Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

malware help 2

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

malware help 2

Unread postby geniusless » March 7th, 2013, 7:25 pm

I believe my internet browsers and search have been hijacked at least. Also I have around as many NEW services in services.msc that state "New service would allow parents to control their children's online activity." as windows services???

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.17117
Run by jason seymer at 14:28:38 on 2013-03-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1504 [GMT -8:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.msn.com
uProxyOverride = localhost;*.local
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mRun: [EPSON Stylus Photo R320 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AntiLogger] "c:\program files\antilogger\AntiLogger.exe" /minimized
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoThumbnailCache = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Download all by RedTube Grabber - c:\program files\redtubegrabber\downall.htm
IE: Download by RedTube Grabber - <no file>
IE: Download by YouTube Robot - c:\program files\redtubegrabber\downlink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimi ... Config.CAB
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/ ... 10.115.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDow ... eqlab2.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/ ... anager.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.co ... .5.1.0.cab
TCP: NameServer = 192.168.1.1 184.16.33.54
TCP: Interfaces\{6169ED15-02B6-402A-8C9E-92A9925076EC} : DHCPNameServer = 192.168.1.1 184.16.33.54
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.97\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2012-3-17 12184]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]
R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\drivers\ladfDHP2i386.sys [2012-8-29 53976]
R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\drivers\ladfSBVMi386.sys [2012-8-29 335064]
S0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys --> c:\windows\system32\drivers\tclondrv.sys [?]
S1 AntiLog32;AntiLog32;\??\c:\windows\system32\drivers\antilog32.sys --> c:\windows\system32\drivers\AntiLog32.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 Alpham;Ideazon Fang Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [2005-12-4 34944]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-1-12 83168]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-8-22 20032]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;\??\c:\program files\msi\live update 5\msibios32_100507.sys --> c:\program files\msi\live update 5\msibios32_100507.sys [?]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2012-4-2 50704]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\c:\program files\msi\live update 5\ntiolib.sys --> c:\program files\msi\live update 5\NTIOLib.sys [?]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2011-1-22 23096]
S3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2011-1-22 5688]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-1-12 181344]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-1-22 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-1-22 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-1-22 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-1-22 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-1-22 25704]
S4 avg7core;BASFND;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S4 avgarcln;Msi_wlan_service;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2012-9-3 79360]
S4 GV600_4;Z800bus;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S4 LMIRfsDriver;Se59mgmt;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S4 mcusrmgr;Dmprimer;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S4 pavatscheduler;Usbvideo;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S4 SATARaid5 Config Service;SATARaid5 Configuration Service;c:\program files\silicon image\3114-w-i32-r sataraid5\SATARaid5ConfigService.exe [2005-10-5 131072]
S4 STSService;STSService;"c:\program files\soundtaxi media suite\stsservice.exe" --> c:\program files\soundtaxi media suite\STSService.exe [?]
.
=============== Created Last 30 ================
.
2013-02-25 02:33:36 405504 ----a-w- c:\windows\system32\CapabilityTable.exe
2013-02-25 02:33:04 176128 ----a-w- c:\windows\system32\nvunrm.exe
2013-02-25 02:33:00 176128 ----a-w- c:\windows\system32\nvusmb.exe
2013-02-21 05:06:37 -------- d-----w- c:\program files\AVAST Software
2013-02-21 05:06:37 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-02-21 01:36:19 -------- d-----w- c:\documents and settings\jason seymer\local settings\application data\Avg2013
2013-02-19 20:06:45 -------- d-----w- c:\documents and settings\jason seymer\local settings\application data\Zemana
2013-02-19 20:06:42 -------- d-----w- c:\program files\AntiLogger
2013-02-19 05:42:38 -------- d-----w- c:\documents and settings\jason seymer\application data\IsolatedStorage
2013-02-19 05:42:38 -------- d-----w- c:\documents and settings\all users\application data\IsolatedStorage
2013-02-19 05:42:26 -------- d-----w- c:\documents and settings\jason seymer\local settings\application data\_
2013-02-19 02:54:11 -------- d-----w- c:\program files\NirSoft
2013-02-17 06:41:51 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-02-17 06:41:39 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-02-15 22:31:23 186432 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2013-03-04 06:57:29 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-02-08 00:40:10 74096 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-08 00:40:10 697712 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-05 00:33:24 720896 ----a-w- c:\windows\iun6002ev.exe
2013-01-28 04:53:32 293704 -c--a-w- c:\windows\system32\nvdrsdb0.bin
2013-01-28 04:53:32 1 -c--a-w- c:\windows\system32\nvdrssel.bin
2013-01-28 02:23:48 293704 -c--a-w- c:\windows\system32\nvdrsdb1.bin
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:43:21 832512 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:43:21 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-26 20:43:20 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-12-26 20:43:20 17408 ----a-w- c:\windows\system32\corpol.dll
2012-12-17 02:47:49 139152 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-12-17 02:47:37 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-12-17 02:20:48 111928 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 14:29:28.22 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/8/2004 8:52:58 PM
System Uptime: 3/7/2013 2:11:09 PM (0 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7125
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ | Socket 939 | 2210/201mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 18.982 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP247: 12/17/2012 8:58:36 PM - Software Distribution Service 3.0
RP248: 1/11/2013 7:21:15 PM - Software Distribution Service 3.0
RP249: 2/4/2013 8:42:43 PM - System Checkpoint
RP250: 2/4/2013 10:02:35 PM - Software Distribution Service 3.0
RP251: 2/19/2013 12:09:43 PM - Software Distribution Service 3.0
RP252: 2/20/2013 5:09:03 PM - System Checkpoint
RP253: 2/20/2013 5:35:16 PM - Removed AVG 2013
RP254: 2/20/2013 5:36:28 PM - Removed AVG 2013
RP255: 2/21/2013 1:37:48 AM - Removed Windows 7 Upgrade Advisor
RP256: 2/21/2013 2:37:11 AM - Software Distribution Service 3.0
RP257: 2/22/2013 12:52:39 AM - Software Distribution Service 3.0
RP258: 2/24/2013 3:23:28 PM - System Checkpoint
RP259: 2/24/2013 7:10:21 PM - Configured NVIDIA ForceWare Network Access Manager
RP260: 2/27/2013 1:01:09 AM - System Checkpoint
RP261: 3/3/2013 7:04:05 PM - System Checkpoint
RP262: 3/3/2013 7:51:59 PM - avast! Free Antivirus Setup
RP263: 3/7/2013 2:03:38 PM - Removed Java 7 Update 9
RP264: 3/7/2013 2:04:01 PM - Removed Java(TM) 6 Update 17
RP265: 3/7/2013 2:04:19 PM - Removed Java(TM) 6 Update 3
.
==== Installed Programs ======================
.
3114-W-I32-R SATARAID5
530TX+
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.6)
Any Video Converter 3.0.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bandicam
Bandisoft MPEG-1 Decoder
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Battlefield 1942™
Battlefield Vietnam(TM)
Bonjour
Cablenut 4.08
Call of Duty 4 - Modern Warfare
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.1 Patch
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Call of Duty(R) - World at War(TM) 1.5 Patch
Call of Duty(R) - World at War(TM) 1.6 Patch
Call of Duty(R) - World at War(TM) 1.7 Patch
Call of Duty(R) 2
Call of Duty(R) 2 Patch 1.3
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
CCleaner
Creative Audio Control Panel
Creative Console Launcher
Creative MediaSource 5
Creative Software AutoUpdate
Creative WaveStudio 7
D-Link DFE530TX
D-Link PCI Fast Ethernet Adapter
DesertCombat 0.7
DFE-530TX Driver
DVD Shrink 3.2
Easy CD & DVD Creator 6
EPSON CardMonitor
EPSON Print CD
EPSON Printer Software
ESPR320 Reference Guide
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImagXpress
iPod2PC 3.9
iTunes
LimeWire 5.2.13
Logitech G35
Logitech Gaming Software
Logitech Gaming Software 5.10
Logitech Harmony Remote Software 7
Logitech Registration
Logitech SetPoint 6.32
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft WinUsb 1.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
neroxml
NirSoft OpenedFilesView
NVIDIA Control Panel 295.73
NVIDIA Drivers
NVIDIA Graphics Driver 295.73
NVIDIA Install Application
NVIDIA nTune
NVIDIA nView 135.95
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0209
NVIDIA Update 1.7.11
NVIDIA Update Components
OpenAL
Origin
PunkBuster for Battlefield 1942
PunkBuster for Battlefield Vietnam
PunkBuster Services
QuickTime
Realtek AC'97 Audio
Remote Control USB Driver
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2792100)
Security Update for Windows Internet Explorer 7 (KB2797052)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCRedistSetup
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Mobile Device Updater Component
Windows XP Service Pack 3
WinRAR archiver
Z Engine
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
3/3/2013 6:49:08 PM, error: Service Control Manager [7023] - The SSHNAS service terminated with the following error: The system cannot find the file specified.
3/3/2013 6:49:08 PM, error: Service Control Manager [7023] - The Rt2500usb service terminated with the following error: The system cannot find the file specified.
3/3/2013 6:49:08 PM, error: Service Control Manager [7023] - The Ql2100 service terminated with the following error: The system cannot find the file specified.
3/3/2013 6:49:08 PM, error: Service Control Manager [7023] - The Msfwsvc service terminated with the following error: The system cannot find the file specified.
.
==== End Of File ===========================
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm
Advertisement
Register to Remove

Re: malware help 2

Unread postby Gary R » March 8th, 2013, 5:57 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: malware help 2

Unread postby Gary R » March 8th, 2013, 6:04 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Malware Removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi geniusless

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
Important As I said earlier removing Malware is a potentially hazardous thing to do, so to increase our chances of recovery in the event of something unexpected happening, I'd like you to make a backup of your Registry before we start to clean your computer.
  • Download ERUNT to your desktop
  • Alternate Download
  • Double-click on erunt_setup.exe to install the program
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....
    • Let me know.
    • Do not follow any further instructions until I tell you to.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


There's signs in your DDS log that you may have a remote access infection on your computer, so before we go any further I need you to run some extra scans for me so we can see whether that is the case or not.

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Next

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Summary of the logs I need from you in your next post:
  • TDSSKiller log
  • OTL.txt
  • Extras.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: malware help 2

Unread postby geniusless » March 8th, 2013, 1:00 pm

08:57:55.0671 3736 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:57:56.0031 3736 ============================================================
08:57:56.0031 3736 Current date / time: 2013/03/08 08:57:56.0031
08:57:56.0031 3736 SystemInfo:
08:57:56.0031 3736
08:57:56.0031 3736 OS Version: 5.1.2600 ServicePack: 3.0
08:57:56.0031 3736 Product type: Workstation
08:57:56.0031 3736 ComputerName: JASON
08:57:56.0031 3736 UserName: jason seymer
08:57:56.0031 3736 Windows directory: C:\WINDOWS
08:57:56.0031 3736 System windows directory: C:\WINDOWS
08:57:56.0031 3736 Processor architecture: Intel x86
08:57:56.0031 3736 Number of processors: 2
08:57:56.0031 3736 Page size: 0x1000
08:57:56.0031 3736 Boot type: Normal boot
08:57:56.0031 3736 ============================================================
08:57:56.0390 3736 !crdlk
08:57:56.0390 3736 Drive \Device\Harddisk0\DR0 - Size: 0x2543E20000 (149.06 Gb), SectorSize: 0x200, Cylinders: 0x4C02, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:57:56.0390 3736 ============================================================
08:57:56.0390 3736 \Device\Harddisk0\DR0:
08:57:56.0390 3736 MBR partitions:
08:57:56.0390 3736 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
08:57:56.0390 3736 ============================================================
08:57:56.0437 3736 C: <-> \Device\Harddisk0\DR0\Partition1
08:57:56.0437 3736 ============================================================
08:57:56.0437 3736 Initialize success
08:57:56.0437 3736 ============================================================
08:58:26.0359 3840 ============================================================
08:58:26.0359 3840 Scan started
08:58:26.0359 3840 Mode: Manual;
08:58:26.0359 3840 ============================================================
08:58:26.0421 3840 ================ Scan system memory ========================
08:58:26.0421 3840 System memory - ok
08:58:26.0421 3840 ================ Scan services =============================
08:58:26.0609 3840 Abiosdsk - ok
08:58:26.0609 3840 abp480n5 - ok
08:58:26.0671 3840 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:58:26.0671 3840 ACPI - ok
08:58:26.0703 3840 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
08:58:26.0703 3840 ACPIEC - ok
08:58:26.0765 3840 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:58:26.0781 3840 AdobeFlashPlayerUpdateSvc - ok
08:58:26.0781 3840 adpu160m - ok
08:58:26.0812 3840 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
08:58:26.0812 3840 aec - ok
08:58:26.0875 3840 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
08:58:26.0875 3840 AFD - ok
08:58:26.0875 3840 agnwifi - ok
08:58:26.0890 3840 Aha154x - ok
08:58:26.0890 3840 aic78u2 - ok
08:58:26.0906 3840 aic78xx - ok
08:58:27.0031 3840 [ DD8520280304B6145A6BE31008748C7C ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
08:58:27.0140 3840 ALCXWDM - ok
08:58:27.0203 3840 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
08:58:27.0203 3840 Alerter - ok
08:58:27.0218 3840 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
08:58:27.0218 3840 ALG - ok
08:58:27.0218 3840 AliIde - ok
08:58:27.0265 3840 [ 7A4AEDB2D0C25AB8B95683C2944891C6 ] Alpham C:\WINDOWS\system32\DRIVERS\Alpham.sys
08:58:27.0265 3840 Alpham - ok
08:58:27.0328 3840 [ ACD2F2DF292B6CC28F58095BBA63A068 ] Alpham1 C:\WINDOWS\system32\DRIVERS\Alpham1.sys
08:58:27.0328 3840 Alpham1 - ok
08:58:27.0343 3840 [ F4FAFB2E74B83A156408B1B02302799E ] Alpham2 C:\WINDOWS\system32\DRIVERS\Alpham2.sys
08:58:27.0343 3840 Alpham2 - ok
08:58:27.0343 3840 AmdK8 - ok
08:58:27.0390 3840 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
08:58:27.0390 3840 AmdPPM - ok
08:58:27.0390 3840 amsint - ok
08:58:27.0390 3840 AntiLog32 - ok
08:58:27.0500 3840 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:58:27.0515 3840 Apple Mobile Device - ok
08:58:27.0546 3840 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
08:58:27.0562 3840 AppMgmt - ok
08:58:27.0578 3840 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:58:27.0578 3840 Arp1394 - ok
08:58:27.0593 3840 asc - ok
08:58:27.0593 3840 asc3350p - ok
08:58:27.0593 3840 asc3550 - ok
08:58:27.0640 3840 [ B979979AB8027F7F53FB16EC4229B7DB ] ASPI32 C:\WINDOWS\system32\drivers\ASPI32.sys
08:58:27.0640 3840 ASPI32 - ok
08:58:27.0796 3840 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:58:27.0843 3840 aspnet_state - ok
08:58:27.0875 3840 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:58:27.0875 3840 AsyncMac - ok
08:58:27.0890 3840 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
08:58:27.0890 3840 atapi - ok
08:58:27.0906 3840 Atdisk - ok
08:58:27.0937 3840 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:58:27.0937 3840 Atmarpc - ok
08:58:27.0968 3840 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
08:58:27.0968 3840 AudioSrv - ok
08:58:28.0000 3840 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
08:58:28.0000 3840 audstub - ok
08:58:28.0000 3840 avgarcln - ok
08:58:28.0062 3840 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
08:58:28.0062 3840 Beep - ok
08:58:28.0109 3840 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
08:58:28.0218 3840 BITS - ok
08:58:28.0296 3840 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:58:28.0296 3840 Bonjour Service - ok
08:58:28.0343 3840 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
08:58:28.0343 3840 Browser - ok
08:58:28.0390 3840 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
08:58:28.0406 3840 cbidf2k - ok
08:58:28.0406 3840 cd20xrnt - ok
08:58:28.0421 3840 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
08:58:28.0421 3840 Cdaudio - ok
08:58:28.0468 3840 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
08:58:28.0468 3840 Cdfs - ok
08:58:28.0500 3840 [ 6C8969B0DAA9B7466A33C39E7DD51B0F ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys
08:58:28.0500 3840 Cdr4_xp - ok
08:58:28.0531 3840 [ DAD56D05F794F8A094D97FB4E39BC14B ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys
08:58:28.0531 3840 Cdralw2k - ok
08:58:28.0562 3840 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:58:28.0562 3840 Cdrom - ok
08:58:28.0593 3840 [ 12EF582188F1898680475C5E134DD990 ] cdudf_xp C:\WINDOWS\system32\drivers\cdudf_xp.sys
08:58:28.0593 3840 cdudf_xp - ok
08:58:28.0609 3840 Changer - ok
08:58:28.0640 3840 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
08:58:28.0640 3840 CiSvc - ok
08:58:28.0656 3840 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
08:58:28.0656 3840 ClipSrv - ok
08:58:28.0703 3840 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:58:28.0875 3840 clr_optimization_v2.0.50727_32 - ok
08:58:28.0968 3840 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:58:28.0968 3840 clr_optimization_v4.0.30319_32 - ok
08:58:28.0968 3840 CmdIde - ok
08:58:28.0968 3840 COMSysApp - ok
08:58:29.0000 3840 Cpqarray - ok
08:58:29.0031 3840 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
08:58:29.0031 3840 Creative Audio Engine Licensing Service - ok
08:58:29.0078 3840 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
08:58:29.0078 3840 Creative Service for CDROM Access - ok
08:58:29.0109 3840 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
08:58:29.0109 3840 CryptSvc - ok
08:58:29.0140 3840 [ B9106942EB5DD0E034AB40A9D48D056E ] CT20XUT C:\WINDOWS\system32\drivers\CT20XUT.SYS
08:58:29.0140 3840 CT20XUT - ok
08:58:29.0156 3840 [ B9106942EB5DD0E034AB40A9D48D056E ] CT20XUT.SYS C:\WINDOWS\System32\drivers\CT20XUT.SYS
08:58:29.0156 3840 CT20XUT.SYS - ok
08:58:29.0234 3840 [ F2B1D0A3D21BD0D9F46457CBCEC1A0E9 ] ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys
08:58:29.0234 3840 ctac32k - ok
08:58:29.0250 3840 [ 44F60A5E3C3A8A6BBA4C280948EA6095 ] ctaud2k C:\WINDOWS\system32\drivers\ctaud2k.sys
08:58:29.0265 3840 ctaud2k - ok
08:58:29.0390 3840 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
08:58:29.0390 3840 CTAudSvcService - ok
08:58:29.0437 3840 [ 8CBE82D6BBF206E144F22CB33FAB1F2C ] ctdvda2k C:\WINDOWS\system32\drivers\ctdvda2k.sys
08:58:29.0437 3840 ctdvda2k - ok
08:58:29.0484 3840 [ 4AE083D16AC9FC9BDF98498F93426226 ] CTEXFIFX C:\WINDOWS\system32\drivers\CTEXFIFX.SYS
08:58:29.0484 3840 CTEXFIFX - ok
08:58:29.0515 3840 [ 4AE083D16AC9FC9BDF98498F93426226 ] CTEXFIFX.SYS C:\WINDOWS\System32\drivers\CTEXFIFX.SYS
08:58:29.0531 3840 CTEXFIFX.SYS - ok
08:58:29.0546 3840 [ B610BFE02F9FC0CB0B1CDE3EC4C13FFA ] CTHWIUT C:\WINDOWS\system32\drivers\CTHWIUT.SYS
08:58:29.0546 3840 CTHWIUT - ok
08:58:29.0562 3840 [ B610BFE02F9FC0CB0B1CDE3EC4C13FFA ] CTHWIUT.SYS C:\WINDOWS\System32\drivers\CTHWIUT.SYS
08:58:29.0578 3840 CTHWIUT.SYS - ok
08:58:29.0578 3840 [ F0F19A13C948E5289601E354B08E0941 ] ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys
08:58:29.0578 3840 ctprxy2k - ok
08:58:29.0625 3840 [ C7B2C36A6203A5F3D0A378FD78C5DDD6 ] ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys
08:58:29.0625 3840 ctsfm2k - ok
08:58:29.0625 3840 dac2w2k - ok
08:58:29.0640 3840 dac960nt - ok
08:58:29.0718 3840 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
08:58:29.0718 3840 DcomLaunch - ok
08:58:29.0765 3840 [ 6216FD7FD227DE454238A702B218CEC7 ] dgderdrv C:\WINDOWS\system32\drivers\dgderdrv.sys
08:58:29.0765 3840 dgderdrv - ok
08:58:29.0828 3840 [ 6CC6C4B9D7B906A151AA094CA087B9F0 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
08:58:29.0828 3840 dg_ssudbus - ok
08:58:29.0875 3840 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
08:58:29.0875 3840 Dhcp - ok
08:58:29.0921 3840 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
08:58:29.0921 3840 Disk - ok
08:58:29.0937 3840 dmadmin - ok
08:58:30.0000 3840 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
08:58:30.0015 3840 dmboot - ok
08:58:30.0015 3840 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
08:58:30.0015 3840 dmio - ok
08:58:30.0031 3840 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
08:58:30.0031 3840 dmload - ok
08:58:30.0046 3840 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
08:58:30.0046 3840 dmserver - ok
08:58:30.0078 3840 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
08:58:30.0078 3840 DMusic - ok
08:58:30.0125 3840 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
08:58:30.0125 3840 Dnscache - ok
08:58:30.0171 3840 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
08:58:30.0203 3840 Dot3svc - ok
08:58:30.0203 3840 dpti2o - ok
08:58:30.0218 3840 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
08:58:30.0218 3840 drmkaud - ok
08:58:30.0250 3840 [ 2558E60DB696A8C6276654784CC3821A ] DVDVRRdr_xp C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
08:58:30.0250 3840 DVDVRRdr_xp - ok
08:58:30.0265 3840 [ 4834934CF2617547B60932382FE286AC ] dvd_2K C:\WINDOWS\system32\drivers\dvd_2K.sys
08:58:30.0265 3840 dvd_2K - ok
08:58:30.0281 3840 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
08:58:30.0281 3840 EapHost - ok
08:58:30.0328 3840 [ FB2D6D4D14AE801F5267B0368FC0CB0C ] emupia C:\WINDOWS\system32\drivers\emupia2k.sys
08:58:30.0328 3840 emupia - ok
08:58:30.0375 3840 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
08:58:30.0375 3840 ERSvc - ok
08:58:30.0421 3840 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
08:58:30.0437 3840 Eventlog - ok
08:58:30.0484 3840 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
08:58:30.0484 3840 EventSystem - ok
08:58:30.0531 3840 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
08:58:30.0531 3840 Fastfat - ok
08:58:30.0578 3840 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:58:30.0578 3840 FastUserSwitchingCompatibility - ok
08:58:30.0593 3840 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
08:58:30.0593 3840 Fdc - ok
08:58:30.0640 3840 [ 95BC4D8493FE30312F5E1AB57EF36083 ] FETNDISB C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys
08:58:30.0640 3840 FETNDISB - ok
08:58:30.0671 3840 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
08:58:30.0671 3840 Fips - ok
08:58:30.0703 3840 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:58:30.0703 3840 Flpydisk - ok
08:58:30.0750 3840 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
08:58:30.0765 3840 FltMgr - ok
08:58:30.0843 3840 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:58:30.0843 3840 FontCache3.0.0.0 - ok
08:58:30.0859 3840 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:58:30.0859 3840 Fs_Rec - ok
08:58:30.0875 3840 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:58:30.0875 3840 Ftdisk - ok
08:58:30.0906 3840 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
08:58:30.0906 3840 GEARAspiWDM - ok
08:58:30.0906 3840 GMSIPCI - ok
08:58:30.0953 3840 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:58:30.0953 3840 Gpc - ok
08:58:31.0062 3840 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
08:58:31.0078 3840 gupdate - ok
08:58:31.0078 3840 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
08:58:31.0078 3840 gupdatem - ok
08:58:31.0125 3840 [ 7FF1CED1201C169A783B0E81CC561FBA ] ha20x2k C:\WINDOWS\system32\drivers\ha20x2k.sys
08:58:31.0140 3840 ha20x2k - ok
08:58:31.0156 3840 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:58:31.0156 3840 HDAudBus - ok
08:58:31.0234 3840 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:58:31.0234 3840 helpsvc - ok
08:58:31.0265 3840 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
08:58:31.0265 3840 HidServ - ok
08:58:31.0296 3840 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:58:31.0296 3840 hidusb - ok
08:58:31.0328 3840 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
08:58:31.0328 3840 hkmsvc - ok
08:58:31.0343 3840 hpn - ok
08:58:31.0390 3840 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
08:58:31.0390 3840 HTTP - ok
08:58:31.0437 3840 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
08:58:31.0437 3840 HTTPFilter - ok
08:58:31.0453 3840 i2omgmt - ok
08:58:31.0453 3840 i2omp - ok
08:58:31.0500 3840 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:58:31.0500 3840 i8042prt - ok
08:58:31.0562 3840 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:58:31.0578 3840 idsvc - ok
08:58:31.0609 3840 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
08:58:31.0609 3840 Imapi - ok
08:58:31.0656 3840 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
08:58:31.0656 3840 ImapiService - ok
08:58:31.0671 3840 ini910u - ok
08:58:31.0687 3840 IntelIde - ok
08:58:31.0734 3840 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
08:58:31.0734 3840 Ip6Fw - ok
08:58:31.0750 3840 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:58:31.0750 3840 IpFilterDriver - ok
08:58:31.0765 3840 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:58:31.0765 3840 IpInIp - ok
08:58:31.0781 3840 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:58:31.0796 3840 IpNat - ok
08:58:31.0875 3840 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:58:31.0875 3840 iPod Service - ok
08:58:31.0890 3840 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:58:31.0890 3840 IPSec - ok
08:58:31.0906 3840 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
08:58:31.0906 3840 IRENUM - ok
08:58:31.0921 3840 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:58:31.0921 3840 isapnp - ok
08:58:31.0968 3840 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:58:31.0968 3840 Kbdclass - ok
08:58:31.0984 3840 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:58:31.0984 3840 kbdhid - ok
08:58:32.0000 3840 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
08:58:32.0015 3840 kmixer - ok
08:58:32.0031 3840 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
08:58:32.0031 3840 KSecDD - ok
08:58:32.0062 3840 [ D88846F9F4F27AE9BE584A6E5B6B8753 ] L8042Kbd C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
08:58:32.0062 3840 L8042Kbd - ok
08:58:32.0078 3840 [ BEA61FDA2103F6F51B14EB0872E8A050 ] L8042mou C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
08:58:32.0078 3840 L8042mou - ok
08:58:32.0109 3840 [ AB62392549FF7EEEC3506F6B0030D75C ] LADF_DHP2 C:\WINDOWS\system32\DRIVERS\ladfDHP2i386.sys
08:58:32.0109 3840 LADF_DHP2 - ok
08:58:32.0140 3840 [ 61A7ADEC7C4B11548CB2C8B2FBB0A498 ] LADF_SBVM C:\WINDOWS\system32\DRIVERS\ladfSBVMi386.sys
08:58:32.0156 3840 LADF_SBVM - ok
08:58:32.0187 3840 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
08:58:32.0187 3840 lanmanserver - ok
08:58:32.0250 3840 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:58:32.0265 3840 lanmanworkstation - ok
08:58:32.0296 3840 [ BE2DC24D403643A2D1D98F33C7087B38 ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys
08:58:32.0296 3840 LBeepKE - ok
08:58:32.0312 3840 lbrtfdc - ok
08:58:32.0437 3840 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
08:58:32.0437 3840 LBTServ - ok
08:58:32.0484 3840 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
08:58:32.0484 3840 LHidFilt - ok
08:58:32.0484 3840 LHidUsbK - ok
08:58:32.0562 3840 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
08:58:32.0562 3840 LmHosts - ok
08:58:32.0593 3840 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
08:58:32.0609 3840 LMouFilt - ok
08:58:32.0625 3840 [ CAB504E38FCED9A56D87D838E9BA13E9 ] LMouKE C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
08:58:32.0625 3840 LMouKE - ok
08:58:32.0656 3840 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
08:58:32.0656 3840 Messenger - ok
08:58:32.0750 3840 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
08:58:32.0765 3840 Microsoft Office Groove Audit Service - ok
08:58:32.0796 3840 [ 3E34E2F98BF936A70D513E0CFB091C78 ] mmc_2K C:\WINDOWS\system32\drivers\mmc_2K.sys
08:58:32.0796 3840 mmc_2K - ok
08:58:32.0828 3840 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
08:58:32.0828 3840 mnmdd - ok
08:58:32.0859 3840 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
08:58:32.0859 3840 mnmsrvc - ok
08:58:32.0906 3840 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
08:58:32.0906 3840 Modem - ok
08:58:32.0921 3840 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:58:32.0921 3840 Mouclass - ok
08:58:32.0937 3840 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:58:32.0937 3840 mouhid - ok
08:58:32.0953 3840 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
08:58:32.0953 3840 MountMgr - ok
08:58:32.0953 3840 mraid35x - ok
08:58:32.0968 3840 MREMPR5 - ok
08:58:32.0968 3840 MRENDIS5 - ok
08:58:32.0984 3840 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:58:32.0984 3840 MRxDAV - ok
08:58:33.0031 3840 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:58:33.0031 3840 MRxSmb - ok
08:58:33.0078 3840 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
08:58:33.0078 3840 MSDTC - ok
08:58:33.0093 3840 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
08:58:33.0093 3840 Msfs - ok
08:58:33.0109 3840 MSIServer - ok
08:58:33.0140 3840 MSI_MSIBIOS_010507 - ok
08:58:33.0140 3840 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:58:33.0140 3840 MSKSSRV - ok
08:58:33.0171 3840 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:58:33.0187 3840 MSPCLOCK - ok
08:58:33.0203 3840 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
08:58:33.0203 3840 MSPQM - ok
08:58:33.0250 3840 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:58:33.0250 3840 mssmbios - ok
08:58:33.0281 3840 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
08:58:33.0281 3840 Mup - ok
08:58:33.0328 3840 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
08:58:33.0343 3840 napagent - ok
08:58:33.0390 3840 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
08:58:33.0390 3840 NDIS - ok
08:58:33.0421 3840 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:58:33.0421 3840 NdisTapi - ok
08:58:33.0468 3840 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:58:33.0468 3840 Ndisuio - ok
08:58:33.0484 3840 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:58:33.0484 3840 NdisWan - ok
08:58:33.0531 3840 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
08:58:33.0531 3840 NDProxy - ok
08:58:33.0578 3840 Nero BackItUp Scheduler 4.0 - ok
08:58:33.0578 3840 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
08:58:33.0578 3840 NetBIOS - ok
08:58:33.0609 3840 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
08:58:33.0609 3840 NetBT - ok
08:58:33.0640 3840 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
08:58:33.0640 3840 NetDDE - ok
08:58:33.0656 3840 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
08:58:33.0656 3840 NetDDEdsdm - ok
08:58:33.0687 3840 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
08:58:33.0687 3840 Netlogon - ok
08:58:33.0718 3840 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
08:58:33.0718 3840 Netman - ok
08:58:33.0765 3840 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:58:33.0765 3840 NetTcpPortSharing - ok
08:58:33.0796 3840 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:58:33.0796 3840 NIC1394 - ok
08:58:33.0828 3840 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
08:58:33.0828 3840 Nla - ok
08:58:33.0875 3840 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINDOWS\system32\drivers\NPF.sys
08:58:33.0875 3840 NPF - ok
08:58:33.0890 3840 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
08:58:33.0890 3840 Npfs - ok
08:58:33.0921 3840 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
08:58:33.0937 3840 Ntfs - ok
08:58:33.0937 3840 NTIOLib_1_0_4 - ok
08:58:33.0937 3840 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
08:58:33.0937 3840 NtLmSsp - ok
08:58:33.0968 3840 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
08:58:33.0984 3840 NtmsSvc - ok
08:58:34.0015 3840 nTuneService - ok
08:58:34.0031 3840 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
08:58:34.0031 3840 Null - ok
08:58:34.0546 3840 [ 66165CF6DBC8ADB1B95354CDCAD8A736 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:58:34.0609 3840 nv - ok
08:58:34.0656 3840 [ 0344AA9113DC16EEC379F4652020849D ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys
08:58:34.0671 3840 nvata - ok
08:58:34.0687 3840 [ A1F88223528AADBB6374132BECBBDCC1 ] nvatabus C:\WINDOWS\system32\drivers\nvatabus.sys
08:58:34.0718 3840 nvatabus - ok
08:58:34.0750 3840 [ 7D275ECDA4628318912F6C945D5CF963 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
08:58:34.0750 3840 NVENETFD - ok
08:58:34.0781 3840 [ A211AB524324E84C2C805B52DFCDD544 ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys
08:58:34.0781 3840 NVHDA - ok
08:58:34.0796 3840 [ B64AACEFAD2BE5BFF5353FE681253C67 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
08:58:34.0796 3840 nvnetbus - ok
08:58:34.0812 3840 NVR0Dev - ok
08:58:34.0843 3840 [ A4F2A29B9D40F9FFBBB54E56CE483797 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
08:58:34.0843 3840 nvraid - ok
08:58:34.0906 3840 [ 971B4344ABA9B79ED0E9D0BB2A5283C1 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
08:58:34.0906 3840 NVSvc - ok
08:58:35.0000 3840 [ 4CDE6D8E0A07DCE9E568F58A5DC8086C ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
08:58:35.0062 3840 nvUpdatusService - ok
08:58:35.0109 3840 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:58:35.0109 3840 NwlnkFlt - ok
08:58:35.0125 3840 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:58:35.0125 3840 NwlnkFwd - ok
08:58:35.0250 3840 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:58:35.0265 3840 odserv - ok
08:58:35.0265 3840 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:58:35.0265 3840 ohci1394 - ok
08:58:35.0296 3840 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:58:35.0296 3840 ose - ok
08:58:35.0328 3840 [ AC5BF1A610EFFAAE9CFC48CB53483F08 ] ossrv C:\WINDOWS\system32\drivers\ctoss2k.sys
08:58:35.0328 3840 ossrv - ok
08:58:35.0390 3840 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
08:58:35.0390 3840 Parport - ok
08:58:35.0390 3840 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
08:58:35.0406 3840 PartMgr - ok
08:58:35.0437 3840 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
08:58:35.0437 3840 ParVdm - ok
08:58:35.0453 3840 PCASp50 - ok
08:58:35.0484 3840 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
08:58:35.0484 3840 PCI - ok
08:58:35.0500 3840 PCIDump - ok
08:58:35.0500 3840 PCIIde - ok
08:58:35.0531 3840 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
08:58:35.0531 3840 Pcmcia - ok
08:58:35.0546 3840 PDCOMP - ok
08:58:35.0546 3840 PDFRAME - ok
08:58:35.0562 3840 PDRELI - ok
08:58:35.0562 3840 PDRFRAME - ok
08:58:35.0578 3840 perc2 - ok
08:58:35.0578 3840 perc2hib - ok
08:58:35.0640 3840 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
08:58:35.0640 3840 PlugPlay - ok
08:58:35.0656 3840 [ 205E1B699FD3F2F9B036EEA2EC30C620 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
08:58:35.0671 3840 PnkBstrA - ok
08:58:35.0671 3840 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
08:58:35.0671 3840 PolicyAgent - ok
08:58:35.0671 3840 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:58:35.0687 3840 PptpMiniport - ok
08:58:35.0703 3840 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
08:58:35.0703 3840 Processor - ok
08:58:35.0718 3840 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:58:35.0718 3840 ProtectedStorage - ok
08:58:35.0718 3840 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
08:58:35.0718 3840 PSched - ok
08:58:35.0750 3840 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:58:35.0750 3840 Ptilink - ok
08:58:35.0781 3840 [ 9A207CA02F1395E06B953C228458E7B8 ] pwd_2k C:\WINDOWS\system32\drivers\pwd_2k.sys
08:58:35.0781 3840 pwd_2k - ok
08:58:35.0796 3840 ql1080 - ok
08:58:35.0796 3840 Ql10wnt - ok
08:58:35.0812 3840 ql12160 - ok
08:58:35.0828 3840 ql1240 - ok
08:58:35.0828 3840 ql1280 - ok
08:58:35.0843 3840 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:58:35.0843 3840 RasAcd - ok
08:58:35.0875 3840 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
08:58:35.0875 3840 RasAuto - ok
08:58:35.0890 3840 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:58:35.0890 3840 Rasl2tp - ok
08:58:35.0937 3840 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
08:58:35.0937 3840 RasMan - ok
08:58:35.0937 3840 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:58:35.0937 3840 RasPppoe - ok
08:58:35.0953 3840 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
08:58:35.0953 3840 Raspti - ok
08:58:35.0968 3840 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:58:35.0968 3840 Rdbss - ok
08:58:35.0984 3840 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:58:35.0984 3840 RDPCDD - ok
08:58:36.0000 3840 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:58:36.0000 3840 rdpdr - ok
08:58:36.0046 3840 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
08:58:36.0062 3840 RDPWD - ok
08:58:36.0109 3840 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
08:58:36.0109 3840 RDSessMgr - ok
08:58:36.0156 3840 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
08:58:36.0156 3840 redbook - ok
08:58:36.0203 3840 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
08:58:36.0203 3840 RemoteAccess - ok
08:58:36.0218 3840 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
08:58:36.0234 3840 RemoteRegistry - ok
08:58:36.0265 3840 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
08:58:36.0265 3840 RpcLocator - ok
08:58:36.0296 3840 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
08:58:36.0296 3840 RpcSs - ok
08:58:36.0328 3840 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
08:58:36.0328 3840 RSVP - ok
08:58:36.0359 3840 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
08:58:36.0359 3840 SamSs - ok
08:58:36.0421 3840 [ F6321D6505EBDD699F7DBBEB996127C8 ] SATARaid5 Config Service C:\Program Files\Silicon Image\3114-W-I32-R SATARAID5\SATARaid5ConfigService.exe
08:58:36.0421 3840 SATARaid5 Config Service - ok
08:58:36.0421 3840 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
08:58:36.0437 3840 SCardSvr - ok
08:58:36.0468 3840 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
08:58:36.0468 3840 Schedule - ok
08:58:36.0531 3840 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:58:36.0531 3840 Secdrv - ok
08:58:36.0578 3840 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
08:58:36.0578 3840 seclogon - ok
08:58:36.0593 3840 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
08:58:36.0593 3840 SENS - ok
08:58:36.0625 3840 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
08:58:36.0625 3840 serenum - ok
08:58:36.0640 3840 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
08:58:36.0640 3840 Serial - ok
08:58:36.0671 3840 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
08:58:36.0671 3840 Sfloppy - ok
08:58:36.0671 3840 sfrem01 - ok
08:58:36.0718 3840 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
08:58:36.0734 3840 SharedAccess - ok
08:58:36.0734 3840 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:58:36.0734 3840 ShellHWDetection - ok
08:58:36.0796 3840 [ 09889D435EDC82435B18C7C311FE5721 ] Si3114r5 C:\WINDOWS\system32\DRIVERS\Si3114r5.sys
08:58:36.0796 3840 Si3114r5 - ok
08:58:36.0843 3840 [ 46B92189FE4DB53A09E3A0099AA3084C ] SiFilter C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
08:58:36.0843 3840 SiFilter - ok
08:58:36.0843 3840 Simbad - ok
08:58:36.0859 3840 [ B688378D258D1ECCE4768CDB55D48D92 ] SiRemFil C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
08:58:36.0859 3840 SiRemFil - ok
08:58:36.0875 3840 slee_81_service - ok
08:58:36.0921 3840 [ 767C4DD428DFA9AA7BAB823A0DD45A12 ] SndTAudio C:\WINDOWS\system32\drivers\SndTAudio.sys
08:58:36.0921 3840 SndTAudio - ok
08:58:36.0937 3840 [ E76F067592DCC98D2F51FA85B7757B3A ] SndTVideo C:\WINDOWS\system32\DRIVERS\SndTVideo.sys
08:58:36.0937 3840 SndTVideo - ok
08:58:36.0953 3840 Sparrow - ok
08:58:36.0968 3840 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
08:58:36.0968 3840 splitter - ok
08:58:37.0000 3840 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
08:58:37.0015 3840 Spooler - ok
08:58:37.0031 3840 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
08:58:37.0031 3840 sr - ok
08:58:37.0078 3840 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
08:58:37.0078 3840 srservice - ok
08:58:37.0109 3840 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
08:58:37.0109 3840 Srv - ok
08:58:37.0140 3840 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
08:58:37.0140 3840 SSDPSRV - ok
08:58:37.0171 3840 [ 359FEE084F1173FFFFD7F9CCBD43D47F ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
08:58:37.0187 3840 ssudmdm - ok
08:58:37.0234 3840 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
08:58:37.0234 3840 stisvc - ok
08:58:37.0234 3840 STSService - ok
08:58:37.0265 3840 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
08:58:37.0265 3840 swenum - ok
08:58:37.0281 3840 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
08:58:37.0281 3840 swmidi - ok
08:58:37.0281 3840 SwPrv - ok
08:58:37.0296 3840 symc810 - ok
08:58:37.0296 3840 symc8xx - ok
08:58:37.0312 3840 sym_hi - ok
08:58:37.0312 3840 sym_u3 - ok
08:58:37.0312 3840 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
08:58:37.0328 3840 sysaudio - ok
08:58:37.0359 3840 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
08:58:37.0359 3840 SysmonLog - ok
08:58:37.0375 3840 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Tablet2k C:\WINDOWS\system32\irmon.dll
08:58:37.0390 3840 Tablet2k - ok
08:58:37.0406 3840 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
08:58:37.0421 3840 TapiSrv - ok
08:58:37.0437 3840 tclondrv - ok
08:58:37.0515 3840 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:58:37.0515 3840 Tcpip - ok
08:58:37.0546 3840 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
08:58:37.0546 3840 TDPIPE - ok
08:58:37.0578 3840 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
08:58:37.0578 3840 TDTCP - ok
08:58:37.0609 3840 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
08:58:37.0609 3840 TermDD - ok
08:58:37.0625 3840 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
08:58:37.0640 3840 TermService - ok
08:58:37.0656 3840 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
08:58:37.0671 3840 Themes - ok
08:58:37.0718 3840 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
08:58:37.0718 3840 TlntSvr - ok
08:58:37.0718 3840 TosIde - ok
08:58:37.0718 3840 tos_sps32 - ok
08:58:37.0750 3840 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
08:58:37.0750 3840 TrkWks - ok
08:58:37.0796 3840 [ F9E26676E818A7C5CD8F1517B67268D9 ] UdfReadr_xp C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
08:58:37.0796 3840 UdfReadr_xp - ok
08:58:37.0812 3840 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
08:58:37.0812 3840 Udfs - ok
08:58:37.0812 3840 ultra - ok
08:58:37.0843 3840 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
08:58:37.0859 3840 Update - ok
08:58:37.0906 3840 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
08:58:37.0906 3840 upnphost - ok
08:58:37.0937 3840 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
08:58:37.0937 3840 UPS - ok
08:58:37.0968 3840 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
08:58:37.0984 3840 USBAAPL - ok
08:58:38.0015 3840 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
08:58:38.0015 3840 usbaudio - ok
08:58:38.0062 3840 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:58:38.0062 3840 usbccgp - ok
08:58:38.0093 3840 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:58:38.0093 3840 usbehci - ok
08:58:38.0093 3840 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:58:38.0093 3840 usbhub - ok
08:58:38.0109 3840 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:58:38.0109 3840 usbohci - ok
08:58:38.0140 3840 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:58:38.0140 3840 usbprint - ok
08:58:38.0171 3840 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:58:38.0171 3840 usbscan - ok
08:58:38.0203 3840 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:58:38.0203 3840 USBSTOR - ok
08:58:38.0218 3840 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
08:58:38.0218 3840 usb_rndisx - ok
08:58:38.0250 3840 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
08:58:38.0250 3840 VgaSave - ok
08:58:38.0250 3840 ViaIde - ok
08:58:38.0281 3840 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
08:58:38.0281 3840 VolSnap - ok
08:58:38.0328 3840 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
08:58:38.0328 3840 VSS - ok
08:58:38.0359 3840 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
08:58:38.0359 3840 W32Time - ok
08:58:38.0390 3840 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:58:38.0390 3840 Wanarp - ok
08:58:38.0437 3840 [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
08:58:38.0437 3840 wceusbsh - ok
08:58:38.0468 3840 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
08:58:38.0484 3840 Wdf01000 - ok
08:58:38.0484 3840 WDICA - ok
08:58:38.0500 3840 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
08:58:38.0500 3840 wdmaud - ok
08:58:38.0531 3840 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
08:58:38.0531 3840 WebClient - ok
08:58:38.0640 3840 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
08:58:38.0640 3840 winmgmt - ok
08:58:38.0687 3840 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
08:58:38.0687 3840 WinUSB - ok
08:58:38.0734 3840 [ 5D410936831F7FB58EFF941EAC3F6D3D ] WmBEnum C:\WINDOWS\system32\drivers\WmBEnum.sys
08:58:38.0734 3840 WmBEnum - ok
08:58:38.0765 3840 [ 668056D5C3C11AB7D266819A96B964E8 ] WMDM PMSP Service C:\WINDOWS\system32\MsPMSPSv.exe
08:58:38.0765 3840 WMDM PMSP Service - ok
08:58:38.0796 3840 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
08:58:38.0796 3840 WmdmPmSN - ok
08:58:38.0828 3840 [ 7A13CFDE92956CA61A0927D766C5AD4F ] WmFilter C:\WINDOWS\system32\drivers\WmFilter.sys
08:58:38.0828 3840 WmFilter - ok
08:58:38.0859 3840 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
08:58:38.0875 3840 Wmi - ok
08:58:38.0937 3840 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:58:38.0937 3840 WmiApSrv - ok
08:58:39.0046 3840 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
08:58:39.0062 3840 WMPNetworkSvc - ok
08:58:39.0078 3840 [ 6F04646BC690F8BBFC344BE32A60796D ] WmVirHid C:\WINDOWS\system32\drivers\WmVirHid.sys
08:58:39.0078 3840 WmVirHid - ok
08:58:39.0109 3840 [ 1D6CA43D562333F4DFB40BCEF2453F3A ] WmXlCore C:\WINDOWS\system32\drivers\WmXlCore.sys
08:58:39.0109 3840 WmXlCore - ok
08:58:39.0218 3840 [ 017695393AFFFED8DE58ABD1B085BE6D ] WMZuneComm c:\Program Files\Zune\WMZuneComm.exe
08:58:39.0234 3840 WMZuneComm - ok
08:58:39.0250 3840 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
08:58:39.0250 3840 WpdUsb - ok
08:58:39.0343 3840 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:58:39.0359 3840 WPFFontCache_v0400 - ok
08:58:39.0390 3840 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:58:39.0390 3840 WS2IFSL - ok
08:58:39.0421 3840 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(1) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
08:58:39.0421 3840 WsAudio_DeviceS(1) - ok
08:58:39.0437 3840 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(2) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
08:58:39.0437 3840 WsAudio_DeviceS(2) - ok
08:58:39.0468 3840 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(3) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
08:58:39.0468 3840 WsAudio_DeviceS(3) - ok
08:58:39.0484 3840 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(4) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
08:58:39.0484 3840 WsAudio_DeviceS(4) - ok
08:58:39.0515 3840 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(5) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
08:58:39.0515 3840 WsAudio_DeviceS(5) - ok
08:58:39.0578 3840 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
08:58:39.0578 3840 wuauserv - ok
08:58:39.0609 3840 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:58:39.0609 3840 WudfPf - ok
08:58:39.0656 3840 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:58:39.0656 3840 WudfRd - ok
08:58:39.0687 3840 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
08:58:39.0703 3840 WudfSvc - ok
08:58:39.0750 3840 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
08:58:39.0765 3840 WZCSVC - ok
08:58:39.0796 3840 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
08:58:39.0875 3840 xmlprov - ok
08:58:39.0906 3840 [ 87F126D0F8DC176B282924DF0417075E ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
08:58:39.0906 3840 yukonwxp - ok
08:58:39.0953 3840 [ AE279CD76B38FC079EEC3CA6D65A5926 ] zumbus C:\WINDOWS\system32\DRIVERS\zumbus.sys
08:58:39.0953 3840 zumbus - ok
08:58:39.0984 3840 [ 37F339B64F19E2775284ED7161B96683 ] ZuneBusEnum c:\Program Files\Zune\ZuneBusEnum.exe
08:58:39.0984 3840 ZuneBusEnum - ok
08:58:40.0156 3840 [ 1076DF9ADE4E13EA3BF39D2165AEB903 ] ZuneNetworkSvc c:\Program Files\Zune\ZuneNss.exe
08:58:40.0343 3840 ZuneNetworkSvc - ok
08:58:40.0390 3840 [ DE1CDB333A402B279F04D627122FA08E ] ZuneWlanCfgSvc c:\Program Files\Zune\ZuneWlanCfgSvc.exe
08:58:40.0406 3840 ZuneWlanCfgSvc - ok
08:58:40.0421 3840 ================ Scan global ===============================
08:58:40.0468 3840 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
08:58:40.0515 3840 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:58:40.0531 3840 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:58:40.0546 3840 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
08:58:40.0546 3840 [Global] - ok
08:58:40.0546 3840 ================ Scan MBR ==================================
08:58:40.0562 3840 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
08:58:40.0671 3840 \Device\Harddisk0\DR0 - ok
08:58:40.0671 3840 ================ Scan VBR ==================================
08:58:40.0671 3840 [ 77AE9106F6D0FB437FD7B2E08BEAB8B8 ] \Device\Harddisk0\DR0\Partition1
08:58:40.0671 3840 \Device\Harddisk0\DR0\Partition1 - ok
08:58:40.0671 3840 ============================================================
08:58:40.0671 3840 Scan finished
08:58:40.0671 3840 ============================================================
08:58:40.0687 3832 Detected object count: 0
08:58:40.0687 3832 Actual detected object count: 0
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: malware help 2

Unread postby geniusless » March 8th, 2013, 1:10 pm

OTL logfile created on: 3/8/2013 9:03:22 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\jason seymer\Desktop\here we go
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.75% Memory free
3.85 Gb Paging File | 3.54 Gb Available in Paging File | 91.89% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 32.06 Gb Free Space | 21.51% Space Free | Partition Type: NTFS
Drive D: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JASON | User Name: jason seymer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/08 09:02:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jason seymer\Desktop\here we go\OTL.exe
PRC - [2013/02/28 15:08:21 | 001,274,832 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/02/11 18:51:50 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\jason seymer\Local Settings\Temp\Rar$EX01.641\TDSSKiller.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/17 13:43:46 | 000,084,480 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/28 15:08:19 | 000,459,728 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.152\ppgooglenaclpluginchrome.dll
MOD - [2013/02/28 15:08:16 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.152\pdf.dll
MOD - [2013/02/28 15:07:21 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.152\ffmpegsumo.dll
MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- \.\globalroot\C:\WINDOWS\system32\svchost.exe -- (viamraid)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\rdpdr.dll -- (tos_sps32)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\SoundTaxi Media Suite\STSService.exe -- (STSService)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\bb-run.dll -- (slee_81_service)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\DcPTP.dll -- (sfrem01)
SRV - File not found [Disabled | Stopped] -- -- (PLFlash DeviceIoControl Service)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService -- (nTuneService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\comsysapp.dll -- (avgarcln)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pdlnacom.dll -- (agnwifi)
SRV - [2013/03/07 14:40:26 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/03 17:08:49 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/02/09 20:10:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/09/27 11:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/08/05 12:29:56 | 000,057,056 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2005/10/05 17:19:00 | 000,131,072 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Silicon Image\3114-W-I32-R SATARAID5\SATARaid5ConfigService.exe -- (SATARaid5 Config Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\tclondrv.sys -- (tclondrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (LHidUsbK)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AntiLog32.sys -- (AntiLog32)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\AmdK8.sys -- (AmdK8)
DRV - [2013/02/18 09:22:18 | 000,124,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2012/09/26 20:57:12 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2012/09/19 20:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/09/19 20:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012/04/02 19:45:39 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2012/01/25 02:23:10 | 000,299,424 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2011/09/01 22:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/01 22:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/01 22:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/12/24 15:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV - [2010/12/24 15:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV - [2010/12/24 15:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV - [2010/12/24 15:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV - [2010/12/24 15:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV - [2010/09/29 10:34:50 | 000,335,064 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ladfSBVMi386.sys -- (LADF_SBVM)
DRV - [2010/09/29 10:34:48 | 000,053,976 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ladfDHP2i386.sys -- (LADF_DHP2)
DRV - [2010/05/05 20:29:18 | 001,178,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2010/05/05 20:29:10 | 000,095,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/05/05 20:29:02 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/05/05 20:28:54 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/05/05 20:24:44 | 000,130,136 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/05/05 20:24:34 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/05/05 20:24:24 | 000,526,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2010/05/05 20:24:14 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/05/05 20:24:04 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV - [2010/05/05 20:24:04 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2010/05/05 20:23:52 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV - [2010/05/05 20:23:52 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2010/05/05 20:23:46 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV - [2010/05/05 20:23:46 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2010/04/27 15:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010/04/27 15:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010/04/27 15:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010/04/27 13:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2010/04/13 06:47:26 | 000,005,688 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SndTVideo.sys -- (SndTVideo)
DRV - [2010/04/13 06:47:22 | 000,023,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2008/11/25 01:35:54 | 000,211,496 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Si3114r5.sys -- (Si3114r5)
DRV - [2008/11/25 01:35:54 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2008/11/25 01:35:54 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2008/09/24 09:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2008/08/01 18:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 18:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/07/23 10:56:58 | 000,042,624 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Alpham1.sys -- (Alpham1)
DRV - [2007/05/16 11:20:32 | 000,043,008 | ---- | M] (D-Link ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dlkfet5b.sys -- (FETNDISB)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/04/11 14:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 14:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 14:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/03/20 12:49:52 | 000,018,432 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Alpham2.sys -- (Alpham2)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/12/04 12:55:40 | 000,034,944 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Alpham.sys -- (Alpham)
DRV - [2005/08/18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2005/01/20 08:45:30 | 000,088,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2003/12/01 13:46:22 | 000,259,200 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2003/12/01 13:46:22 | 000,213,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/12/01 13:46:22 | 000,146,560 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2003/12/01 13:46:22 | 000,118,409 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2003/12/01 13:46:22 | 000,066,992 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2003/12/01 13:46:22 | 000,024,698 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2003/12/01 13:46:22 | 000,022,745 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/12/01 13:46:22 | 000,021,993 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [1999/09/10 11:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1202660629-1214440339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-1202660629-1214440339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKU\S-1-5-21-1202660629-1214440339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1202660629-1214440339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1202660629-1214440339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1202660629-1214440339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E C9 75 70 8E 08 CE 01 [binary data]
IE - HKU\S-1-5-21-1202660629-1214440339-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1202660629-1214440339-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1202660629-1214440339-839522115-1003\..\SearchScopes\{A73461AB-2D8B-40B3-870C-3823A3417B8C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADRA_enUS430
IE - HKU\S-1-5-21-1202660629-1214440339-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1202660629-1214440339-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2010/05/31 13:25:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jason seymer\Application Data\Mozilla\Extensions
[2009/03/01 03:30:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jason seymer\Application Data\Mozilla\Extensions\mozswing@mozswing.org

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\jason seymer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\jason seymer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\jason seymer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\jason seymer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/02/16 23:24:22 | 000,444,734 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15277 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1202660629-1214440339-839522115-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-1214440339-839522115-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-1214440339-839522115-1003\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-1214440339-839522115-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8398-26FADCF27386} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-1214440339-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-1214440339-839522115-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AntiLogger] "C:\Program Files\AntiLogger\AntiLogger.exe" /minimized File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-1214440339-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-1214440339-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O8 - Extra context menu item: Download all by RedTube Grabber - C:\Program Files\RedTubeGrabber\downall.htm File not found
O8 - Extra context menu item: Download by RedTube Grabber - Reg Error: Value error. File not found
O8 - Extra context menu item: Download by YouTube Robot - C:\Program Files\RedTubeGrabber\downlink.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.33.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6169ED15-02B6-402A-8C9E-92A9925076EC}: DhcpNameServer = 192.168.1.1 184.16.33.54
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1202660629-1214440339-839522115-1003 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\jason seymer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jason seymer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/02/08 20:51:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/15 16:53:55 | 000,000,142 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{249ae55d-fd53-11de-8ac5-001109d0c509}\Shell\AutoRun\command - "" = G:\InstallSeagateManager.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/08 08:55:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2013/03/08 08:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/03/08 08:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/03/07 14:40:21 | 015,846,768 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/03/07 14:26:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jason seymer\Desktop\here we go
[2013/02/26 11:02:48 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco32.dll
[2013/02/26 11:02:16 | 006,066,176 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll
[2013/02/24 18:33:36 | 000,405,504 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\CapabilityTable.exe
[2013/02/24 18:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NVIDIA Corporation
[2013/02/24 18:33:04 | 000,446,464 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvunrm.exe
[2013/02/24 18:33:00 | 000,176,128 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvusmb.exe
[2013/02/20 21:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/02/20 21:06:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/02/20 17:36:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jason seymer\Local Settings\Application Data\Avg2013
[2013/02/19 12:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jason seymer\Local Settings\Application Data\Zemana
[2013/02/19 12:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\AntiLogger
[2013/02/19 11:23:45 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/02/18 21:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jason seymer\Application Data\IsolatedStorage
[2013/02/18 21:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2013/02/18 21:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jason seymer\Local Settings\Application Data\_
[2013/02/18 18:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2013/02/18 09:22:18 | 000,884,072 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvhdagenco3220103.dll
[2013/02/16 22:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2013/02/16 22:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/08 08:54:28 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\jason seymer\Desktop\ERUNT.lnk
[2013/03/08 08:48:38 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/08 08:48:34 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/08 08:48:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/08 00:54:14 | 000,054,928 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000005-00211102}.rfx
[2013/03/08 00:54:14 | 000,054,928 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000008-00001102-00000005-00211102}.rfx
[2013/03/08 00:54:14 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000008-00001102-00000005-00211102}.rfx
[2013/03/08 00:40:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/08 00:35:01 | 000,000,224 | RHS- | M] () -- C:\boot.ini
[2013/03/08 00:15:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/07 20:21:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2013/03/07 17:01:59 | 000,000,092 | ---- | M] () -- C:\WINDOWS\System32\everest_cpl.ini
[2013/03/07 15:00:46 | 001,076,156 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/03/07 15:00:46 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/03/07 15:00:42 | 001,076,156 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/03/07 15:00:23 | 000,484,566 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/07 15:00:23 | 000,080,580 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/07 14:40:25 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/07 14:40:24 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/07 14:40:21 | 015,846,768 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/03/07 14:21:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2013/03/03 21:36:48 | 000,000,323 | ---- | M] () -- C:\Documents and Settings\jason seymer\My Documents\pmstudio.cfg
[2013/03/03 21:04:03 | 000,115,712 | ---- | M] () -- C:\Documents and Settings\jason seymer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/03 19:52:01 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/02/26 11:02:48 | 000,892,704 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco32.dll
[2013/02/26 11:02:46 | 010,714,912 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2013/02/26 11:02:46 | 001,985,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2013/02/26 11:02:44 | 019,570,688 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2013/02/26 11:02:42 | 002,725,152 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2013/02/26 11:02:42 | 002,450,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2013/02/26 11:02:42 | 002,284,064 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data
[2013/02/26 11:02:40 | 004,154,880 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2013/02/26 11:02:38 | 017,551,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2013/02/26 11:02:38 | 000,016,032 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2013/02/26 11:02:18 | 007,716,864 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2013/02/26 11:02:16 | 006,066,176 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll
[2013/02/26 11:02:14 | 001,017,120 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
[2013/02/25 02:21:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2013/02/24 20:19:44 | 087,673,290 | ---- | M] () -- C:\Documents and Settings\jason seymer\Desktop\emily's phone stuff.zip
[2013/02/24 18:35:55 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013/02/23 08:21:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2013/02/22 00:53:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/02/20 21:10:47 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/02/19 12:23:18 | 000,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/18 18:52:52 | 000,122,194 | ---- | M] () -- C:\Documents and Settings\jason seymer\Desktop\ofview_setup.exe
[2013/02/18 09:22:18 | 000,884,072 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvhdagenco3220103.dll
[2013/02/18 09:22:18 | 000,124,264 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvhda32.sys
[2013/02/18 09:22:18 | 000,028,008 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvhdap32.dll
[2013/02/16 23:36:09 | 000,000,205 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/02/16 23:24:22 | 000,444,734 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/02/09 19:59:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/08 08:54:28 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\jason seymer\Desktop\ERUNT.lnk
[2013/03/07 14:59:29 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2013/03/03 19:27:59 | 000,605,874 | ---- | C] () -- C:\Documents and Settings\jason seymer\Desktop\butch3.bmp
[2013/02/24 19:48:55 | 087,673,290 | ---- | C] () -- C:\Documents and Settings\jason seymer\Desktop\emily's phone stuff.zip
[2013/02/24 18:35:55 | 000,001,024 | ---- | C] () -- C:\.rnd
[2013/02/24 18:33:04 | 000,006,045 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2013/02/24 18:33:00 | 000,001,231 | ---- | C] () -- C:\WINDOWS\System32\nvsmb.nvu
[2013/02/18 18:52:50 | 000,122,194 | ---- | C] () -- C:\Documents and Settings\jason seymer\Desktop\ofview_setup.exe
[2013/02/16 23:10:05 | 000,000,205 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/11/29 11:53:58 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/11/04 20:59:05 | 000,572,118 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1202660629-1214440339-839522115-1003-0.dat
[2012/11/04 20:59:05 | 000,298,550 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/09/26 20:57:16 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012/09/26 20:57:14 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012/09/26 20:57:14 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012/09/26 20:57:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012/09/26 20:57:14 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012/08/31 23:51:26 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\jason seymer\Local Settings\Application Data\dt.dat
[2012/08/31 11:35:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jason seymer\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[2012/08/29 16:59:15 | 000,075,096 | ---- | C] () -- C:\WINDOWS\System32\LADFCoinst_i386.dll
[2012/07/20 15:54:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/09 13:57:00 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\jason seymer\Local Settings\Application Data\WebpageIcons.db
[2012/02/09 20:05:34 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/02/09 20:04:57 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012/02/09 20:04:56 | 000,794,408 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2012/02/09 20:04:56 | 000,076,888 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012/02/03 21:11:14 | 001,076,156 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/02/03 21:11:14 | 001,076,156 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/02/03 21:11:14 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/02/03 21:11:12 | 002,284,064 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/01/18 10:49:41 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\jason seymer\g2mdlhlpx.exe
[2011/11/20 17:58:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jason seymer\Application Data\5c4a2449
[2011/10/21 18:48:46 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\jason seymer\Application Data\4befac4c
[2011/10/21 18:14:07 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\jason seymer\Application Data\ab3253b3
[2011/01/22 16:36:51 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/09/18 19:30:40 | 000,038,479 | ---- | C] () -- C:\Documents and Settings\jason seymer\Application Data\Comma Separated Values (DOS).ADR
[2009/07/17 09:55:36 | 000,300,848 | ---- | C] ( ) -- C:\Documents and Settings\All Users\dcmsvcsetup.exe
[2009/07/17 09:55:34 | 000,009,960 | ---- | C] () -- C:\Documents and Settings\All Users\invokesi.exe
[2008/10/22 09:05:04 | 000,000,518 | ---- | C] () -- C:\Documents and Settings\jason seymer\Application Data\EventStore.xml
[2008/10/22 09:05:04 | 000,000,475 | ---- | C] () -- C:\Documents and Settings\jason seymer\Application Data\CampaignStore.xml
[2008/10/22 09:05:04 | 000,000,471 | ---- | C] () -- C:\Documents and Settings\jason seymer\Application Data\UpdateStore.xml
[2008/10/17 23:59:53 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\jason seymer\Application Data\SoftwarePackageStore.xml
[2008/10/17 23:59:53 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\jason seymer\Application Data\ConfigurationStore.xml
[2008/10/17 23:59:51 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SharedProperties.xml
[2008/06/28 23:32:52 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\jason seymer\.rnd
[2008/04/13 13:10:50 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\jason seymer\Application Data\PnkBstrK.sys
[2007/10/14 19:37:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jason seymer\ping
[2007/10/09 20:31:10 | 000,000,406 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2007/06/13 20:59:09 | 000,003,345 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/06/13 03:25:53 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\jason seymer\default.pls
[2007/04/26 10:38:54 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\jason seymer\Application Data\$_hpcst$.hpc
[2007/03/01 00:29:48 | 000,000,010 | -H-- | C] () -- C:\Documents and Settings\jason seymer\Application Data\PD+Rescue_Time
[2007/02/28 07:38:44 | 000,115,712 | ---- | C] () -- C:\Documents and Settings\jason seymer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2007/02/22 00:49:47 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 16:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/17 20:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/07/21 21:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activision
[2013/03/07 13:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/08/31 22:18:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/03/17 13:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Manager
[2013/01/07 15:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012/07/21 20:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gibraltar
[2012/01/27 12:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
[2013/02/18 21:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2013/02/20 17:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/11/30 11:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2012/04/04 18:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2012/11/04 18:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/01/22 19:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/01 18:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneClone
[2009/03/25 22:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/12/17 10:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/30 19:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2009/08/20 15:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/10/13 11:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2007/07/11 23:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jason seymer\Application Data\allTunes
[2010/03/07 02:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jason seymer\Application Data\Amazon
[2011/01/22 16:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jason seymer\Application Data\AnvSoft
[2012/11/28 19:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jason seymer\Application Data\BANDISOFT
[2012/03/17 20:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jason seymer\Application Data\BitTorrent
[2011/01/22 20:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jason seymer\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2010/08/14 14:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jason seymer\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2007/12/15 00:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jason seymer\Application Data\gslist
[2007/02/22 00:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jason seymer\Application Data\Ideazon
[2007/04/05 01:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jason seymer\Application Data\InterTrust
[2007/03/04 17:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jason seymer\Application Data\iPod2PC3
[2013/02/18 21:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jason seymer\Application Data\IsolatedStorage
[2007/02/10 10:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jason seymer\Application Data\Leadertech
[2010/01/01 20:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jason seymer\Application Data\LimeWire
[2012/11/15 19:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jason seymer\Application Data\Origin
[2012/04/04 18:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jason seymer\Application Data\PCPro
[2010/03/07 02:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jason seymer\Application Data\Reg Tool
[2013/01/12 06:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jason seymer\Application Data\Samsung
[2008/10/18 00:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jason seymer\Application Data\SoftwareDetectionScripts
[2012/07/21 20:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jason seymer\Application Data\Stardock
[2012/09/26 11:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jason seymer\Application Data\TuneUp Software
[2012/03/17 13:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jason seymer\Application Data\Uniblue

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB40910$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 451 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B174FAE
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B61A2D1

< End of report >
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: malware help 2

Unread postby geniusless » March 8th, 2013, 1:13 pm

OTL Extras logfile created on: 3/8/2013 9:03:22 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\jason seymer\Desktop\here we go
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.75% Memory free
3.85 Gb Paging File | 3.54 Gb Available in Paging File | 91.89% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 32.06 Gb Free Space | 21.51% Space Free | Partition Type: NTFS
Drive D: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JASON | User Name: jason seymer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1202660629-1214440339-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSI\i-Speeder\i-Speeder.exe" = C:\Program Files\MSI\i-Speeder\i-Speeder.exe:*:Enabled:i-Speeder
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Origin Games\Battlefield 1942\BF1942.exe" = C:\Program Files\Origin Games\Battlefield 1942\BF1942.exe:*:Enabled:Battlefield 1942™ -- ()
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Disabled:DNA
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Disabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Disabled:WebKit -- (Apple Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Disabled:Xfire
"C:\Program Files\The All-Seeing Eye\eye.exe" = C:\Program Files\The All-Seeing Eye\eye.exe:*:Disabled:Yahoo! All-Seeing Eye


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster for Battlefield 1942
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{461E1742-51DC-459B-9D30-A432573AC6AA}" = 3114-W-I32-R SATARAID5
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}" = Easy CD & DVD Creator 6
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{59279982-86E2-4C2A-8060-A3E77575CD8B}" = Logitech G35
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{60D32CDC-E3BE-4578-BA10-29322307CDDC}" = Logitech Gaming Software 5.10
"{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}" = Z Engine
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}" = Microsoft Visual C++ 2005 Express Edition - ENU
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF79156F-2C18-4C83-8800-FC7460A1E204}" = D-Link DFE530TX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C71A1FD7-EB23-45AA-A9AA-8DFEC0881875}" = 530TX+
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster for Battlefield Vietnam
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{E2890BD4-14BB-4C5D-8944-E2A23FF8B173}" = DFE-530TX Driver
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AudioCS" = Creative Audio Control Panel
"Cablenut" = Cablenut 4.08
"Call of Duty 4 - Modern Warfare" = Call of Duty 4 - Modern Warfare
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DesertCombat" = DesertCombat 0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{BF79156F-2C18-4C83-8800-FC7460A1E204}" = D-Link DFE530TX
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{C71A1FD7-EB23-45AA-A9AA-8DFEC0881875}" = 530TX+
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"LimeWire" = LimeWire 5.2.13
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual C++ 2005 Express Edition - ENU" = Microsoft Visual C++ 2005 Express Edition - ENU
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Silent Package Run-Time Sample" = ESPR320 Reference Guide
"sp6" = Logitech SetPoint 6.32
"ULTIMATER" = Microsoft Office Ultimate 2007
"VN_VUIns_Rhine_D-Link" = D-Link PCI Fast Ethernet Adapter
"WaveStudio 7" = Creative WaveStudio 7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Zune" = Zune

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/8/2013 2:33:17 AM | Computer Name = JASON | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/8/2013 2:33:17 AM | Computer Name = JASON | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/8/2013 4:06:17 AM | Computer Name = JASON | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/8/2013 4:06:17 AM | Computer Name = JASON | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/8/2013 4:26:17 AM | Computer Name = JASON | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/8/2013 4:26:17 AM | Computer Name = JASON | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/8/2013 12:48:14 PM | Computer Name = JASON | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/8/2013 12:48:14 PM | Computer Name = JASON | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/8/2013 12:48:29 PM | Computer Name = JASON | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/8/2013 12:48:29 PM | Computer Name = JASON | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ OSession Events ]
Error - 10/11/2010 8:00:15 PM | Computer Name = JASON | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5655
seconds with 2160 seconds of active time. This session ended with a crash.

Error - 11/10/2010 5:22:09 PM | Computer Name = JASON | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 825
seconds with 60 seconds of active time. This session ended with a crash.

Error - 2/5/2011 10:21:50 PM | Computer Name = JASON | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 102
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/6/2011 4:55:43 PM | Computer Name = JASON | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5985
seconds with 240 seconds of active time. This session ended with a crash.

Error - 5/17/2012 8:02:07 PM | Computer Name = JASON | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4128
seconds with 780 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/7/2013 11:22:00 PM | Computer Name = JASON | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 3/8/2013 4:13:58 AM | Computer Name = JASON | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/8/2013 4:23:53 AM | Computer Name = JASON | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}

Error - 3/8/2013 4:23:55 AM | Computer Name = JASON | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}

Error - 3/8/2013 4:23:57 AM | Computer Name = JASON | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}

Error - 3/8/2013 4:34:56 AM | Computer Name = JASON | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service helpsvc with
arguments "" in order to run the server: {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}

Error - 3/8/2013 12:48:49 PM | Computer Name = JASON | Source = Service Control Manager | ID = 7023
Description = The Msfwsvc service terminated with the following error: %%2

Error - 3/8/2013 12:48:49 PM | Computer Name = JASON | Source = Service Control Manager | ID = 7023
Description = The Rt2500usb service terminated with the following error: %%2

Error - 3/8/2013 12:48:49 PM | Computer Name = JASON | Source = Service Control Manager | ID = 7023
Description = The Ql2100 service terminated with the following error: %%2

Error - 3/8/2013 12:48:49 PM | Computer Name = JASON | Source = Service Control Manager | ID = 7023
Description = The SSHNAS service terminated with the following error: %%2


< End of report >
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: malware help 2

Unread postby Gary R » March 8th, 2013, 6:53 pm

I don't see any signs of an Anti-Virus program on your computer, what if any Anti-Virus are you using ?

If you do not have one installed, do not try to install one at this time, just let me know, then try to stay offline as much as possible until we've sorted your problems out.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: malware help 2

Unread postby geniusless » March 8th, 2013, 8:16 pm

Correct, none at the moment, removed it too see if the "new services" would disappear before we got started. Anticipating your wisdom :)
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: malware help 2

Unread postby Gary R » March 9th, 2013, 2:56 am

Please go to Control Panel > Add/Remove Programs and Uninstall the following:

LimeWire 5.2.13


Use of P2P programs is the quickest way to get an infection that I know.

Reboot your computer once it's uninstalled

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
SRV - File not found [Disabled | Stopped] -- \.\globalroot\C:\WINDOWS\system32\svchost.exe -- (viamraid)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\rdpdr.dll -- (tos_sps32)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\SoundTaxi Media Suite\STSService.exe -- (STSService)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\bb-run.dll -- (slee_81_service)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\DcPTP.dll -- (sfrem01)
SRV - File not found [Disabled | Stopped] -- -- (PLFlash DeviceIoControl Service)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\comsysapp.dll -- (avgarcln)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pdlnacom.dll -- (agnwifi)
S4 STSService;STSService;"c:\program files\soundtaxi media suite\stsservice.exe" --> c:\program files\soundtaxi media suite\STSService.exe [?]
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\tclondrv.sys -- (tclondrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (LHidUsbK)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AntiLog32.sys -- (AntiLog32)
O3 - HKU\S-1-5-21-1202660629-1214440339-839522115-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-1214440339-839522115-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-1214440339-839522115-1003\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-1214440339-839522115-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8398-26FADCF27386} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-1214440339-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-1214440339-839522115-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AntiLogger] "C:\Program Files\AntiLogger\AntiLogger.exe" /minimized File not found
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O33 - MountPoints2\{249ae55d-fd53-11de-8ac5-001109d0c509}\Shell\AutoRun\command - "" = G:\InstallSeagateManager.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2013/02/20 21:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/02/20 21:06:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/02/20 17:36:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jason seymer\Local Settings\Application Data\Avg2013
[2013/02/19 12:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\AntiLogger
[2013/02/16 22:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2013/02/16 22:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/03/07 20:21:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2013/03/07 14:21:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2013/02/25 02:21:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011/11/20 17:58:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jason seymer\Application Data\5c4a2449
[2011/10/21 18:48:46 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\jason seymer\Application Data\4befac4c
[2011/10/21 18:14:07 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\jason seymer\Application Data\ab3253b3
[2012/03/17 20:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jason seymer\Application Data\BitTorrent
[2010/01/01 20:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jason seymer\Application Data\LimeWire
@Alternate Data Stream - 451 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B174FAE
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B61A2D1

:Files
ipconfig /flushdns /c
C:\Program Files\LimeWire
C:\Program Files\AVG
C:\Program Files\BitTorrent
C:\Program Files\DNA

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe"=-
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"=-
"C:\Program Files\AVG\AVG2013\avgmfapx.exe"=-
"C:\Program Files\BitTorrent\bittorrent.exe"=-
"C:\Program Files\DNA\btdna.exe"=-

:Commands
[emptytemp]
[resethosts]
[createrestorepoint]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • OTL fix log
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: malware help 2

Unread postby geniusless » March 9th, 2013, 3:21 am

Limewire gone.



All processes killed
========== OTL ==========
Service viamraid stopped successfully!
Service viamraid deleted successfully!
File \.\globalroot\C:\WINDOWS\system32\svchost.exe not found.
Service tos_sps32 stopped successfully!
Service tos_sps32 deleted successfully!
File %systemroot%\system32\rdpdr.dll not found.
Service STSService stopped successfully!
Service STSService deleted successfully!
File C:\Program Files\SoundTaxi Media Suite\STSService.exe not found.
Service slee_81_service stopped successfully!
Service slee_81_service deleted successfully!
File %systemroot%\system32\bb-run.dll not found.
Service sfrem01 stopped successfully!
Service sfrem01 deleted successfully!
File %systemroot%\system32\DcPTP.dll not found.
Service PLFlash DeviceIoControl Service stopped successfully!
Service PLFlash DeviceIoControl Service deleted successfully!
Service avgarcln stopped successfully!
Service avgarcln deleted successfully!
File %systemroot%\system32\comsysapp.dll not found.
Service agnwifi stopped successfully!
Service agnwifi deleted successfully!
File %systemroot%\system32\pdlnacom.dll not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service tclondrv stopped successfully!
Service tclondrv deleted successfully!
File system32\DRIVERS\tclondrv.sys not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service PCASp50 stopped successfully!
Service PCASp50 deleted successfully!
Service NTIOLib_1_0_4 stopped successfully!
Service NTIOLib_1_0_4 deleted successfully!
File C:\Program Files\MSI\Live Update 5\NTIOLib.sys not found.
Service MSI_MSIBIOS_010507 stopped successfully!
Service MSI_MSIBIOS_010507 deleted successfully!
File C:\Program Files\MSI\Live Update 5\msibios32_100507.sys not found.
Service MRENDIS5 stopped successfully!
Service MRENDIS5 deleted successfully!
Service MREMPR5 stopped successfully!
Service MREMPR5 deleted successfully!
Service LHidUsbK stopped successfully!
Service LHidUsbK deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service GMSIPCI stopped successfully!
Service GMSIPCI deleted successfully!
File D:\INSTALL\GMSIPCI.SYS not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
Service AntiLog32 stopped successfully!
Service AntiLog32 deleted successfully!
File C:\WINDOWS\system32\drivers\AntiLog32.sys not found.
Registry value HKEY_USERS\S-1-5-21-1202660629-1214440339-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-1202660629-1214440339-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1202660629-1214440339-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-21-1202660629-1214440339-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-8398-26FADCF27386} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-8398-26FADCF27386}\ not found.
Registry value HKEY_USERS\S-1-5-21-1202660629-1214440339-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-1202660629-1214440339-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AntiLogger deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_NT deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{249ae55d-fd53-11de-8ac5-001109d0c509}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{249ae55d-fd53-11de-8ac5-001109d0c509}\ not found.
File G:\InstallSeagateManager.exe not found.
C:\WINDOWS\003065_.tmp deleted successfully.
C:\WINDOWS\DUMP4323.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\OLD3.tmp deleted successfully.
C:\Program Files\AVAST Software\Avast\Setup folder moved successfully.
C:\Program Files\AVAST Software\Avast folder moved successfully.
C:\Program Files\AVAST Software folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVAST Software folder moved successfully.
C:\Documents and Settings\jason seymer\Local Settings\Application Data\Avg2013\log folder moved successfully.
C:\Documents and Settings\jason seymer\Local Settings\Application Data\Avg2013 folder moved successfully.
C:\Program Files\AntiLogger folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Quarantine folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Cleaning folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy folder moved successfully.
C:\Program Files\Spybot - Search & Destroy 2 folder moved successfully.
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job moved successfully.
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job moved successfully.
C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job moved successfully.
C:\Documents and Settings\jason seymer\Application Data\5c4a2449 moved successfully.
C:\Documents and Settings\jason seymer\Application Data\4befac4c moved successfully.
C:\Documents and Settings\jason seymer\Application Data\ab3253b3 moved successfully.
C:\Documents and Settings\jason seymer\Application Data\BitTorrent folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\xml\schemas folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\xml\misc folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\xml\data folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\xml folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\themes\windows_theme folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\themes\other_theme folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\themes\limewire_theme folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\themes\limewirePro_theme folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\themes\classic_theme folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\themes\black_theme folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\themes folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\promotion folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\mozilla-profile\updates\0 folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\mozilla-profile\updates folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\mozilla-profile\extensions folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\mozilla-profile\Cache folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\mozilla-profile folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\certificate folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\browser\xulrunner\res\html folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\browser\xulrunner\res\fonts folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\browser\xulrunner\res\entityTables folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\browser\xulrunner\res\dtd folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\browser\xulrunner\res folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\browser\xulrunner\plugins folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\browser\xulrunner\modules folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\browser\xulrunner\greprefs folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\browser\xulrunner\dictionaries folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\browser\xulrunner\defaults\profile\US folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\browser\xulrunner\defaults\profile folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\browser\xulrunner\defaults\pref folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\browser\xulrunner\defaults folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\browser\xulrunner\components folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\browser\xulrunner\chrome folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\browser\xulrunner folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\browser folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\.NetworkShare\Incomplete folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\.NetworkShare folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire\.AppSpecialShare folder moved successfully.
C:\Documents and Settings\jason seymer\Application Data\LimeWire folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B174FAE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1B61A2D1 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\jason seymer\Desktop\here we go\cmd.bat deleted successfully.
C:\Documents and Settings\jason seymer\Desktop\here we go\cmd.txt deleted successfully.
C:\Program Files\LimeWire folder moved successfully.
C:\Program Files\AVG\AVG2013\Drivers folder moved successfully.
C:\Program Files\AVG\AVG2013 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
File\Folder C:\Program Files\BitTorrent not found.
File\Folder C:\Program Files\DNA not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG2012\avgmfapx.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG2013\avgmfapx.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DNA\btdna.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 280332 bytes
->Temporary Internet Files folder emptied: 123210 bytes
->Google Chrome cache emptied: 9229889 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: jason seymer
->Temp folder emptied: 3368282 bytes
->Temporary Internet Files folder emptied: 10094023 bytes
->Java cache emptied: 57993670 bytes
->Google Chrome cache emptied: 6255779 bytes
->Apple Safari cache emptied: 17863680 bytes
->Flash cache emptied: 59121 bytes

User: LocalService
->Temp folder emptied: 69512 bytes
->Temporary Internet Files folder emptied: 195097461 bytes

User: NetworkService
->Temp folder emptied: 3496 bytes
->Temporary Internet Files folder emptied: 228911212 bytes

User: UpdatusUser
->Temp folder emptied: 3496 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1201 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 204205229 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 700.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 03082013_231422

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: malware help 2

Unread postby geniusless » March 9th, 2013, 4:55 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=7.00.6000.17117 (vista_gdr.121220-1459)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b76522c8d2d4ea44ba4f6273544496f4
# engine=13341
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-03-09 08:52:37
# local_time=2013-03-09 12:52:37 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=90592
# found=1
# cleaned=0
# scan_time=4861
sh=5BAFD51453714E4815F80C01DA03F9DEF0CDE8C9 ft=1 fh=5b92e1356f69874e vn="Win32/DownloadAdmin.E application" ac=I fn="C:\Documents and Settings\jason seymer\My Documents\dl programs\cbsidlm-tr1_8-Stars_3_Screensaver-SEO2-10406126.exe"
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: malware help 2

Unread postby Gary R » March 9th, 2013, 12:31 pm

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
C:\Documents and Settings\jason seymer\My Documents\dl programs\cbsidlm-tr1_8-Stars_3_Screensaver-SEO2-10406126.exe

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

How is your computer behaving now please ?

.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: malware help 2

Unread postby geniusless » March 9th, 2013, 3:22 pm

I will do various activities throughout the day, and report back tonight. But I will not be doing any Ebay, gmail, or other info sensitive activities... Only thing that isn't "happy" so far, pc doesn't shut down, screen goes black but the system is still running.


========== FILES ==========
C:\Documents and Settings\jason seymer\My Documents\dl programs\cbsidlm-tr1_8-Stars_3_Screensaver-SEO2-10406126.exe moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 03092013_111911
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: malware help 2

Unread postby Gary R » March 10th, 2013, 1:39 am

  • Download aswMBR.exe to your desktop.
  • Double click aswMBR.exe to run it
  • When prompted to download Avast click on No.
Image
  • Click the SCAN button to start the scan.
Image
  • On completion of the scan click SAVE LOG and save it to your desktop.
  • Post the log aswMBR.txt in your next reply please.
  • Also, please attach the file MBR.dat which is created in the same location as aswMBR is run from

Next

Download GMER to your Desktop. (It will have a randomly generated name, for example .... wjkl3ecz.exe)

  • Disconnect from the Internet, and close all running programmes.
  • There is a small chance this programme may crash your computer, so save any work you have open.
  • Double click on the randomly named GMER file (eg .... wjkl3ecz.exe) to launch GMER.
  • Let the gmer.sys driver load if asked.
  • If it gives you a warning at programme start about rootkit activity and asks if you want to run a scan ..... click OK.
  • If no warning:
    • Click Rootkit tab.
    • Ensure that All the boxes to the right of the program are checked except Show All.
    • Click Scan.
  • Do not use your computer while the scan is running.
  • Once scan is finished click Copy.
    • Click Start > Run then type Notepad.exe then click OK.
    • This will open a Notepad file.
    • Hit Ctrl+V to paste log into it.
    • Save the log to your Desktop.
  • Reconnect to internet and post the log please.

Summary of the logs I need from you in your next post:
  • aswMBR.txt
  • MBR.dat (attached to your post)
  • GMER log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: malware help 2

Unread postby geniusless » March 10th, 2013, 2:54 am

The MBR.dat "the extension dat is not allowed.", I get that if I try and attach it.

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-09 22:45:12
-----------------------------
22:45:12.625 OS Version: Windows 5.1.2600 Service Pack 3
22:45:12.625 Number of processors: 2 586 0x2302
22:45:12.625 ComputerName: JASON UserName:
22:45:13.171 Initialize success
22:45:34.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000007f
22:45:34.390 Disk 0 Vendor: NVIDIA__ Size: 152638MB BusType: 1
22:45:34.406 Disk 0 MBR read successfully
22:45:34.406 Disk 0 MBR scan
22:45:34.406 Disk 0 Windows XP default MBR code
22:45:34.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
22:45:34.406 Disk 0 scanning sectors +312576705
22:45:34.453 Disk 0 scanning C:\WINDOWS\system32\drivers
22:45:42.453 Service scanning
22:45:55.578 Modules scanning
22:46:01.781 Disk 0 trace - called modules:
22:46:01.796 ntkrnlpa.exe CLASSPNP.SYS disk.sys nvraid.sys hal.dll ACPI.sys nvatabus.sys
22:46:01.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aaeeab8]
22:46:01.796 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000007f[0x8ab3b690]
22:46:02.296 5 nvraid.sys[b7f1097c] -> nt!IofCallDriver -> \Device\0000007d[0x8ab6da38]
22:46:02.296 7 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\0000007b[0x8aaf8030]
22:46:02.296 Scan finished successfully
22:48:35.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jason seymer\Desktop\here we go\MBR.dat"
22:48:35.375 The log file has been saved successfully to "C:\Documents and Settings\jason seymer\Desktop\here we go\aswMBR.txt"
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 46 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware