06:13 398744 ------w- c:\windows\system32\cpnprt2.cid . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "DISCover"="c:\program files\DISC\DISCover.exe" [2006-04-15 1073152] "DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-09-27 61440] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740] "HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-6-7 553021] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-10-5 5200384] c:\documents and settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-2 27136] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= R1 NEOFLTR_600_14137;Juniper Networks TDI Filter Driver (NEOFLTR_600_14137);c:\windows\system32\drivers\NEOFLTR_600_14137.sys [4/1/2009 10:27 PM 64160] R1 NEOFLTR_630_13725;Juniper Networks TDI Filter Driver (NEOFLTR_630_13725);c:\windows\system32\drivers\NEOFLTR_630_13725.sys [11/21/2008 3:37 AM 64480] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/25/2009 6:19 AM 135336] R2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [9/12/2006 5:14 PM 307295] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [12/17/2009 5:32 PM 497856] R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [10/5/2010 2:24 PM 237056] R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [10/5/2010 2:28 PM 1060352] R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [10/5/2010 2:27 PM 484352] R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [9/12/2006 5:14 PM 109008] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 7:20 AM 135664] S3 Ca100v;PenCam SD, WDM Video Capture;c:\windows\system32\drivers\Ca100v.sys [1/4/2007 5:46 PM 516635] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [10/29/2010 7:54 PM 11520] . Contents of the 'Scheduled Tasks' folder 2010-12-02 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-06 03:16] 2010-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 12:20] 2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 12:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uInternet Settings,ProxyServer = http=127.0.0.1:5643 uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Trusted Zone: trymedia.com Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://secure.ugi.com/CACHE/stc/6/binaries/vpnweb.cab DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} - hxxps://secure.ugi.com/CACHE/sdesktop/install/binaries/instweb.cab DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxps://vpn.ugi.com/sre/ICSScanner.cab DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://vpn.ugi.com/SNX/CSHELL/extender.cab . . ------- File Associations ------- . .scr=DWGTrueViewScriptFile . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-02 17:55 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system.ini 285 bytes scan completed successfully hidden files: 1 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(760) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2040) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\arservice.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE c:\windows\system32\wdfmgr.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\wscntfy.exe c:\windows\ARPWRMSG.EXE c:\program files\DISC\DiscUpdMgr.exe c:\program files\DISC\DiscStreamHub.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe . ************************************************************************** . Completion time: 2010-12-02 18:09:02 - machine was rebooted ComboFix-quarantined-files.txt 2010-12-02 23:08 ComboFix2.txt 2010-07-16 01:52 Pre-Run: 124,622,786,560 bytes free Post-Run: 130,829,541,376 bytes free - - End Of File - - 14ED115523BF1DC27260AEED1FB5231C