Sign in to follow this  
Followers 0
SMiller

Smart HDD Virus

49 posts in this topic

Yesterday, I was hit with the Smart HDD Virus. I have followed the instructions on bleepingcomputer.com to remove it but it is still affecting my computer.

Any help is greatly appreciated.

Share this post


Link to post
Share on other sites

Hello SMiller! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please follow the instructions here:

http://forums.malwarebytes.org/index.php?showtopic=9573

Post both log files in your next reply.

Share this post


Link to post
Share on other sites

Maniac,

Thx for taking the time to help me. I currently do not have the full PRO version of MBAM but plan on purchasing it as soon as my computer is fixed.

Here are the 2 dds logs you requested:

DDS Log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Rob at 15:42:32 on 2012-05-17

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.554 [GMT -7:00]

.

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\windows\system32\Ati2evxx.exe

C:\windows\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\windows\System32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\windows\system32\spoolsv.exe

C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\sigservice.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\wuauclt.exe

C:\windows\system32\Ati2evxx.exe

C:\windows\Explorer.EXE

C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

C:\PROGRA~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\windows\system32\ctfmon.exe

C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

C:\windows\system32\wscntfy.exe

C:\windows\system32\wuauclt.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\downlo~1\DAPIEL~1.DLL

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [iSUSPM] "c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe" -scheduler

mRun: [stacSysTray] c:\program files\sigmatel\c-major audio\controlpanel\StacSysTray.exe

mRun: [Adobe Version Cue CS2] c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Logitech Utility] Logi_MwX.Exe

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

StartupFolder: c:\docume~1\rob\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\rob\application data\leadertech\powerregister\Seagate Product Registration.exe

mPolicies-explorer: <NO NAME> =

IE: &Clean Traces - c:\program files\download accelerator plus\privacy package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\download accelerator plus\dapextie.htm

IE: Download &all with DAP - c:\program files\download accelerator plus\dapextie2.htm

IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: mswsock.dll

DPF: Web-Based Email Tools - hxxps://email.secureserver.net/Download.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196226844085

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 94.63.147.16 www.google.com

Hosts: 94.63.147.17 www.bing.com

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-6-27 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-27 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-27 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-27 66616]

R2 SigService;Sigmatel Service;c:\program files\sigmatel\c-major audio\controlpanel\sigservice.exe [2007-11-27 81920]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 253600]

S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [2004-3-30 118106]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

.

=============== Created Last 30 ================

.

2012-05-15 22:30:52 -------- d-----w- C:\HDD Virus Fix Logs (May 15, 2012)

2012-04-26 01:48:13 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll

2012-04-25 22:47:53 53248 ----a-r- c:\documents and settings\rob\application data\microsoft\installer\{12baa98c-f8dd-4bc9-bbe6-1c8463114197}\ARPPRODUCTICON.exe

.

==================== Find3M ====================

.

2012-04-25 21:22:04 256 -c--a-w- c:\windows\system32\pool.bin

2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-03 20:23:45 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-03 20:23:45 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 15:43:27.92 ===============

Attach Log:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 11/27/2007 7:08:52 PM

System Uptime: 5/17/2012 3:36:11 PM (0 hours ago)

.

Motherboard: Gateway | | Gateway M675

Processor: Intel® Pentium® 4 CPU 2.80GHz | uFCPGA2 | 2793/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 75 GiB total, 10.229 GiB free.

D: is CDROM (CDFS)

E: is Removable

F: is Removable

H: is FIXED (NTFS) - 1863 GiB total, 68.414 GiB free.

I: is FIXED (NTFS) - 1397 GiB total, 1001.553 GiB free.

U: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Wireless-G PCI Adapter

Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_041814E4&REV_03\4&3A321F38&0&10F0

Manufacturer: Linksys, A Division of Cisco Systems, Inc.

Name: Wireless-G PCI Adapter

PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_041814E4&REV_03\4&3A321F38&0&10F0

Service: BCM43XX

.

==== System Restore Points ===================

.

RP29: 3/2/2012 11:15:17 AM - System Checkpoint

RP30: 3/4/2012 11:12:33 AM - Software Distribution Service 3.0

RP31: 3/12/2012 6:51:30 PM - Software Distribution Service 3.0

RP32: 3/17/2012 4:24:09 PM - System Checkpoint

RP33: 3/18/2012 8:16:36 PM - System Checkpoint

RP34: 3/20/2012 12:41:22 AM - System Checkpoint

RP35: 3/22/2012 4:23:02 PM - System Checkpoint

RP36: 3/28/2012 1:04:45 PM - System Checkpoint

RP37: 3/29/2012 2:05:46 PM - System Checkpoint

RP38: 4/3/2012 1:51:10 AM - System Checkpoint

RP39: 4/3/2012 1:21:45 PM - Before Install of Adobe Flash Update on 4-3-12...

RP40: 4/7/2012 2:55:32 PM - System Checkpoint

RP41: 4/9/2012 12:08:40 AM - Software Distribution Service 3.0

RP42: 4/12/2012 2:47:55 PM - System Checkpoint

RP43: 4/13/2012 9:02:10 PM - System Checkpoint

RP44: 4/19/2012 3:48:47 PM - Software Distribution Service 3.0

RP45: 4/23/2012 8:28:27 PM - System Checkpoint

RP46: 4/25/2012 3:40:32 PM - Before Install of BB AppLoader...

RP47: 4/25/2012 3:44:36 PM - Installed BlackBerry Device Software Updater.

RP48: 4/25/2012 6:48:13 PM - Installed Windows XP Wdf01009.

RP49: 5/3/2012 1:05:26 AM - Software Distribution Service 3.0

RP50: 5/3/2012 6:32:24 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

.

7-Zip 9.20

Acrobat.com

Adobe Acrobat 7.0 Professional

Adobe AIR

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Community Help

Adobe Creative Suite 2

Adobe Flash Player 11 ActiveX

Adobe GoLive CS2

Adobe Help Center 1.0

Adobe Illustrator CS2

Adobe InDesign CS2

Adobe Media Player

Adobe Photoshop CS2

Adobe Photoshop CS5

Adobe Reader X (10.1.2)

Adobe Shockwave Player 11.6

Adobe Stock Photos 1.0

Adobe SVG Viewer 3.0

Adobe Version Cue CS2

Advanced SystemCare 3

Agere Systems AC'97 Modem

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Display Driver

Avira AntiVir Personal - Free Antivirus

BlackBerry Desktop Software 4.3

BlackBerry Device Software Updater

BlackBerry v4.2.2 for the 8830 Series Wireless Device

C-Major Audio Driver and Applications

Canon MF Toolbox 4.9.1.1.mf01

Canon MF6500 Series

Compatibility Pack for the 2007 Office system

ConvertXtoDVD 4.0.9.322

Critical Update for Windows Media Player 11 (KB959772)

Desktop Notifier

Disk Recoup 2.1

DivX Converter

DivX Plus DirectShow Filters

DivX Setup

DivX Version Checker

Download Accelerator Plus (DAP)

DVD Shrink 3.2

DVDFab 7.0.6.7 (30/05/2010)

DVDFab 8.0.0.5 (25/08/2010)

Encina DiscMaker

Far Cry

File Scavenger 3.2 (en)

Google Toolbar for Internet Explorer

Hitman 2: Silent Assassin

Hitman Blood Money

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB932716-v2)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

IEEE 802.11g USB Wireless LAN Adapter

ImgBurn

Intel® PRO Network Connections Drivers

iTunes

Java Auto Updater

Java 6 Update 29

Logitech MouseWare 9.79.1

Magic ISO Maker v5.5 (build 0273)

MagicDisc 2.7.106

Malwarebytes Anti-Malware version 1.61.0.1400

Max Payne

Max Payne 2

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Halo

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft National Language Support Downlevel APIs

Microsoft Office Standard Edition 2003

Microsoft Office XP Professional with FrontPage

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Move Media Player

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6.0 Parser (KB933579)

OGA Notifier 2.0.0048.0

OmniPage SE 2.0

PDF Settings CS5

PowerDVD

PowerISO

Presto! Mr.Photo 3

QuickTime

Roxio DLA

Roxio Express Labeler

Roxio Media Manager

Roxio RecordNow Audio

Roxio RecordNow Copy

Roxio RecordNow Data

Rushmore Casino

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2497640)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Sonic Update Manager

Sothink SWF Decompiler

Splinter Cell Pandora Tomorrow

Spybot - Search & Destroy

StreamTransport version: 1.0.2.1975

Suite Specific

swMSM

Tom Clancy's Splinter Cell

Ultimate Business Plan Starter

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

USB-IDE Bridge Driver

VC80CRTRedist - 8.0.50727.6195

VGA Dual-Mode Camera

VLC media player 1.1.9

Vuze

WebFldrs XP

Windows Driver Package - Camera Maker (MR97310_VGA_DUAL_CAMERA) Image 03/30/2004 2.0.0.0

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live OneCare safety scanner

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

XP Codec Pack

.

==== Event Viewer Messages From Past Week ========

.

5/16/2012 5:55:20 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

5/15/2012 8:05:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde

5/15/2012 5:19:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips IntelIde intelppm ohci1394 SCDEmu ssmdrv

5/15/2012 3:16:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

5/15/2012 3:15:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/15/2012 3:15:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm SCDEmu ssmdrv

5/15/2012 3:04:21 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

5/11/2012 3:40:57 PM, error: Service Control Manager [7000] - The USB-IDE Bridge service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

5/10/2012 4:35:11 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.

5/10/2012 4:35:11 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.

5/10/2012 4:34:41 PM, error: Service Control Manager [7022] - The Distributed Link Tracking Client service hung on starting.

5/10/2012 4:34:11 PM, error: Service Control Manager [7022] - The Server service hung on starting.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Step 1

Please uninstall Vuze, because of our policy:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Share this post


Link to post
Share on other sites

Ok. Will work on that. I am having to use a friend's computer to see your instructions so it takes me a little while to get the instructions, execute them, and then get back to you. Just FYI.

Share this post


Link to post
Share on other sites

Thanks for letting me know! :)

Share this post


Link to post
Share on other sites

Maniac,

Here are the logs you requested. I also have 2 questions: 1- What is that ARPPRODUCTION.exe that has been created in about 12 diff folders? 2- Are all those services that are "hanging" on startup the reason it takes my computer about 5 mins to boot up?

Thx.

TDSSKiller Log:

12:48:25.0328 1444 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57

12:48:25.0343 1444 ============================================================

12:48:25.0343 1444 Current date / time: 2012/05/18 12:48:25.0343

12:48:25.0343 1444 SystemInfo:

12:48:25.0343 1444

12:48:25.0343 1444 OS Version: 5.1.2600 ServicePack: 3.0

12:48:25.0343 1444 Product type: Workstation

12:48:25.0343 1444 ComputerName: ROB-CCA219EB460

12:48:25.0343 1444 UserName: Rob

12:48:25.0343 1444 Windows directory: C:\windows

12:48:25.0343 1444 System windows directory: C:\windows

12:48:25.0343 1444 Processor architecture: Intel x86

12:48:25.0343 1444 Number of processors: 2

12:48:25.0343 1444 Page size: 0x1000

12:48:25.0343 1444 Boot type: Normal boot

12:48:25.0343 1444 ============================================================

12:48:27.0875 1444 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

12:48:27.0906 1444 Drive \Device\Harddisk3\DR4 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

12:48:27.0937 1444 Drive \Device\Harddisk4\DR5 - Size: 0x15D50F65C00 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

12:48:27.0968 1444 ============================================================

12:48:27.0968 1444 \Device\Harddisk0\DR0:

12:48:27.0968 1444 MBR partitions:

12:48:27.0968 1444 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1

12:48:27.0968 1444 \Device\Harddisk3\DR4:

12:48:27.0968 1444 MBR partitions:

12:48:27.0968 1444 \Device\Harddisk3\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000

12:48:27.0968 1444 \Device\Harddisk4\DR5:

12:48:27.0984 1444 MBR partitions:

12:48:27.0984 1444 \Device\Harddisk4\DR5\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAEA86702

12:48:27.0984 1444 ============================================================

12:48:28.0000 1444 C: <-> \Device\Harddisk0\DR0\Partition0

12:48:28.0203 1444 H: <-> \Device\Harddisk3\DR4\Partition0

12:48:28.0296 1444 I: <-> \Device\Harddisk4\DR5\Partition0

12:48:28.0296 1444 ============================================================

12:48:28.0296 1444 Initialize success

12:48:28.0296 1444 ============================================================

12:48:34.0875 2340 ============================================================

12:48:34.0875 2340 Scan started

12:48:34.0875 2340 Mode: Manual; SigCheck; TDLFS;

12:48:34.0875 2340 ============================================================

12:48:36.0031 2340 Abiosdsk - ok

12:48:36.0031 2340 abp480n5 - ok

12:48:36.0093 2340 ACPI (8fd99680a539792a30e97944fdaecf17) C:\windows\system32\DRIVERS\ACPI.sys

12:48:37.0312 2340 ACPI - ok

12:48:37.0421 2340 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\DRIVERS\ACPIEC.sys

12:48:37.0578 2340 ACPIEC - ok

12:48:37.0687 2340 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

12:48:37.0718 2340 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning

12:48:37.0718 2340 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)

12:48:37.0812 2340 Adobe Version Cue CS2 (41d15ead554396bf35b7c5246ad47a28) C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

12:48:37.0828 2340 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - warning

12:48:37.0828 2340 Adobe Version Cue CS2 - detected UnsignedFile.Multi.Generic (1)

12:48:37.0906 2340 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

12:48:37.0953 2340 AdobeFlashPlayerUpdateSvc - ok

12:48:37.0953 2340 adpu160m - ok

12:48:38.0015 2340 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys

12:48:38.0171 2340 aec - ok

12:48:38.0234 2340 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\windows\System32\drivers\afd.sys

12:48:38.0296 2340 AFD - ok

12:48:38.0390 2340 AgereSoftModem (ec1896777c4096be6274c1e11466015f) C:\windows\system32\DRIVERS\AGRSM.sys

12:48:38.0515 2340 AgereSoftModem - ok

12:48:38.0546 2340 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\windows\system32\DRIVERS\agp440.sys

12:48:38.0718 2340 agp440 - ok

12:48:38.0718 2340 Aha154x - ok

12:48:38.0734 2340 aic78u2 - ok

12:48:38.0734 2340 aic78xx - ok

12:48:38.0796 2340 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\windows\system32\alrsvc.dll

12:48:38.0968 2340 Alerter - ok

12:48:39.0015 2340 ALG (8c515081584a38aa007909cd02020b3d) C:\windows\System32\alg.exe

12:48:39.0093 2340 ALG - ok

12:48:39.0093 2340 AliIde - ok

12:48:39.0109 2340 amsint - ok

12:48:39.0234 2340 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files\Avira\AntiVir Desktop\sched.exe

12:48:39.0250 2340 AntiVirSchedulerService - ok

12:48:39.0312 2340 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

12:48:39.0343 2340 AntiVirService - ok

12:48:39.0437 2340 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

12:48:39.0453 2340 Apple Mobile Device - ok

12:48:39.0484 2340 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\windows\System32\appmgmts.dll

12:48:39.0562 2340 AppMgmt - ok

12:48:39.0593 2340 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\windows\system32\DRIVERS\arp1394.sys

12:48:39.0781 2340 Arp1394 - ok

12:48:39.0796 2340 asc - ok

12:48:39.0796 2340 asc3350p - ok

12:48:39.0812 2340 asc3550 - ok

12:48:39.0937 2340 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

12:48:39.0953 2340 aspnet_state - ok

12:48:39.0968 2340 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys

12:48:40.0156 2340 AsyncMac - ok

12:48:40.0171 2340 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys

12:48:40.0359 2340 atapi - ok

12:48:40.0359 2340 Atdisk - ok

12:48:40.0421 2340 Ati HotKey Poller (a2093ed04d20f3aca0c0d348234c6998) C:\windows\system32\Ati2evxx.exe

12:48:40.0500 2340 Ati HotKey Poller - ok

12:48:40.0531 2340 ATI Smart (4c2b0f9c0460cb3e4c80e04da0d5d507) C:\WINDOWS\system32\ati2sgag.exe

12:48:40.0593 2340 ATI Smart ( UnsignedFile.Multi.Generic ) - warning

12:48:40.0593 2340 ATI Smart - detected UnsignedFile.Multi.Generic (1)

12:48:40.0703 2340 ati2mtag (99f6db087497f55d5f8d971f7689f054) C:\windows\system32\DRIVERS\ati2mtag.sys

12:48:40.0890 2340 ati2mtag - ok

12:48:41.0062 2340 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys

12:48:41.0234 2340 Atmarpc - ok

12:48:41.0265 2340 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\windows\System32\audiosrv.dll

12:48:41.0453 2340 AudioSrv - ok

12:48:41.0468 2340 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys

12:48:41.0656 2340 audstub - ok

12:48:41.0765 2340 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

12:48:41.0781 2340 avgio - ok

12:48:41.0812 2340 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys

12:48:41.0875 2340 avgntflt - ok

12:48:41.0890 2340 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys

12:48:41.0906 2340 avipbb - ok

12:48:41.0953 2340 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\windows\system32\DRIVERS\bcmwl5.sys

12:48:42.0046 2340 BCM43XX - ok

12:48:42.0062 2340 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys

12:48:42.0250 2340 Beep - ok

12:48:42.0312 2340 BITS (574738f61fca2935f5265dc4e5691314) C:\windows\system32\qmgr.dll

12:48:42.0578 2340 BITS - ok

12:48:42.0625 2340 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\windows\System32\browser.dll

12:48:42.0781 2340 Browser - ok

12:48:42.0937 2340 catchme - ok

12:48:42.0968 2340 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys

12:48:43.0156 2340 cbidf2k - ok

12:48:43.0171 2340 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\windows\system32\DRIVERS\CCDECODE.sys

12:48:43.0359 2340 CCDECODE - ok

12:48:43.0359 2340 cd20xrnt - ok

12:48:43.0390 2340 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys

12:48:43.0562 2340 Cdaudio - ok

12:48:43.0593 2340 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys

12:48:43.0750 2340 Cdfs - ok

12:48:43.0796 2340 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\windows\system32\DRIVERS\cdrom.sys

12:48:43.0828 2340 Cdrom - ok

12:48:43.0843 2340 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\windows\system32\drivers\cercsr6.sys

12:48:43.0843 2340 cercsr6 ( UnsignedFile.Multi.Generic ) - warning

12:48:43.0843 2340 cercsr6 - detected UnsignedFile.Multi.Generic (1)

12:48:43.0859 2340 Changer - ok

12:48:43.0875 2340 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\windows\system32\cisvc.exe

12:48:44.0078 2340 CiSvc - ok

12:48:44.0093 2340 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\windows\system32\clipsrv.exe

12:48:44.0281 2340 ClipSrv - ok

12:48:44.0390 2340 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:48:44.0406 2340 clr_optimization_v2.0.50727_32 - ok

12:48:44.0453 2340 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\windows\system32\DRIVERS\CmBatt.sys

12:48:44.0625 2340 CmBatt - ok

12:48:44.0640 2340 CmdIde - ok

12:48:44.0671 2340 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\windows\system32\DRIVERS\compbatt.sys

12:48:44.0859 2340 Compbatt - ok

12:48:44.0859 2340 COMSysApp - ok

12:48:44.0875 2340 Cpqarray - ok

12:48:44.0921 2340 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\windows\System32\cryptsvc.dll

12:48:45.0093 2340 CryptSvc - ok

12:48:45.0093 2340 dac2w2k - ok

12:48:45.0109 2340 dac960nt - ok

12:48:45.0171 2340 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\windows\system32\rpcss.dll

12:48:45.0281 2340 DcomLaunch - ok

12:48:45.0328 2340 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\windows\System32\dhcpcsvc.dll

12:48:45.0515 2340 Dhcp - ok

12:48:45.0515 2340 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys

12:48:45.0703 2340 Disk - ok

12:48:45.0750 2340 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\windows\system32\DLA\DLABOIOM.SYS

12:48:45.0750 2340 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning

12:48:45.0750 2340 DLABOIOM - detected UnsignedFile.Multi.Generic (1)

12:48:45.0765 2340 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\windows\system32\Drivers\DLACDBHM.SYS

12:48:45.0781 2340 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning

12:48:45.0781 2340 DLACDBHM - detected UnsignedFile.Multi.Generic (1)

12:48:45.0796 2340 DLADResN (83545593e297f50a8e2524b4c071a153) C:\windows\system32\DLA\DLADResN.SYS

12:48:45.0812 2340 DLADResN ( UnsignedFile.Multi.Generic ) - warning

12:48:45.0812 2340 DLADResN - detected UnsignedFile.Multi.Generic (1)

12:48:45.0843 2340 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\windows\system32\DLA\DLAIFS_M.SYS

12:48:45.0875 2340 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning

12:48:45.0875 2340 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)

12:48:45.0890 2340 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\windows\system32\DLA\DLAOPIOM.SYS

12:48:45.0890 2340 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning

12:48:45.0890 2340 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)

12:48:45.0890 2340 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\windows\system32\DLA\DLAPoolM.SYS

12:48:45.0906 2340 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning

12:48:45.0906 2340 DLAPoolM - detected UnsignedFile.Multi.Generic (1)

12:48:45.0921 2340 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\windows\system32\Drivers\DLARTL_N.SYS

12:48:45.0921 2340 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning

12:48:45.0921 2340 DLARTL_N - detected UnsignedFile.Multi.Generic (1)

12:48:45.0937 2340 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\windows\system32\DLA\DLAUDFAM.SYS

12:48:45.0953 2340 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning

12:48:45.0953 2340 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)

12:48:45.0968 2340 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\windows\system32\DLA\DLAUDF_M.SYS

12:48:46.0000 2340 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning

12:48:46.0000 2340 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)

12:48:46.0000 2340 dmadmin - ok

12:48:46.0109 2340 dmboot (d992fe1274bde0f84ad826acae022a41) C:\windows\system32\drivers\dmboot.sys

12:48:46.0328 2340 dmboot - ok

12:48:46.0359 2340 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\windows\system32\drivers\dmio.sys

12:48:46.0546 2340 dmio - ok

12:48:46.0546 2340 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys

12:48:46.0718 2340 dmload - ok

12:48:46.0750 2340 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\windows\System32\dmserver.dll

12:48:46.0937 2340 dmserver - ok

12:48:46.0953 2340 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys

12:48:47.0125 2340 DMusic - ok

12:48:47.0156 2340 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\windows\System32\dnsrslvr.dll

12:48:47.0281 2340 Dnscache - ok

12:48:47.0312 2340 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\windows\System32\dot3svc.dll

12:48:47.0484 2340 Dot3svc - ok

12:48:47.0500 2340 dpti2o - ok

12:48:47.0515 2340 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys

12:48:47.0687 2340 drmkaud - ok

12:48:47.0703 2340 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\windows\system32\Drivers\DRVMCDB.SYS

12:48:47.0734 2340 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning

12:48:47.0734 2340 DRVMCDB - detected UnsignedFile.Multi.Generic (1)

12:48:47.0750 2340 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\windows\system32\Drivers\DRVNDDM.SYS

12:48:47.0765 2340 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning

12:48:47.0765 2340 DRVNDDM - detected UnsignedFile.Multi.Generic (1)

12:48:47.0828 2340 E1000 (de5d0ccce14b774d4de68e44c0d6d980) C:\windows\system32\DRIVERS\e1000325.sys

12:48:47.0875 2340 E1000 - ok

12:48:47.0906 2340 EapHost (2187855a7703adef0cef9ee4285182cc) C:\windows\System32\eapsvc.dll

12:48:48.0093 2340 EapHost - ok

12:48:48.0109 2340 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\windows\System32\ersvc.dll

12:48:48.0281 2340 ERSvc - ok

12:48:48.0343 2340 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\windows\system32\services.exe

12:48:48.0359 2340 Eventlog - ok

12:48:48.0390 2340 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

12:48:48.0437 2340 EventSystem - ok

12:48:48.0500 2340 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys

12:48:48.0656 2340 Fastfat - ok

12:48:48.0687 2340 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\windows\System32\shsvcs.dll

12:48:48.0765 2340 FastUserSwitchingCompatibility - ok

12:48:48.0796 2340 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys

12:48:48.0984 2340 Fdc - ok

12:48:49.0015 2340 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\windows\system32\drivers\Fips.sys

12:48:49.0203 2340 Fips - ok

12:48:49.0234 2340 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\drivers\Flpydisk.sys

12:48:49.0406 2340 Flpydisk - ok

12:48:49.0421 2340 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\drivers\fltmgr.sys

12:48:49.0593 2340 FltMgr - ok

12:48:49.0671 2340 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

12:48:49.0687 2340 FontCache3.0.0.0 - ok

12:48:49.0734 2340 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys

12:48:49.0890 2340 Fs_Rec - ok

12:48:49.0921 2340 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys

12:48:50.0078 2340 Ftdisk - ok

12:48:50.0093 2340 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

12:48:50.0093 2340 GEARAspiWDM - ok

12:48:50.0140 2340 getPlusHelper - ok

12:48:50.0156 2340 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys

12:48:50.0328 2340 Gpc - ok

12:48:50.0375 2340 gusvc (1bf044e23206fddc16891a32922d571b) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

12:48:50.0390 2340 gusvc - ok

12:48:50.0437 2340 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll

12:48:50.0625 2340 helpsvc - ok

12:48:50.0656 2340 HidServ (deb04da35cc871b6d309b77e1443c796) C:\windows\System32\hidserv.dll

12:48:50.0812 2340 HidServ - ok

12:48:50.0843 2340 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys

12:48:51.0015 2340 HidUsb - ok

12:48:51.0062 2340 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\windows\System32\kmsvc.dll

12:48:51.0234 2340 hkmsvc - ok

12:48:51.0234 2340 hpn - ok

12:48:51.0281 2340 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys

12:48:51.0328 2340 HTTP - ok

12:48:51.0359 2340 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\windows\System32\w3ssl.dll

12:48:51.0546 2340 HTTPFilter - ok

12:48:51.0562 2340 i2omgmt - ok

12:48:51.0578 2340 i2omp - ok

12:48:51.0609 2340 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\windows\system32\DRIVERS\i8042prt.sys

12:48:51.0765 2340 i8042prt - ok

12:48:51.0859 2340 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

12:48:51.0875 2340 IDriverT ( UnsignedFile.Multi.Generic ) - warning

12:48:51.0875 2340 IDriverT - detected UnsignedFile.Multi.Generic (1)

12:48:51.0968 2340 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

12:48:52.0062 2340 idsvc - ok

12:48:52.0062 2340 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys

12:48:52.0234 2340 Imapi - ok

12:48:52.0281 2340 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\windows\system32\imapi.exe

12:48:52.0437 2340 ImapiService - ok

12:48:52.0453 2340 ini910u - ok

12:48:52.0468 2340 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\windows\system32\DRIVERS\intelide.sys

12:48:52.0640 2340 IntelIde - ok

12:48:52.0656 2340 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\windows\system32\DRIVERS\intelppm.sys

12:48:52.0828 2340 intelppm - ok

12:48:52.0859 2340 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\drivers\ip6fw.sys

12:48:53.0031 2340 Ip6Fw - ok

12:48:53.0031 2340 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys

12:48:53.0187 2340 IpFilterDriver - ok

12:48:53.0187 2340 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys

12:48:53.0375 2340 IpInIp - ok

12:48:53.0406 2340 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys

12:48:53.0546 2340 IpNat - ok

12:48:53.0593 2340 iPod Service (6e0faea90e71c5f1b9f3bc71b4cca2fa) C:\Program Files\iPod\bin\iPodService.exe

12:48:53.0625 2340 iPod Service - ok

12:48:53.0656 2340 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys

12:48:53.0828 2340 IPSec - ok

12:48:53.0843 2340 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys

12:48:53.0906 2340 IRENUM - ok

12:48:53.0937 2340 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\windows\system32\DRIVERS\isapnp.sys

12:48:54.0109 2340 isapnp - ok

12:48:54.0203 2340 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe

12:48:54.0218 2340 JavaQuickStarterService - ok

12:48:54.0250 2340 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\windows\system32\DRIVERS\kbdclass.sys

12:48:54.0421 2340 Kbdclass - ok

12:48:54.0468 2340 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys

12:48:54.0640 2340 kmixer - ok

12:48:54.0687 2340 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys

12:48:54.0765 2340 KSecDD - ok

12:48:54.0812 2340 L8042pr2 (0f8b7bf7097d1e8d78f2f52a2bea03cd) C:\windows\system32\DRIVERS\L8042pr2.Sys

12:48:54.0875 2340 L8042pr2 - ok

12:48:54.0937 2340 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\windows\System32\srvsvc.dll

12:48:54.0968 2340 lanmanserver - ok

12:48:55.0046 2340 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\windows\System32\wkssvc.dll

12:48:55.0093 2340 lanmanworkstation - ok

12:48:55.0093 2340 lbrtfdc - ok

12:48:55.0140 2340 LHidFlt2 (3c357dfdbbf2b4b01aa4b9c8a26e4416) C:\windows\system32\DRIVERS\LHidFlt2.Sys

12:48:55.0171 2340 LHidFlt2 - ok

12:48:55.0218 2340 LHidUsb (ffb851b1b2f6596b7d3182b977a85206) C:\windows\system32\Drivers\LHidUsb.Sys

12:48:55.0281 2340 LHidUsb - ok

12:48:55.0328 2340 LmHosts (a7db739ae99a796d91580147e919cc59) C:\windows\System32\lmhsvc.dll

12:48:55.0500 2340 LmHosts - ok

12:48:55.0515 2340 LMouFlt2 (aef09673376a4d93c09e8341854f1bf4) C:\windows\system32\DRIVERS\LMouFlt2.Sys

12:48:55.0546 2340 LMouFlt2 - ok

12:48:55.0593 2340 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\windows\system32\DRIVERS\mcdbus.sys

12:48:55.0609 2340 mcdbus ( UnsignedFile.Multi.Generic ) - warning

12:48:55.0609 2340 mcdbus - detected UnsignedFile.Multi.Generic (1)

12:48:55.0656 2340 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\windows\System32\msgsvc.dll

12:48:55.0812 2340 Messenger - ok

12:48:55.0828 2340 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys

12:48:55.0984 2340 mnmdd - ok

12:48:56.0031 2340 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

12:48:56.0187 2340 mnmsrvc - ok

12:48:56.0218 2340 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\windows\system32\drivers\Modem.sys

12:48:56.0390 2340 Modem - ok

12:48:56.0406 2340 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\windows\system32\DRIVERS\mouclass.sys

12:48:56.0562 2340 Mouclass - ok

12:48:56.0609 2340 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\windows\system32\DRIVERS\mouhid.sys

12:48:56.0765 2340 mouhid - ok

12:48:56.0781 2340 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys

12:48:56.0937 2340 MountMgr - ok

12:48:56.0968 2340 MR97310_VGA_DUAL_CAMERA (15a7769df62938c56318ed8f95376001) C:\windows\system32\DRIVERS\mr97310v.sys

12:48:57.0000 2340 MR97310_VGA_DUAL_CAMERA - ok

12:48:57.0000 2340 mraid35x - ok

12:48:57.0031 2340 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys

12:48:57.0203 2340 MRxDAV - ok

12:48:57.0265 2340 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\windows\system32\DRIVERS\mrxsmb.sys

12:48:57.0312 2340 MRxSmb - ok

12:48:57.0359 2340 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

12:48:57.0500 2340 MSDTC - ok

12:48:57.0546 2340 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys

12:48:57.0718 2340 Msfs - ok

12:48:57.0718 2340 MSIServer - ok

12:48:57.0750 2340 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys

12:48:57.0890 2340 MSKSSRV - ok

12:48:57.0906 2340 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys

12:48:58.0078 2340 MSPCLOCK - ok

12:48:58.0078 2340 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys

12:48:58.0234 2340 MSPQM - ok

12:48:58.0265 2340 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys

12:48:58.0406 2340 mssmbios - ok

12:48:58.0437 2340 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\windows\system32\drivers\MSTEE.sys

12:48:58.0593 2340 MSTEE - ok

12:48:58.0640 2340 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\windows\system32\drivers\Mup.sys

12:48:58.0703 2340 Mup - ok

12:48:58.0718 2340 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\windows\system32\DRIVERS\NABTSFEC.sys

12:48:58.0875 2340 NABTSFEC - ok

12:48:58.0937 2340 napagent (0102140028fad045756796e1c685d695) C:\windows\System32\qagentrt.dll

12:48:59.0125 2340 napagent - ok

12:48:59.0171 2340 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys

12:48:59.0312 2340 NDIS - ok

12:48:59.0343 2340 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\windows\system32\DRIVERS\NdisIP.sys

12:48:59.0500 2340 NdisIP - ok

12:48:59.0546 2340 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\windows\system32\DRIVERS\ndistapi.sys

12:48:59.0609 2340 NdisTapi - ok

12:48:59.0625 2340 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys

12:48:59.0781 2340 Ndisuio - ok

12:48:59.0875 2340 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys

12:49:00.0078 2340 NdisWan - ok

12:49:00.0109 2340 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\windows\system32\drivers\NDProxy.sys

12:49:00.0156 2340 NDProxy - ok

12:49:00.0187 2340 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys

12:49:00.0343 2340 NetBIOS - ok

12:49:00.0375 2340 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys

12:49:00.0531 2340 NetBT - ok

12:49:00.0578 2340 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\windows\system32\netdde.exe

12:49:00.0750 2340 NetDDE - ok

12:49:00.0750 2340 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\windows\system32\netdde.exe

12:49:00.0906 2340 NetDDEdsdm - ok

12:49:00.0953 2340 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\windows\system32\lsass.exe

12:49:01.0125 2340 Netlogon - ok

12:49:01.0156 2340 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\windows\System32\netman.dll

12:49:01.0312 2340 Netman - ok

12:49:01.0406 2340 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

12:49:01.0437 2340 NetTcpPortSharing - ok

12:49:01.0484 2340 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\windows\system32\DRIVERS\nic1394.sys

12:49:01.0640 2340 NIC1394 - ok

12:49:01.0687 2340 Nla (943337d786a56729263071623bbb9de5) C:\windows\System32\mswsock.dll

12:49:01.0734 2340 Nla - ok

12:49:01.0750 2340 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys

12:49:01.0921 2340 Npfs - ok

12:49:01.0968 2340 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys

12:49:02.0187 2340 Ntfs - ok

12:49:02.0218 2340 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\windows\system32\lsass.exe

12:49:02.0375 2340 NtLmSsp - ok

12:49:02.0437 2340 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\windows\system32\ntmssvc.dll

12:49:02.0640 2340 NtmsSvc - ok

12:49:02.0640 2340 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys

12:49:02.0796 2340 Null - ok

12:49:02.0812 2340 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys

12:49:02.0984 2340 NwlnkFlt - ok

12:49:03.0000 2340 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys

12:49:03.0156 2340 NwlnkFwd - ok

12:49:03.0187 2340 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\windows\system32\DRIVERS\ohci1394.sys

12:49:03.0343 2340 ohci1394 - ok

12:49:03.0421 2340 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:49:03.0437 2340 ose - ok

12:49:03.0468 2340 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\windows\system32\DRIVERS\parport.sys

12:49:03.0625 2340 Parport - ok

12:49:03.0656 2340 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys

12:49:03.0812 2340 PartMgr - ok

12:49:03.0828 2340 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\windows\system32\drivers\ParVdm.sys

12:49:03.0968 2340 ParVdm - ok

12:49:03.0984 2340 PCI (a219903ccf74233761d92bef471a07b1) C:\windows\system32\DRIVERS\pci.sys

12:49:04.0125 2340 PCI - ok

12:49:04.0140 2340 PCIDump - ok

12:49:04.0156 2340 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\windows\system32\DRIVERS\pciide.sys

12:49:04.0328 2340 PCIIde - ok

12:49:04.0343 2340 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\windows\system32\DRIVERS\pcmcia.sys

12:49:04.0468 2340 Pcmcia - ok

12:49:04.0484 2340 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\windows\system32\Drivers\pcouffin.sys

12:49:04.0500 2340 pcouffin ( UnsignedFile.Multi.Generic ) - warning

12:49:04.0500 2340 pcouffin - detected UnsignedFile.Multi.Generic (1)

12:49:04.0500 2340 PDCOMP - ok

12:49:04.0500 2340 PDFRAME - ok

12:49:04.0515 2340 PDRELI - ok

12:49:04.0531 2340 PDRFRAME - ok

12:49:04.0531 2340 perc2 - ok

12:49:04.0546 2340 perc2hib - ok

12:49:04.0578 2340 PLSCSI (0876a00be67460b732ba57d1530fd1c9) C:\windows\system32\DRIVERS\sci0pl.sys

12:49:04.0593 2340 PLSCSI ( UnsignedFile.Multi.Generic ) - warning

12:49:04.0593 2340 PLSCSI - detected UnsignedFile.Multi.Generic (1)

12:49:04.0640 2340 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\windows\system32\services.exe

12:49:04.0656 2340 PlugPlay - ok

12:49:04.0656 2340 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\windows\system32\lsass.exe

12:49:04.0812 2340 PolicyAgent - ok

12:49:04.0828 2340 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys

12:49:04.0984 2340 PptpMiniport - ok

12:49:05.0000 2340 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\windows\system32\lsass.exe

12:49:05.0140 2340 ProtectedStorage - ok

12:49:05.0171 2340 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys

12:49:05.0328 2340 PSched - ok

12:49:05.0359 2340 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys

12:49:05.0515 2340 Ptilink - ok

12:49:05.0546 2340 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\windows\system32\Drivers\PxHelp20.sys

12:49:05.0562 2340 PxHelp20 - ok

12:49:05.0562 2340 ql1080 - ok

12:49:05.0578 2340 Ql10wnt - ok

12:49:05.0578 2340 ql12160 - ok

12:49:05.0593 2340 ql1240 - ok

12:49:05.0609 2340 ql1280 - ok

12:49:05.0625 2340 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys

12:49:05.0750 2340 RasAcd - ok

12:49:05.0812 2340 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\windows\System32\rasauto.dll

12:49:05.0968 2340 RasAuto - ok

12:49:06.0000 2340 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys

12:49:06.0140 2340 Rasl2tp - ok

12:49:06.0187 2340 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\windows\System32\rasmans.dll

12:49:06.0328 2340 RasMan - ok

12:49:06.0343 2340 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys

12:49:06.0500 2340 RasPppoe - ok

12:49:06.0500 2340 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys

12:49:06.0640 2340 Raspti - ok

12:49:06.0656 2340 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys

12:49:06.0812 2340 Rdbss - ok

12:49:06.0828 2340 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys

12:49:06.0968 2340 RDPCDD - ok

12:49:07.0000 2340 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\windows\system32\DRIVERS\rdpdr.sys

12:49:07.0171 2340 rdpdr - ok

12:49:07.0218 2340 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\windows\system32\drivers\RDPWD.sys

12:49:07.0296 2340 RDPWD - ok

12:49:07.0343 2340 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

12:49:07.0484 2340 RDSessMgr - ok

12:49:07.0515 2340 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\windows\system32\DRIVERS\redbook.sys

12:49:07.0656 2340 redbook - ok

12:49:07.0703 2340 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\windows\System32\mprdim.dll

12:49:07.0843 2340 RemoteAccess - ok

12:49:07.0890 2340 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\windows\system32\regsvc.dll

12:49:08.0046 2340 RemoteRegistry - ok

12:49:08.0093 2340 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\windows\system32\Drivers\RimUsb.sys

12:49:08.0156 2340 RimUsb - ok

12:49:08.0203 2340 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\windows\system32\DRIVERS\RimSerial.sys

12:49:08.0234 2340 RimVSerPort - ok

12:49:08.0250 2340 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\windows\system32\Drivers\RootMdm.sys

12:49:08.0406 2340 ROOTMODEM - ok

12:49:08.0531 2340 Roxio UPnP Renderer 9 (f3395d205dec030dce54d4575774cfba) C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

12:49:08.0546 2340 Roxio UPnP Renderer 9 - ok

12:49:08.0578 2340 Roxio Upnp Server 9 (95519cbef94773af7cd2b26029dceea7) C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

12:49:08.0625 2340 Roxio Upnp Server 9 - ok

12:49:08.0734 2340 RoxLiveShare9 (b9ea6e59e526b10a2a09f5b9d729797d) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

12:49:08.0781 2340 RoxLiveShare9 - ok

12:49:08.0859 2340 RoxMediaDB9 (3daf385624abf3c3bbfb05cff2aca7d6) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

12:49:08.0953 2340 RoxMediaDB9 - ok

12:49:08.0968 2340 RoxWatch9 (8f366d03a7fda7527f76f01f695b0205) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

12:49:09.0000 2340 RoxWatch9 - ok

12:49:09.0171 2340 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\windows\system32\locator.exe

12:49:09.0312 2340 RpcLocator - ok

12:49:09.0375 2340 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\windows\System32\rpcss.dll

12:49:09.0406 2340 RpcSs - ok

12:49:09.0437 2340 RSVP (471b3f9741d762abe75e9deea4787e47) C:\windows\system32\rsvp.exe

12:49:09.0578 2340 RSVP - ok

12:49:09.0609 2340 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\windows\system32\lsass.exe

12:49:09.0734 2340 SamSs - ok

12:49:09.0765 2340 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\windows\System32\SCardSvr.exe

12:49:09.0921 2340 SCardSvr - ok

12:49:09.0968 2340 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\windows\system32\drivers\SCDEmu.sys

12:49:10.0000 2340 SCDEmu ( UnsignedFile.Multi.Generic ) - warning

12:49:10.0000 2340 SCDEmu - detected UnsignedFile.Multi.Generic (1)

12:49:10.0031 2340 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\windows\system32\schedsvc.dll

12:49:10.0218 2340 Schedule - ok

12:49:10.0250 2340 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys

12:49:10.0328 2340 Secdrv - ok

12:49:10.0343 2340 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\windows\System32\seclogon.dll

12:49:10.0515 2340 seclogon - ok

12:49:10.0531 2340 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\windows\system32\sens.dll

12:49:10.0703 2340 SENS - ok

12:49:10.0718 2340 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\windows\system32\drivers\Serial.sys

12:49:10.0859 2340 Serial - ok

12:49:10.0890 2340 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys

12:49:11.0046 2340 Sfloppy - ok

12:49:11.0109 2340 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\windows\System32\shsvcs.dll

12:49:11.0125 2340 ShellHWDetection - ok

12:49:11.0218 2340 SigService (71c8de1523a36af512c57de801be90ca) C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\sigservice.exe

12:49:11.0250 2340 SigService ( UnsignedFile.Multi.Generic ) - warning

12:49:11.0250 2340 SigService - detected UnsignedFile.Multi.Generic (1)

12:49:11.0250 2340 Simbad - ok

12:49:11.0296 2340 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\windows\system32\DRIVERS\SLIP.sys

12:49:11.0468 2340 SLIP - ok

12:49:11.0500 2340 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\windows\system32\DRIVERS\SONYPVU1.SYS

12:49:11.0656 2340 SONYPVU1 - ok

12:49:11.0656 2340 Sparrow - ok

12:49:11.0671 2340 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys

12:49:11.0812 2340 splitter - ok

12:49:11.0843 2340 Spooler (60784f891563fb1b767f70117fc2428f) C:\windows\system32\spoolsv.exe

12:49:11.0890 2340 Spooler - ok

12:49:11.0937 2340 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\windows\system32\DRIVERS\sr.sys

12:49:12.0000 2340 sr - ok

12:49:12.0062 2340 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\windows\system32\srsvc.dll

12:49:12.0140 2340 srservice - ok

12:49:12.0203 2340 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\windows\system32\DRIVERS\srv.sys

12:49:12.0296 2340 Srv - ok

12:49:12.0312 2340 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\windows\System32\ssdpsrv.dll

12:49:12.0390 2340 SSDPSRV - ok

12:49:12.0406 2340 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys

12:49:12.0421 2340 ssmdrv - ok

12:49:12.0484 2340 STAC97 (a334facf4302f406d260a4051e583132) C:\windows\system32\drivers\STAC97.sys

12:49:12.0546 2340 STAC97 - ok

12:49:12.0593 2340 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\windows\system32\wiaservc.dll

12:49:12.0812 2340 stisvc - ok

12:49:12.0843 2340 streamip (77813007ba6265c4b6098187e6ed79d2) C:\windows\system32\DRIVERS\StreamIP.sys

12:49:13.0000 2340 streamip - ok

12:49:13.0015 2340 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys

12:49:13.0171 2340 swenum - ok

12:49:13.0359 2340 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

12:49:13.0437 2340 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning

12:49:13.0437 2340 SwitchBoard - detected UnsignedFile.Multi.Generic (1)

12:49:13.0484 2340 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys

12:49:13.0640 2340 swmidi - ok

12:49:13.0640 2340 SwPrv - ok

12:49:13.0656 2340 symc810 - ok

12:49:13.0671 2340 symc8xx - ok

12:49:13.0671 2340 sym_hi - ok

12:49:13.0687 2340 sym_u3 - ok

12:49:13.0703 2340 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys

12:49:13.0843 2340 sysaudio - ok

12:49:13.0906 2340 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\windows\system32\smlogsvc.exe

12:49:14.0046 2340 SysmonLog - ok

12:49:14.0125 2340 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\windows\System32\tapisrv.dll

12:49:14.0296 2340 TapiSrv - ok

12:49:14.0343 2340 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys

12:49:14.0406 2340 Tcpip - ok

12:49:14.0437 2340 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys

12:49:14.0593 2340 TDPIPE - ok

12:49:14.0609 2340 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys

12:49:14.0750 2340 TDTCP - ok

12:49:14.0765 2340 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys

12:49:14.0906 2340 TermDD - ok

12:49:14.0953 2340 TermService (ff3477c03be7201c294c35f684b3479f) C:\windows\System32\termsrv.dll

12:49:15.0093 2340 TermService - ok

12:49:15.0140 2340 Themes (99bc0b50f511924348be19c7c7313bbf) C:\windows\System32\shsvcs.dll

12:49:15.0156 2340 Themes - ok

12:49:15.0187 2340 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

12:49:15.0281 2340 TlntSvr - ok

12:49:15.0281 2340 TosIde - ok

12:49:15.0312 2340 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\windows\system32\trkwks.dll

12:49:15.0453 2340 TrkWks - ok

12:49:15.0484 2340 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys

12:49:15.0625 2340 Udfs - ok

12:49:15.0640 2340 ultra - ok

12:49:15.0687 2340 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys

12:49:15.0906 2340 Update - ok

12:49:15.0937 2340 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\windows\System32\upnphost.dll

12:49:16.0031 2340 upnphost - ok

12:49:16.0046 2340 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\windows\System32\ups.exe

12:49:16.0203 2340 UPS - ok

12:49:16.0250 2340 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\windows\system32\Drivers\usbaapl.sys

12:49:16.0281 2340 USBAAPL - ok

12:49:16.0312 2340 USBAtapi2000 (59d65b6b73ad9f721f67f4e0d03b3bce) C:\windows\system32\DRIVERS\sci1pl.sys

12:49:16.0328 2340 USBAtapi2000 ( UnsignedFile.Multi.Generic ) - warning

12:49:16.0328 2340 USBAtapi2000 - detected UnsignedFile.Multi.Generic (1)

12:49:16.0343 2340 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys

12:49:16.0484 2340 usbccgp - ok

12:49:16.0515 2340 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys

12:49:16.0671 2340 usbehci - ok

12:49:16.0687 2340 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys

12:49:16.0828 2340 usbhub - ok

12:49:16.0859 2340 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys

12:49:17.0000 2340 usbprint - ok

12:49:17.0031 2340 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys

12:49:17.0187 2340 usbscan - ok

12:49:17.0203 2340 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS

12:49:17.0343 2340 usbstor - ok

12:49:17.0359 2340 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\windows\system32\DRIVERS\usbuhci.sys

12:49:17.0515 2340 usbuhci - ok

12:49:17.0515 2340 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys

12:49:17.0656 2340 VgaSave - ok

12:49:17.0671 2340 ViaIde - ok

12:49:17.0703 2340 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\windows\system32\drivers\VolSnap.sys

12:49:17.0843 2340 VolSnap - ok

12:49:17.0859 2340 vsdatant - ok

12:49:17.0921 2340 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\windows\System32\vssvc.exe

12:49:18.0000 2340 VSS - ok

12:49:18.0046 2340 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\windows\system32\w32time.dll

12:49:18.0218 2340 W32Time - ok

12:49:18.0250 2340 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys

12:49:18.0406 2340 Wanarp - ok

12:49:18.0468 2340 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\windows\system32\Drivers\wdf01000.sys

12:49:18.0500 2340 Wdf01000 - ok

12:49:18.0515 2340 WDICA - ok

12:49:18.0546 2340 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys

12:49:18.0687 2340 wdmaud - ok

12:49:18.0703 2340 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\windows\System32\webclnt.dll

12:49:18.0859 2340 WebClient - ok

12:49:18.0921 2340 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\windows\system32\wbem\WMIsvc.dll

12:49:19.0062 2340 winmgmt - ok

12:49:19.0125 2340 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

12:49:19.0171 2340 WmdmPmSN - ok

12:49:19.0250 2340 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\windows\System32\advapi32.dll

12:49:19.0328 2340 Wmi - ok

12:49:19.0390 2340 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

12:49:19.0531 2340 WmiApSrv - ok

12:49:19.0671 2340 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

12:49:19.0765 2340 WMPNetworkSvc - ok

12:49:19.0843 2340 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\windows\system32\DRIVERS\wpdusb.sys

12:49:19.0859 2340 WpdUsb - ok

12:49:19.0890 2340 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\windows\System32\drivers\ws2ifsl.sys

12:49:20.0031 2340 WS2IFSL - ok

12:49:20.0078 2340 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\windows\system32\wscsvc.dll

12:49:20.0218 2340 wscsvc - ok

12:49:20.0250 2340 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\windows\system32\DRIVERS\WSTCODEC.SYS

12:49:20.0406 2340 WSTCODEC - ok

12:49:20.0453 2340 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

12:49:20.0578 2340 wuauserv - ok

12:49:20.0609 2340 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\windows\system32\DRIVERS\WudfPf.sys

12:49:20.0656 2340 WudfPf - ok

12:49:20.0687 2340 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\windows\system32\DRIVERS\wudfrd.sys

12:49:20.0734 2340 WudfRd - ok

12:49:20.0765 2340 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\windows\System32\WUDFSvc.dll

12:49:20.0796 2340 WudfSvc - ok

12:49:20.0828 2340 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\windows\System32\wzcsvc.dll

12:49:21.0031 2340 WZCSVC - ok

12:49:21.0062 2340 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\windows\System32\xmlprov.dll

12:49:21.0203 2340 xmlprov - ok

12:49:21.0250 2340 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

12:49:21.0828 2340 \Device\Harddisk0\DR0 - ok

12:49:21.0875 2340 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR4

12:49:22.0937 2340 \Device\Harddisk3\DR4 - ok

12:49:22.0984 2340 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR5

12:49:24.0031 2340 \Device\Harddisk4\DR5 - ok

12:49:24.0046 2340 Boot (0x1200) (29f40f90a5cc7df459aa24ede5a10b6e) \Device\Harddisk0\DR0\Partition0

12:49:24.0046 2340 \Device\Harddisk0\DR0\Partition0 - ok

12:49:24.0062 2340 Boot (0x1200) (11b2d23e3d9e991d022d5fdbcc1c17c5) \Device\Harddisk3\DR4\Partition0

12:49:24.0078 2340 \Device\Harddisk3\DR4\Partition0 - ok

12:49:24.0093 2340 Boot (0x1200) (53bcd970fbea92024ecfaaddd90e03b9) \Device\Harddisk4\DR5\Partition0

12:49:24.0109 2340 \Device\Harddisk4\DR5\Partition0 - ok

12:49:24.0109 2340 ============================================================

12:49:24.0109 2340 Scan finished

12:49:24.0109 2340 ============================================================

12:49:24.0234 1592 Detected object count: 23

12:49:24.0234 1592 Actual detected object count: 23

12:49:44.0187 1592 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user

12:49:44.0187 1592 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:49:44.0187 1592 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - skipped by user

12:49:44.0187 1592 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:49:44.0203 1592 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user

12:49:44.0203 1592 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:49:44.0203 1592 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user

12:49:44.0203 1592 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:49:44.0203 1592 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user

12:49:44.0203 1592 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:49:44.0203 1592 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user

12:49:44.0203 1592 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:49:44.0203 1592 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user

12:49:44.0203 1592 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:49:44.0203 1592 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user

12:49:44.0203 1592 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:49:44.0218 1592 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user

12:49:44.0218 1592 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:49:44.0218 1592 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user

12:49:44.0218 1592 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:49:44.0218 1592 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user

12:49:44.0218 1592 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:49:44.0218 1592 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user

12:49:44.0218 1592 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:49:44.0218 1592 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user

12:49:44.0218 1592 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:49:44.0218 1592 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user

12:49:44.0218 1592 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:49:44.0234 1592 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user

12:49:44.0234 1592 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:49:44.0234 1592 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

12:49:44.0234 1592 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:49:44.0234 1592 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user

12:49:44.0234 1592 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:49:44.0234 1592 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user

12:49:44.0234 1592 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:49:44.0234 1592 PLSCSI ( UnsignedFile.Multi.Generic ) - skipped by user

12:49:44.0234 1592 PLSCSI ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:49:44.0250 1592 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user

12:49:44.0250 1592 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:49:44.0250 1592 SigService ( UnsignedFile.Multi.Generic ) - skipped by user

12:49:44.0250 1592 SigService ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:49:44.0250 1592 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user

12:49:44.0250 1592 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:49:44.0250 1592 USBAtapi2000 ( UnsignedFile.Multi.Generic ) - skipped by user

12:49:44.0250 1592 USBAtapi2000 ( UnsignedFile.Multi.Generic ) - User select action: Skip

MBAM Log:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.15.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Rob :: ROB-CCA219EB460 [administrator]

5/18/2012 12:55:25

mbam-log-2012-05-18 (12-55-25).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 247941

Time elapsed: 20 minute(s), 21 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS Log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Rob at 13:16:35 on 2012-05-18

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.514 [GMT -7:00]

.

AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\windows\system32\Ati2evxx.exe

C:\windows\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\windows\System32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\windows\system32\spoolsv.exe

C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\sigservice.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\windows\system32\Ati2evxx.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\windows\Explorer.EXE

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

C:\PROGRA~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\windows\system32\ctfmon.exe

C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

C:\windows\system32\wscntfy.exe

C:\windows\system32\wuauclt.exe

C:\WINDOWS\system32\freecell.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\downlo~1\DAPIEL~1.DLL

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [iSUSPM] "c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe" -scheduler

mRun: [stacSysTray] c:\program files\sigmatel\c-major audio\controlpanel\StacSysTray.exe

mRun: [Adobe Version Cue CS2] c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Logitech Utility] Logi_MwX.Exe

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

StartupFolder: c:\docume~1\rob\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\rob\application data\leadertech\powerregister\Seagate Product Registration.exe

mPolicies-explorer: <NO NAME> =

IE: &Clean Traces - c:\program files\download accelerator plus\privacy package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\download accelerator plus\dapextie.htm

IE: Download &all with DAP - c:\program files\download accelerator plus\dapextie2.htm

IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: mswsock.dll

DPF: Web-Based Email Tools - hxxps://email.secureserver.net/Download.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196226844085

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 94.63.147.16 www.google.com

Hosts: 94.63.147.17 www.bing.com

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-6-27 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-27 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-27 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-27 66616]

R2 SigService;Sigmatel Service;c:\program files\sigmatel\c-major audio\controlpanel\sigservice.exe [2007-11-27 81920]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 253600]

S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [2004-3-30 118106]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

.

=============== Created Last 30 ================

.

2012-05-15 22:30:52 -------- d-----w- C:\HDD Virus Fix Logs (May 15, 2012)

2012-04-26 01:48:13 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll

2012-04-25 22:47:53 53248 ----a-r- c:\documents and settings\rob\application data\microsoft\installer\{12baa98c-f8dd-4bc9-bbe6-1c8463114197}\ARPPRODUCTICON.exe

.

==================== Find3M ====================

.

2012-04-25 21:22:04 256 -c--a-w- c:\windows\system32\pool.bin

2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-03 20:23:45 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-03 20:23:45 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 13:17:26.60 ===============

Attach Log:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 11/27/2007 7:08:52 PM

System Uptime: 5/18/2012 12:02:39 PM (1 hours ago)

.

Motherboard: Gateway | | Gateway M675

Processor: Intel® Pentium® 4 CPU 2.80GHz | uFCPGA2 | 2793/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 75 GiB total, 10.312 GiB free.

D: is CDROM (CDFS)

E: is Removable

F: is Removable

G: is CDROM (CDFS)

H: is FIXED (NTFS) - 1863 GiB total, 68.415 GiB free.

I: is FIXED (NTFS) - 1397 GiB total, 1001.553 GiB free.

K: is Removable

U: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Wireless-G PCI Adapter

Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_041814E4&REV_03\4&3A321F38&0&10F0

Manufacturer: Linksys, A Division of Cisco Systems, Inc.

Name: Wireless-G PCI Adapter

PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_041814E4&REV_03\4&3A321F38&0&10F0

Service: BCM43XX

.

==== System Restore Points ===================

.

RP29: 3/2/2012 11:15:17 AM - System Checkpoint

RP30: 3/4/2012 11:12:33 AM - Software Distribution Service 3.0

RP31: 3/12/2012 6:51:30 PM - Software Distribution Service 3.0

RP32: 3/17/2012 4:24:09 PM - System Checkpoint

RP33: 3/18/2012 8:16:36 PM - System Checkpoint

RP34: 3/20/2012 12:41:22 AM - System Checkpoint

RP35: 3/22/2012 4:23:02 PM - System Checkpoint

RP36: 3/28/2012 1:04:45 PM - System Checkpoint

RP37: 3/29/2012 2:05:46 PM - System Checkpoint

RP38: 4/3/2012 1:51:10 AM - System Checkpoint

RP39: 4/3/2012 1:21:45 PM - Before Install of Adobe Flash Update on 4-3-12...

RP40: 4/7/2012 2:55:32 PM - System Checkpoint

RP41: 4/9/2012 12:08:40 AM - Software Distribution Service 3.0

RP42: 4/12/2012 2:47:55 PM - System Checkpoint

RP43: 4/13/2012 9:02:10 PM - System Checkpoint

RP44: 4/19/2012 3:48:47 PM - Software Distribution Service 3.0

RP45: 4/23/2012 8:28:27 PM - System Checkpoint

RP46: 4/25/2012 3:40:32 PM - Before Install of BB AppLoader...

RP47: 4/25/2012 3:44:36 PM - Installed BlackBerry Device Software Updater.

RP48: 4/25/2012 6:48:13 PM - Installed Windows XP Wdf01009.

RP49: 5/3/2012 1:05:26 AM - Software Distribution Service 3.0

RP50: 5/3/2012 6:32:24 PM - Software Distribution Service 3.0

RP51: 5/17/2012 7:19:54 PM - System Checkpoint

.

==== Installed Programs ======================

.

.

7-Zip 9.20

Acrobat.com

Adobe Acrobat 7.0 Professional

Adobe AIR

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Community Help

Adobe Creative Suite 2

Adobe Flash Player 11 ActiveX

Adobe GoLive CS2

Adobe Help Center 1.0

Adobe Illustrator CS2

Adobe InDesign CS2

Adobe Media Player

Adobe Photoshop CS2

Adobe Photoshop CS5

Adobe Reader X (10.1.2)

Adobe Shockwave Player 11.6

Adobe Stock Photos 1.0

Adobe SVG Viewer 3.0

Adobe Version Cue CS2

Advanced SystemCare 3

Agere Systems AC'97 Modem

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Display Driver

Avira AntiVir Personal - Free Antivirus

BlackBerry Desktop Software 4.3

BlackBerry Device Software Updater

BlackBerry v4.2.2 for the 8830 Series Wireless Device

C-Major Audio Driver and Applications

Canon MF Toolbox 4.9.1.1.mf01

Canon MF6500 Series

Compatibility Pack for the 2007 Office system

ConvertXtoDVD 4.0.9.322

Critical Update for Windows Media Player 11 (KB959772)

Desktop Notifier

Disk Recoup 2.1

DivX Converter

DivX Plus DirectShow Filters

DivX Setup

DivX Version Checker

Download Accelerator Plus (DAP)

DVD Shrink 3.2

DVDFab 7.0.6.7 (30/05/2010)

DVDFab 8.0.0.5 (25/08/2010)

Encina DiscMaker

Far Cry

File Scavenger 3.2 (en)

Google Toolbar for Internet Explorer

Hitman 2: Silent Assassin

Hitman Blood Money

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB932716-v2)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

IEEE 802.11g USB Wireless LAN Adapter

ImgBurn

Intel® PRO Network Connections Drivers

iTunes

Java Auto Updater

Java 6 Update 29

Logitech MouseWare 9.79.1

Magic ISO Maker v5.5 (build 0273)

MagicDisc 2.7.106

Malwarebytes Anti-Malware version 1.61.0.1400

Max Payne

Max Payne 2

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Halo

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft National Language Support Downlevel APIs

Microsoft Office Standard Edition 2003

Microsoft Office XP Professional with FrontPage

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Move Media Player

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6.0 Parser (KB933579)

OGA Notifier 2.0.0048.0

OmniPage SE 2.0

PDF Settings CS5

PowerDVD

PowerISO

Presto! Mr.Photo 3

QuickTime

Roxio DLA

Roxio Express Labeler

Roxio Media Manager

Roxio RecordNow Audio

Roxio RecordNow Copy

Roxio RecordNow Data

Rushmore Casino

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2497640)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Sonic Update Manager

Sothink SWF Decompiler

Splinter Cell Pandora Tomorrow

Spybot - Search & Destroy

StreamTransport version: 1.0.2.1975

Suite Specific

swMSM

Tom Clancy's Splinter Cell

Ultimate Business Plan Starter

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

USB-IDE Bridge Driver

VC80CRTRedist - 8.0.50727.6195

VGA Dual-Mode Camera

VLC media player 1.1.9

WebFldrs XP

Windows Driver Package - Camera Maker (MR97310_VGA_DUAL_CAMERA) Image 03/30/2004 2.0.0.0

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live OneCare safety scanner

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

XP Codec Pack

.

==== Event Viewer Messages From Past Week ========

.

5/16/2012 5:55:20 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

5/15/2012 8:05:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde

5/15/2012 8:05:07 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.

5/15/2012 8:05:05 PM, error: Service Control Manager [7022] - The Distributed Link Tracking Client service hung on starting.

5/15/2012 5:19:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips IntelIde intelppm ohci1394 SCDEmu ssmdrv

5/15/2012 5:19:18 PM, error: Service Control Manager [7022] - The Server service hung on starting.

5/15/2012 5:19:18 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.

5/15/2012 3:16:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

5/15/2012 3:15:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/15/2012 3:15:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm SCDEmu ssmdrv

5/15/2012 3:04:21 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

5/11/2012 3:40:57 PM, error: Service Control Manager [7000] - The USB-IDE Bridge service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites
1- What is that ARPPRODUCTION.exe that has been created in about 12 diff folders?

ARPPRODUCTION.exe is the product icon use by the ARPPRODUCTICON property. This property contains a key to the Icon table which contains the producticon displayed in the Add/Remove programs.

2- Are all those services that are "hanging" on startup the reason it takes my computer about 5 mins to boot up?

You have many unnecessary processes that start with your Windows. Can make many improvements to run faster your computer. Later, you can help yourself through this article:

http://forums.malwarebytes.org/index.php?showtopic=81990

Now:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Share this post


Link to post
Share on other sites

Maniac,

Ran ComboFix v12.5.19.2.

- No ComboFix.txt report was generated.

- The output file shown at the end of ComboFix running showed C:\32788R22FWJFW.

- C:\32788R22FWJFW has a computer and monitor as its icon.

- The properties for C:\32788R22FWJFW show it is 12.3 MB.

*** C:\32788R22FWJFW "shows the disk drives and hardware connected to this computer" (I see this when I hold my cursor over it.)

Thx for the info on my startup prob. I will wait until we are done fixing the main prob to mess with that. Just wasn't sure if the virus was causing all that.

Share this post


Link to post
Share on other sites

Maniac,

I am familiar with starting in safe mode and did so. Unforturnately, no log was created when running ComboFix again. The same output file that was created in the C: drive before was created again. Thoughts?

Share this post


Link to post
Share on other sites

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Share this post


Link to post
Share on other sites

I saved the OTL file on my desktop. After checking "All Users", I ran the Quick Scan. The only report generated was the OTL.txt. No Extras log was generated. I just realized that I may have run "defogger" when following the instructions from bleepingcomputer.com that I told you I executed before asking for your help. Could that be the cause for the Extras log not showing up? I doubt it but just thought I'd mention it.

OTL Log:

OTL logfile created on: 5/21/2012 3:25:12 PM - Run 4

OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Rob\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 654.31 Mb Available Physical Memory | 63.96% Memory free

1.66 Gb Paging File | 1.34 Gb Available in Paging File | 81.15% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 10.23 Gb Free Space | 13.73% Space Free | Partition Type: NTFS

Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive H: | 1863.01 Gb Total Space | 57.63 Gb Free Space | 3.09% Space Free | Partition Type: NTFS

Drive I: | 1397.26 Gb Total Space | 1001.55 Gb Free Space | 71.68% Space Free | Partition Type: NTFS

Drive K: | 7.47 Gb Total Space | 5.72 Gb Free Space | 76.53% Space Free | Partition Type: FAT32

Computer Name: ROB-CCA219EB460 | User Name: Rob | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/21 14:58:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe

PRC - [2011/07/01 12:34:36 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/04/28 21:11:06 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

PRC - [2010/11/03 09:54:28 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2008/11/17 17:06:24 | 000,210,208 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005/04/04 19:58:30 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

PRC - [2004/04/29 15:16:38 | 000,102,400 | ---- | M] (Sigmatel) -- C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\stacsystray.exe

PRC - [2004/04/29 15:15:10 | 000,081,920 | ---- | M] () -- C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\sigservice.exe

PRC - [2004/04/29 15:11:52 | 000,815,174 | ---- | M] () -- C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\stacsrv.exe

PRC - [2004/01/08 09:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE

========== Modules (No Company Name) ==========

MOD - [2010/01/28 13:57:58 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2008/06/20 09:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll

MOD - [2004/04/29 15:15:10 | 000,081,920 | ---- | M] () -- C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\sigservice.exe

MOD - [2004/04/29 15:11:52 | 000,815,174 | ---- | M] () -- C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\stacsrv.exe

MOD - [2003/08/30 09:35:00 | 000,389,120 | ---- | M] () -- C:\WINDOWS\system32\actskn43.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

SRV - [2012/04/03 13:23:45 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2011/07/01 12:34:36 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/04/28 21:11:06 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2005/04/04 19:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)

SRV - [2004/04/29 15:15:10 | 000,081,920 | ---- | M] () [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\sigservice.exe -- (SigService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\vsdatant.sys -- (vsdatant)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Rob\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2011/07/01 12:34:41 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/07/01 12:34:41 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)

DRV - [2007/08/06 17:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)

DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)

DRV - [2005/08/09 22:35:42 | 001,273,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2004/12/22 02:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2004/04/15 09:18:34 | 000,262,128 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)

DRV - [2004/03/30 11:29:36 | 000,118,106 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310v.sys -- (MR97310_VGA_DUAL_CAMERA)

DRV - [2003/12/17 09:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)

DRV - [2003/12/17 09:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)

DRV - [2003/12/17 09:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)

DRV - [2003/12/17 09:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)

DRV - [2003/11/26 02:31:26 | 001,205,418 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2000/12/12 16:45:52 | 000,008,679 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCI0PL.SYS -- (PLSCSI)

DRV - [2000/12/12 16:41:54 | 000,021,510 | ---- | M] ( ) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SCI1PL.SYS -- (USBAtapi2000)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1644491937-562591055-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-1644491937-562591055-725345543-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-1644491937-562591055-725345543-1003\..\SearchScopes\${searchCLSID}: "URL" = http://search.yahoo.com/search?ei=ISO-8859-1&fr=megaupi7s&q={searchTerms}

IE - HKU\S-1-5-21-1644491937-562591055-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-1644491937-562591055-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-1644491937-562591055-725345543-1003\..\SearchScopes\{F7908592-680D-4A94-8911-954B0684D0E0}: "URL" = http://search.yahoo.com/search?ei=ISO-8859-1&fr=megaupi7s&q={searchTerms}

IE - HKU\S-1-5-21-1644491937-562591055-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Rob\Application Data\Move Networks\plugins\npqmp071500000347.dll (Move Networks)

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Rob\Application Data\Move Networks\plugins\npqmp071500000347.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/11 23:34:08 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Rob\Application Data\Move Networks [2009/05/11 22:41:47 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/05/15 00:08:53 | 000,000,882 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 94.63.147.16 www.google.com

O1 - Hosts: 94.63.147.17 www.bing.com

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)

O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Download Accelerator Plus\dapieloader.dll (SpeedBit Ltd.)

O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O3 - HKU\S-1-5-21-1644491937-562591055-725345543-1003\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKU\S-1-5-21-1644491937-562591055-725345543-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Logitech Utility] C:\windows\LOGI_MWX.EXE (Logitech Inc.)

O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

O4 - HKLM..\Run: [stacSysTray] C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\stacsystray.exe (Sigmatel)

O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKU\S-1-5-21-1644491937-562591055-725345543-1003..\Run: [iSUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)

O4 - Startup: C:\Documents and Settings\Rob\Start Menu\Programs\Startup\Seagate Product Registration.lnk = C:\Documents and Settings\Rob\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe (Leader Technologies/Seagate)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1644491937-562591055-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1644491937-562591055-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1644491937-562591055-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKU\S-1-5-21-1644491937-562591055-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O8 - Extra context menu item: &Clean Traces - C:\Program Files\Download Accelerator Plus\Privacy Package\dapcleanerie.htm ()

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\Download Accelerator Plus\dapextie.htm ()

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\Download Accelerator Plus\dapextie2.htm ()

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra Button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196226844085 (WUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Value error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)

O16 - DPF: Web-Based Email Tools https://email.secureserver.net/Download.CAB (Reg Error: Key error.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\windows\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/11/27 20:05:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/05/06 05:26:23 | 000,000,309 | R--- | M] () - G:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2012/01/13 16:57:45 | 000,000,000 | ---- | M] () - I:\Autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/21 15:24:48 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe

[2012/05/19 14:29:34 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW

[2012/05/16 16:47:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Rob\Desktop\aswMBR.exe

[2012/05/16 16:45:14 | 004,495,010 | R--- | C] (Swearware) -- C:\Documents and Settings\Rob\Desktop\ComboFix.exe

[2012/05/16 16:43:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Rob\Desktop\dds.scr

[2012/05/15 15:30:52 | 000,000,000 | ---D | C] -- C:\HDD Virus Fix Logs (May 15, 2012)

[2012/05/15 15:07:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rob\Recent

[5 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/21 15:11:05 | 000,001,374 | ---- | M] () -- C:\windows\System32\wpa.dbl

[2012/05/21 15:10:45 | 000,000,236 | ---- | M] () -- C:\windows\tasks\OGALogon.job

[2012/05/21 15:06:20 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat

[2012/05/21 14:58:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe

[2012/05/21 00:57:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/05/19 22:47:33 | 000,738,517 | ---- | M] () -- C:\Documents and Settings\Rob\Application Data\vso_ts_preview.xml

[2012/05/18 18:40:44 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/05/16 19:33:28 | 000,001,324 | ---- | M] () -- C:\windows\System32\d3d9caps.dat

[2012/05/16 16:48:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Rob\defogger_reenable

[2012/05/16 16:47:25 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Rob\Desktop\aswMBR.exe

[2012/05/16 16:45:14 | 004,495,010 | R--- | M] (Swearware) -- C:\Documents and Settings\Rob\Desktop\ComboFix.exe

[2012/05/16 16:43:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Rob\Desktop\dds.scr

[2012/05/16 16:42:41 | 000,879,714 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\SecurityCheck.exe

[2012/05/16 16:42:26 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\Defogger.exe

[2012/05/16 07:40:44 | 002,126,424 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Rob\Desktop\TDSSKiller.exe

[2012/05/15 18:04:25 | 001,012,656 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\iExplore.exe

[2012/05/15 15:41:28 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/09 13:40:13 | 000,001,176 | ---- | M] () -- C:\Documents and Settings\Rob\Start Menu\Programs\Startup\Seagate Product Registration.lnk

[2012/04/25 18:48:50 | 000,000,000 | ---- | M] () -- C:\windows\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf

[2012/04/25 18:48:49 | 000,000,000 | ---- | M] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2012/04/25 14:22:04 | 000,000,256 | ---- | M] () -- C:\windows\System32\pool.bin

[2012/04/24 20:46:30 | 000,273,222 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\Swiss Legend Challenger Chrono - ALL BLK = $88 with code DDS3242412124204.pdf

[5 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/16 16:48:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rob\defogger_reenable

[2012/05/16 16:42:37 | 000,879,714 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\SecurityCheck.exe

[2012/05/16 16:42:26 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\Defogger.exe

[2012/05/15 18:04:26 | 001,012,656 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\iExplore.exe

[2012/04/25 18:48:50 | 000,000,000 | ---- | C] () -- C:\windows\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf

[2012/04/25 18:48:49 | 000,000,000 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2012/04/24 20:46:30 | 000,273,222 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\Swiss Legend Challenger Chrono - ALL BLK = $88 with code DDS3242412124204.pdf

[2012/02/16 19:12:12 | 000,003,072 | ---- | C] () -- C:\windows\System32\iacenc.dll

[2011/11/20 19:34:49 | 000,037,376 | ---- | C] () -- C:\windows\System32\VbVfw.dll

[2011/11/01 13:24:51 | 000,000,023 | ---- | C] () -- C:\windows\SWFDecompiler.INI

[2011/05/17 14:45:59 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Rob\Application Data\Adobe BMP Format CS5 Prefs

[2011/04/28 00:30:27 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs

[2011/04/28 00:11:19 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Rob\Application Data\Adobe PNG Format CS5 Prefs

[2010/11/14 02:39:16 | 000,086,016 | ---- | C] () -- C:\Documents and Settings\Rob\Application Data\00000540_VTS_1.IFO

[2010/11/06 00:56:51 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\ymnq.sys

[2010/07/12 21:55:53 | 000,000,050 | ---- | C] () -- C:\windows\MegaManager.INI

[2010/06/25 12:20:40 | 000,000,038 | ---- | C] () -- C:\windows\AviSplitter.INI

[2010/06/18 21:17:25 | 000,001,324 | ---- | C] () -- C:\windows\System32\d3d9caps.dat

[2010/06/18 20:12:05 | 000,000,000 | ---- | C] () -- C:\windows\Rxesalifipulukel.bin

[2010/06/18 20:12:04 | 000,000,120 | ---- | C] () -- C:\windows\Jqoqokezezocohof.dat

========== LOP Check ==========

[2009/02/15 16:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2007/11/28 19:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC

[2008/01/28 16:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2010/03/06 19:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit

[2010/10/21 17:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS

[2008/10/03 11:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MipKukSoft

[2007/12/13 04:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9

[2009/02/21 17:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

[2007/11/30 16:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap

[2011/05/06 22:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe

[2009/04/14 13:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate

[2010/08/27 21:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit

[2008/10/01 14:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir

[2008/10/01 14:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard

[2012/05/12 21:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/02/18 00:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft

[2010/06/13 23:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

[2009/10/27 20:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/12/17 22:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CC51AE54-B346-4954-ADDB-30BD4F138CF2}

[2011/11/19 20:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\096F53D8

[2012/01/14 13:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Azureus

[2008/04/14 01:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Blackberry Desktop

[2010/07/11 22:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Boilsoft

[2011/04/28 10:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2009/01/16 17:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/11/11 23:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\DDMSettings

[2007/12/13 05:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Eyeblaster

[2011/04/23 01:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\FLV Extract

[2010/06/16 17:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Free AVI MPEG WMV MP4 FLV Video Joiner

[2007/12/13 05:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\GameHouse

[2010/06/09 13:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\ImgBurn

[2010/03/06 20:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\IObit

[2009/02/20 17:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Leadertech

[2010/06/13 14:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Moyea

[2007/12/12 19:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Opera

[2007/11/29 18:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Research In Motion

[2008/10/01 14:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\ScanSoft

[2010/08/27 21:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Toolbar4

[2008/03/05 02:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Uniblue

[2012/05/19 22:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Vso

[2010/06/23 11:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Waim

[2012/05/21 15:10:45 | 000,000,236 | ---- | M] () -- C:\windows\Tasks\OGALogon.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\windows\AGRSMMSG.exe:SummaryInformation

@Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4CA4D70

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:010ADD2C

< End of report >

Share this post


Link to post
Share on other sites

No, this problem is not due to Defogger. Thanks for letting me know!

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\vsdatant.sys -- (vsdatant)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    [2012/05/19 14:29:34 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Rob\LOCALS~1\Temp\catchme.sys -- (catchme)
    [2010/06/18 20:12:05 | 000,000,000 | ---- | C] () -- C:\windows\Rxesalifipulukel.bin
    [2010/06/18 20:12:04 | 000,000,120 | ---- | C] () -- C:\windows\Jqoqokezezocohof.dat
    [2009/02/15 16:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2012/01/14 13:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Azureus
    [2010/08/27 21:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Toolbar4

    :Commands
    [emptytemp]
    [clearallrestorepoints]
    [resethosts]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Share this post


Link to post
Share on other sites

Maniac,

FYI, here is exactly what I did before I asked for you help:

http://www.bleepingcomputer.com/virus-removal/remove-smart-hdd

I followed these instructions in both Safe Mode and Normal Mode. When I still had issues, I posted on here. I ran OTL with the fix you suggested and rebooted my computer. My biggest concern is that all my programs showing from the Start --> Programs are empty. They don't show the executable files or much of anything. This is true for both BEFORE and AFTER the OTL fix. I hope that deleting the TEMP folders was ok as the fix on bleepingcomputer told me not to do that as the Unhide program needs the Temp folder to restore the proper links, etc.

Here is the OTL Fix Log:

All processes killed

========== OTL ==========

Service vsdatant stopped successfully!

Service vsdatant deleted successfully!

File System32\vsdatant.sys not found.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.

C:\32788R22FWJFW\N_ folder moved successfully.

C:\32788R22FWJFW\License folder moved successfully.

C:\32788R22FWJFW\EN-US folder moved successfully.

C:\32788R22FWJFW folder moved successfully.

Service catchme stopped successfully!

Service catchme deleted successfully!

File C:\DOCUME~1\Rob\LOCALS~1\Temp\catchme.sys not found.

C:\WINDOWS\Rxesalifipulukel.bin moved successfully.

C:\WINDOWS\Jqoqokezezocohof.dat moved successfully.

C:\Documents and Settings\All Users\Application Data\Azureus folder moved successfully.

C:\Documents and Settings\Rob\Application Data\Azureus\updates folder moved successfully.

C:\Documents and Settings\Rob\Application Data\Azureus\torrents folder moved successfully.

C:\Documents and Settings\Rob\Application Data\Azureus\tmp folder moved successfully.

C:\Documents and Settings\Rob\Application Data\Azureus\subs\temp folder moved successfully.

C:\Documents and Settings\Rob\Application Data\Azureus\subs folder moved successfully.

C:\Documents and Settings\Rob\Application Data\Azureus\shares folder moved successfully.

C:\Documents and Settings\Rob\Application Data\Azureus\rss folder moved successfully.

C:\Documents and Settings\Rob\Application Data\Azureus\plugins\hvi folder moved successfully.

C:\Documents and Settings\Rob\Application Data\Azureus\plugins\azupnpav folder moved successfully.

C:\Documents and Settings\Rob\Application Data\Azureus\plugins\azump\mplayer folder moved successfully.

C:\Documents and Settings\Rob\Application Data\Azureus\plugins\azump folder moved successfully.

C:\Documents and Settings\Rob\Application Data\Azureus\plugins\azemp folder moved successfully.

C:\Documents and Settings\Rob\Application Data\Azureus\plugins\aefeatman_v folder moved successfully.

C:\Documents and Settings\Rob\Application Data\Azureus\plugins folder moved successfully.

C:\Documents and Settings\Rob\Application Data\Azureus\net folder moved successfully.

C:\Documents and Settings\Rob\Application Data\Azureus\logs\save folder moved successfully.

C:\Documents and Settings\Rob\Application Data\Azureus\logs folder moved successfully.

C:\Documents and Settings\Rob\Application Data\Azureus\dht folder moved successfully.

C:\Documents and Settings\Rob\Application Data\Azureus\devices folder moved successfully.

C:\Documents and Settings\Rob\Application Data\Azureus\active\90E7CF25B656E6DABA39AD07ABE063B95A595504 folder moved successfully.

C:\Documents and Settings\Rob\Application Data\Azureus\active folder moved successfully.

C:\Documents and Settings\Rob\Application Data\Azureus folder moved successfully.

C:\Documents and Settings\Rob\Application Data\Toolbar4 folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 726333 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56466 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 821105159 bytes

->Flash cache emptied: 13541 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 375653131 bytes

->Java cache emptied: 1013 bytes

->Flash cache emptied: 30492 bytes

User: Rob

->Temp folder emptied: 125781003 bytes

->Temporary Internet Files folder emptied: 2113486659 bytes

->Java cache emptied: 489926 bytes

->Flash cache emptied: 77813 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2175612 bytes

%systemroot%\System32 .tmp files removed: 90112 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3813009 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 913710 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 1505386366 bytes

Total Files Cleaned = 4,721.00 mb

Restore point Set: OTL Restore Point

C:\windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.43.1 log created on 05222012_142815

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Even after unhide.exe Start Menu is still empty?

Share this post


Link to post
Share on other sites

Unhide made the icons reappear on my desktop. However, when I go to my list of programs via the Start button, they are listed with folders, but those folders are empty. Also, the list of programs seems a lot shorter.

Share this post


Link to post
Share on other sites

As far as I can tell nothing has changed with the folders in the Start --> Programs.

Share this post


Link to post
Share on other sites

What's missing there? Main shortcuts?

Share this post


Link to post
Share on other sites

Yes. Any and all executables. For example: START --> ALL PROGRAMS --> MICROSOFT OFFICE --> (Empty)

Share this post


Link to post
Share on other sites

I will try the advice in the last link you sent me tomorrow, 29 May.

Let me know when you get back so we can get this finished.

Thx.

Share this post


Link to post
Share on other sites

Still the same. I have reduced the number of folders from 100 down to 50 but still have the same problem. I did end and restart explorer as instructed. I am using the folder C:\Program Files. Is that the right one? The location of the other folders (when I right click properties) in the Start Menu shows: C:\Docs and Settings\All Users\Start Menu\Programs. Back to C:\Programs Files, several folders state that I will harm the program if I move the folder so only folders without that warning were moved.

Any ideas?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.