Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Vista on Gateway

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Vista on Gateway

Unread postby cdmccreary » October 24th, 2011, 8:43 pm

Submitted this before viewtopic.php?p=593717#p593717
but the browsers sometimes won't allow access to malwareremoval.com. Seems to work now in Firefox. Stopped running a program at startup "NumCapsScroll Indicator.exe" which did not cause a problem before but after removing it now allows me to logon to administrator account without crashing explorer.exe.

System running well with no suspected malware prior to the following. (One other system in the house have similar problem but with a different history.)

To the best of my recollection, the history and symptoms are:

0. Unable to run Safari browser. I did not worry about it. MSIE acting strangely, I think.

1. Went to pdflite.com and tried to download pdfprinter.

2. No viruses reported prior to execution. Afterwords, antivirus notified me executable changed its file and asked if I wanted to continue running. I chose no. (using drweb)

3. Seems executable ran anyway. It unlinked so-to-speak the Adobe Acrobat installation. I cancelled the pdflite and deleted the executable. Did not notice any other ill-effects.

4. I reinstalled Adobe Acrobat X from the adobe website.

5. A few days later, computer will not run user "charles" with administrator privileges except in safe mode. Windows explorer keeps crashing.

6. Unable to run DDS. My antivirus says it is infected with Trojan.Muldrop3.6866. Seems strange a script would be reported infected.

7. Included Hijackthis reports.

Thank you.

Hijack This Log

Code: Select all
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:49:01 PM, on 10/17/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)
Boot mode: Normal

Running processes:
C:\Program Files\PC Tools Utilities\Tools\Defrag\DMDefragSrvProxy.exe
C:\Program Files\PC Tools Utilities\Tools\Repair\DMRepairSrvProxy.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\DrWeb\spiderml.exe
C:\Program Files\DrWeb\frwl_notify.exe
C:\Program Files\DrWeb\spideragent.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://translate.reference.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost #[IPv6]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WRShell.BHO - {255215E2-87DC-4819-8724-D0B4C94DBEF5} - C:\Program Files\WebResearch\WRShell.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: WRShell.ToolBand - {8F0F47B1-7D4B-4834-A981-91E2A3DCE069} - C:\Program Files\WebResearch\WRShell.dll
O3 - Toolbar: WRShell.EditBand - {5338DF6C-3B3B-4E38-8B31-7B99986627B2} - C:\Program Files\WebResearch\WRShell.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Cm102Sound] RunDll32 cm102.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe" -autorun
O4 - HKLM\..\Run: [Dr.Web Firewall] "C:\Program Files\DrWeb\frwl_notify.exe"
O4 - HKLM\..\Run: [SpIDerAgent] "C:\Program Files\DrWeb\SpIDerAgent.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [adm_tray.exe] C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: CaptureWiz.lnk = C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O8 - Extra context menu item: WebResearch: Save Link Address As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#110
O8 - Extra context menu item: WebResearch: Save Page Area (Frame) - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#102
O8 - Extra context menu item: WebResearch: Save Page Area (Frame) As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#106
O8 - Extra context menu item: WebResearch: Save Picture - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#101
O8 - Extra context menu item: WebResearch: Save Picture As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#108
O8 - Extra context menu item: WebResearch: Save Selected Targets As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#111
O8 - Extra context menu item: WebResearch: Save Selection - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#104
O8 - Extra context menu item: WebResearch: Save Selection As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#109
O8 - Extra context menu item: WebResearch: Save Target - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#103
O8 - Extra context menu item: WebResearch: Save Target As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#107
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Atomic Alarm Clock Time (AtomicAlarmClock) - Unknown owner - C:\Program Files\Clock Tray Skins\timeserv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrlAPI - Unknown owner - C:\Cygwin\bin\cygrunsrv.exe
O23 - Service: Performance Toolkit Disk Defrag Service (DMDefragService) - PC Tools - C:\Program Files\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe
O23 - Service: Performance Toolkit Disk Repair Service (DMRepairService) - PC Tools - C:\Program Files\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe
O23 - Service: Dr.Web Scanning Engine (DrWebEngine) (DrWebEngine) - Doctor Web, Ltd. - C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
O23 - Service: Dr.Web Firewall Application Filter (DrWebFWSvc) - Doctor Web, Ltd. - C:\Program Files\DrWeb\frwl_svc.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: FlipShare Server (FlipShareServer) - Unknown owner - C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XWP_Services (XWNTSERV) - Unknown owner - C:\Windows\System32\xwntserv.exe
O23 - Service: XwpXSetSrvProNFS service (XwpXSetSrvProNFS) - Unknown owner - C:\Users\Public\Program Files\Lab-NC\ProNFS\xsetsrv.exe

--
End of file - 13047 bytes



Uninstall List

Code: Select all
7-Zip 9.20
Acronis Drive Monitor
Acronis True Image WD Edition
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
Agere Systems HDA Modem
Allway Sync version 11.1.11
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoHotkey 1.1.00.00
Bonjour
Brief
Browser Address Error Redirector
BurnOn CD&DVD, Version 3.1.3 ( Build 2009-2-22, Win32, )
Canon MP Navigator EX 1.0
Canon MX310 series
CaptureWizPro 4.50
ClipboardCC 5.4.0.0
Clock Tray Skins 4.2
CloneDVD2
CloneSpy 2.61
Compatibility Pack for the 2007 Office system
CompuApps SwissKnife V3
CyberLink PhotoNow
CyberLink PhotoNow
CyberLink PowerDirector
CyberLink PowerDirector
Dr.Web anti-virus for Windows Pro 6.0 (x86)
ffdshow v1.1.3800 [2011-03-28]
FileASSASSIN
Flash Drive Tester v1.14
FlipShare
Free NaturalReader
FreeMind
Gateway Connect
Gateway Recovery Center Installer
GIMP 2.6.11
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
H&R Block Deluxe + Efile 2010
Help Explorer 3.0
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP USB Disk Storage Format Tool
Infinite Pre-Algebra
Infinite Pre-Algebra Trial
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
iTunes
Java(TM) 6 Update 26
Java(TM) SE Runtime Environment 6 Update 1
KWorld Editing Device Driver
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft Access database engine 2010 (English)
Microsoft MapPoint North America 2011
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
Mozilla Firefox (3.6.23)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MuseScore 0.9.6.3 MuseScore score typesetter
nfsAxe
Notation Composer 2.6.3 (Trial Version)
OpenOffice.org 3.2
Opera 11.00
Pegasus Mail
Performance Toolkit 1.0
Power2Go 5.0
ProNFS
Python 2.7.2
QuickTime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek USB 2.0 Card Reader
Registry Mechanic 10.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
SigmaTel Audio
SmartSound Quicktracks Plugin
Spare Backup
SwordSearcher 6.0.1.3
Synaptics Pointing Device Driver
Tar-1.13 Binaries (GnuWin32)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB Audio Device
VirtualCloneDrive
WebResearch 3
WinHTTrack Website Copier 3.44-1
WinNc 5 .5.0.0
WinPatrol
User avatar
cdmccreary
Member+
 
Posts: 32
Joined: August 9th, 2010, 6:57 pm
Advertisement
Register to Remove

Re: Vista on Gateway

Unread postby askey127 » October 27th, 2011, 12:19 pm

Hi cdmccreary,
(Don't ever use a Registry Cleaner/Booster/Optimizer, etc. They don't work and could trash your machine).
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Registry Mechanic 10.0
Java(TM) 6 Update 26
Java(TM) SE Runtime Environment 6 Update 1
Google Update Helper
Browser Address Error Redirector

Take extra care in answering questions posed by any Uninstaller.
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://www.oracle.com/technetwork/java/javase/downloads/index.html, and install it to your computer.
In the first section on the page, labeled Java SE 7u1(JDK or JRE), click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
Check the button to agree to the license.
Select the link for your Platform Windows x86 offline (or Windows 64-bit if your machine is 64-bit), and click it.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, (or right click and choose "Run as administrator" in Vista/Win7) and it will install the newest version of Java for you to use.

During installation, be certain to Uncheck and Refuse any offer for "partner software" or toolbars.

When it finishes, you can remove the Installer from your desktop.
-----------------------------------------------
Please download MiniToolBox and run it.
Check ONLY the following in the list:
  • Flush DNS
  • List IP configuration
Click GO and post the result (Result.txt).
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator".
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

So we are looking for the contents of Result.txt from the MiniToolbax, and the two logs from OTL.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Vista on Gateway

Unread postby cdmccreary » October 31st, 2011, 1:16 pm

Somethings are not uninstalling. I am still working on it.

Google Update Helper is not in uninstall list. I believe I set winpatrol to block this. "googleupdate.exe"

Result.txt
Code: Select all
MiniToolBox by Farbar 
Ran by charles (administrator) on 31-10-2011 at 12:49:35
Windows Vista (TM) Home Premium Service Pack 1 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.
========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : charles-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : mhs.com

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 08-00-27-00-24-B9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::70c4:38e6:c476:b51f%19(Preferred) 
   Autoconfiguration IPv4 Address. . : 169.254.181.31(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : mhs.com
   Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network Connection
   Physical Address. . . . . . . . . : 00-1C-BF-A6-79-0D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.2.103(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, October 31, 2011 12:06:48 PM
   Lease Expires . . . . . . . . . . : Monday, November 07, 2011 12:06:47 PM
   Default Gateway . . . . . . . . . : 192.168.2.254
   DHCP Server . . . . . . . . . . . : 192.168.2.254
   DNS Servers . . . . . . . . . . . : 192.168.2.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-E0-B8-E2-69-5A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{12121B48-7C6E-4A78-A74B-243A0A7A7BD4}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : mhs.com
   Description . . . . . . . . . . . : isatap.mhs.com
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{F0E31B8D-2668-4289-93F7-1C5A3092E9C1}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.2.254



Pinging google.com [173.194.64.106] with 32 bytes of data:

Reply from 173.194.64.106: bytes=32 time=33ms TTL=44

Reply from 173.194.64.106: bytes=32 time=33ms TTL=44



Ping statistics for 173.194.64.106:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 33ms, Maximum = 33ms, Average = 33ms

Server:  UnKnown
Address:  192.168.2.254

Name:    yahoo.com
Addresses:  98.139.180.149
	  209.191.122.70
	  67.195.160.76
	  72.30.2.43
	  98.137.149.56



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=26ms TTL=53

Reply from 209.191.122.70: bytes=32 time=27ms TTL=53



Ping statistics for 209.191.122.70:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 26ms, Maximum = 27ms, Average = 26ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
 19 ...08 00 27 00 24 b9 ...... VirtualBox Host-Only Ethernet Adapter
  9 ...00 1c bf a6 79 0d ...... Intel(R) PRO/Wireless 3945ABG Network Connection
  8 ...00 e0 b8 e2 69 5a ...... Realtek PCIe FE Family Controller
  1 ........................... Software Loopback Interface 1
 24 ...00 00 00 00 00 00 00 e0  isatap.{12121B48-7C6E-4A78-A74B-243A0A7A7BD4}
 22 ...00 00 00 00 00 00 00 e0  isatap.mhs.com
 21 ...00 00 00 00 00 00 00 e0  isatap.{F0E31B8D-2668-4289-93F7-1C5A3092E9C1}
 23 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.2.254    192.168.2.103     30
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link    169.254.181.31    276
   169.254.181.31  255.255.255.255         On-link    169.254.181.31    276
  169.254.255.255  255.255.255.255         On-link    169.254.181.31    276
      192.168.2.0    255.255.255.0         On-link     192.168.2.103    286
    192.168.2.103  255.255.255.255         On-link     192.168.2.103    286
    192.168.2.255  255.255.255.255         On-link     192.168.2.103    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    169.254.181.31    276
        224.0.0.0        240.0.0.0         On-link     192.168.2.103    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    169.254.181.31    276
  255.255.255.255  255.255.255.255         On-link     192.168.2.103    286
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 19    276 fe80::/64                On-link
 19    276 fe80::70c4:38e6:c476:b51f/128
                                    On-link
  1    306 ff00::/8                 On-link
 19    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

**** End of log ****


OTL.txt
Code: Select all
OTL logfile created on: 10/31/2011 12:52:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\charles\Desktop\malware removal
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 48.34% Memory free
4.21 Gb Paging File | 2.96 Gb Available in Paging File | 70.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.55 Gb Total Space | 38.53 Gb Free Space | 17.39% Space Free | Partition Type: NTFS
Drive D: | 11.33 Gb Total Space | 2.61 Gb Free Space | 23.04% Space Free | Partition Type: NTFS
Drive F: | 7.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: CHARLES-PC | User Name: charles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/10/31 11:33:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\charles\Desktop\malware removal\OTL.exe
PRC - [2011/09/13 04:32:31 | 001,830,744 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
PRC - [2011/08/15 05:31:59 | 001,591,024 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spiderml.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/26 07:07:53 | 002,267,120 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\frwl_svc.exe
PRC - [2011/05/26 07:07:50 | 002,583,304 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\frwl_notify.exe
PRC - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2011/04/20 07:32:56 | 001,473,264 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spideragent.exe
PRC - [2010/12/04 18:29:11 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2010/11/17 13:22:57 | 000,329,096 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/08/26 16:44:48 | 000,387,040 | ---- | M] (PC Tools Software) -- C:\Program Files\PC Tools Utilities\Tools\Repair\DMRepairSrvProxy.exe
PRC - [2010/08/26 16:44:46 | 001,021,920 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe
PRC - [2010/08/26 16:44:12 | 000,534,496 | ---- | M] (PC Tools Software) -- C:\Program Files\PC Tools Utilities\Tools\Defrag\DMDefragSrvProxy.exe
PRC - [2010/08/26 16:44:10 | 001,034,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe
PRC - [2010/08/26 11:07:04 | 000,531,664 | ---- | M] (Acronis) -- C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
PRC - [2010/08/26 10:56:16 | 003,464,632 | ---- | M] (Acronis) -- C:\Program Files\Acronis\DriveMonitor\adm.exe
PRC - [2010/06/21 18:26:00 | 003,112,696 | ---- | M] (PixelMetrics) -- C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
PRC - [2010/06/07 18:48:42 | 000,362,488 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/06/07 18:48:38 | 000,817,264 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010/06/07 18:47:46 | 002,605,424 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/05/21 01:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 01:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/09/14 21:43:32 | 000,106,496 | ---- | M] () -- C:\Users\Public\Program Files\Lab-NC\ProNFS\xsetsrv.exe
PRC - [2008/09/29 13:19:22 | 000,415,744 | ---- | M] () -- C:\Program Files\Clock Tray Skins\timeserv.exe
PRC - [2008/07/17 18:03:34 | 000,205,952 | ---- | M] () -- C:\WINDOWS\System32\XWNTSERV.EXE
PRC - [2008/01/19 02:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
PRC - [2007/09/13 19:22:04 | 005,252,936 | ---- | M] (SpareBackup, Inc.) -- C:\Program Files\Spare Backup\SpareBackup.exe
PRC - [2007/02/12 16:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 16:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/10/05 00:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/15 09:17:31 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2011/06/15 09:16:36 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\81a310f5bd696b74485a513680672a5e\System.Web.Services.ni.dll
MOD - [2011/06/15 09:16:36 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
MOD - [2011/06/15 09:16:34 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011/06/15 09:16:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/06/15 09:16:24 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll
MOD - [2011/06/15 09:16:23 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll
MOD - [2011/06/15 09:16:22 | 002,510,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\7ce102f66f1e9a72578c6f2f07a27ef8\System.Data.SqlXml.ni.dll
MOD - [2011/06/15 09:16:22 | 000,679,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6a39ee17f7cefb77c8e98dbfb72b058b\System.Security.ni.dll
MOD - [2011/06/15 09:16:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011/06/15 09:16:18 | 000,015,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a96b02abbfcaae424cfb91a198a9e0e9\Microsoft.VisualC.ni.dll
MOD - [2011/06/15 09:10:57 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/06/15 09:10:03 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/06/15 09:09:49 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/06/15 09:09:22 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll
MOD - [2011/06/15 09:07:55 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/06/15 09:07:43 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/12/04 17:56:03 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/12/04 17:56:02 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2010/12/03 03:13:45 | 000,708,608 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.Web.Services2\2.0.3.0__31bf3856ad364e35\Microsoft.Web.Services2.dll
MOD - [2010/08/26 16:44:44 | 000,251,872 | ---- | M] () -- C:\Program Files\PC Tools Utilities\Tools\Repair\aDSUtils.dll
MOD - [2010/08/26 16:44:02 | 000,251,872 | ---- | M] () -- C:\Program Files\PC Tools Utilities\Tools\Defrag\aDSUtils.dll
MOD - [2010/08/26 10:46:18 | 000,012,128 | ---- | M] () -- C:\Program Files\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
MOD - [2010/06/07 18:05:12 | 000,028,512 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\Common\rpc_client.dll
MOD - [2010/05/04 16:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/03/29 15:02:48 | 000,520,234 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2008/07/17 18:03:32 | 000,086,251 | ---- | M] () -- C:\WINDOWS\System32\XWNTFS32.DLL
MOD - [2007/05/19 00:59:06 | 000,356,928 | ---- | M] () -- C:\Program Files\Spare Backup\sqlite3.dll
MOD - [2007/04/03 10:05:24 | 000,577,096 | ---- | M] () -- C:\Program Files\Spare Backup\System.Data.SQLite.DLL
MOD - [2007/04/03 10:04:54 | 000,183,880 | ---- | M] () -- C:\Program Files\Spare Backup\UberCrypto.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2011/09/13 04:32:31 | 001,830,744 | ---- | M] (Doctor Web, Ltd.) [Auto | Running] -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe -- (DrWebEngine) Dr.Web Scanning Engine (DrWebEngine)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/26 07:07:53 | 002,267,120 | ---- | M] (Doctor Web, Ltd.) [Auto | Running] -- C:\Program Files\DrWeb\frwl_svc.exe -- (DrWebFWSvc)
SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/08/26 16:44:46 | 001,021,920 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe -- (DMRepairService)
SRV - [2010/08/26 16:44:10 | 001,034,208 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe -- (DMDefragService)
SRV - [2010/06/07 18:48:38 | 000,817,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/09/14 21:43:32 | 000,106,496 | ---- | M] () [Auto | Running] -- C:\Users\Public\Program Files\Lab-NC\ProNFS\xsetsrv.exe -- (XwpXSetSrvProNFS)
SRV - [2008/09/29 13:19:22 | 000,415,744 | ---- | M] () [Auto | Running] -- C:\Program Files\Clock Tray Skins\timeserv.exe -- (AtomicAlarmClock)
SRV - [2008/07/17 18:03:34 | 000,205,952 | ---- | M] () [Auto | Running] -- C:\Windows\System32\xwntserv.exe -- (XWNTSERV)
SRV - [2008/03/18 05:28:46 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Cygwin\bin\cygrunsrv.exe -- (BrlAPI)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/12 16:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/10/05 00:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2011/09/28 07:21:07 | 000,149,272 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\dwprot.sys -- (DwProt)
DRV - [2011/09/26 08:00:44 | 000,109,560 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\spiderg3.sys -- (SpiderG3)
DRV - [2011/08/19 10:01:27 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/08/15 15:06:20 | 000,116,016 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2011/08/15 15:06:20 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/12/09 20:09:55 | 000,594,208 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/12/09 20:09:37 | 000,170,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/11/11 07:58:16 | 000,084,728 | ---- | M] (Doctor Web) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\drwebaf.sys -- (DRWEBAF)
DRV - [2010/11/11 07:58:16 | 000,072,568 | ---- | M] (Doctor Web) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\drwebpf.sys -- (DrWebPF)
DRV - [2010/06/23 10:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/08/04 21:18:24 | 000,551,424 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2009/07/21 05:39:32 | 000,576,896 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2009/01/14 20:24:45 | 001,499,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CM102.sys -- (USBAU)
DRV - [2008/11/17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/07/17 18:03:52 | 000,177,918 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\XWPFSW2K.SYS -- (XwpNTrdr)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/29 17:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/01/30 00:37:46 | 000,650,240 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/08 04:29:44 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 02:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS -- (SBKUPNT)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://translate.reference.com/
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-501\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-501\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-501\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.23
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.99
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1
FF - prefs.js..extensions.enabledItems: copylinkurl@bluelightdev.com:1.5
FF - prefs.js..extensions.enabledItems: {f36c6cd1-da73-491d-b290-8fc9115bfa55}:2.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: zoteroOpenOfficeIntegration@zotero.org:3.5b1
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.1.10
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/16 18:16:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/16 18:16:42 | 000,000,000 | ---D | M]
 
[2010/12/05 09:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\charles\AppData\Roaming\Mozilla\Extensions
[2011/10/31 12:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\charles\AppData\Roaming\Mozilla\Firefox\Profiles\1z9lwc1b.default\extensions
[2011/01/16 22:40:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\charles\AppData\Roaming\Mozilla\Firefox\Profiles\1z9lwc1b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/16 22:40:12 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Users\charles\AppData\Roaming\Mozilla\Firefox\Profiles\1z9lwc1b.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2011/09/11 21:25:43 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\charles\AppData\Roaming\Mozilla\Firefox\Profiles\1z9lwc1b.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/09/11 21:27:32 | 000,000,000 | ---D | M] (WorldIP) -- C:\Users\charles\AppData\Roaming\Mozilla\Firefox\Profiles\1z9lwc1b.default\extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}
[2010/12/22 01:06:37 | 000,000,000 | ---D | M] ("Copy Link URL") -- C:\Users\charles\AppData\Roaming\Mozilla\Firefox\Profiles\1z9lwc1b.default\extensions\copylinkurl@bluelightdev.com
[2011/01/16 22:40:12 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\charles\AppData\Roaming\Mozilla\Firefox\Profiles\1z9lwc1b.default\extensions\isreaditlater@ideashower.com
[2011/09/27 03:15:08 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\charles\AppData\Roaming\Mozilla\Firefox\Profiles\1z9lwc1b.default\extensions\zotero@chnm.gmu.edu
[2011/09/27 03:13:59 | 000,000,000 | ---D | M] (Zotero OpenOffice.org Integration) -- C:\Users\charles\AppData\Roaming\Mozilla\Firefox\Profiles\1z9lwc1b.default\extensions\zoteroOpenOfficeIntegration@zotero.org
[2011/10/31 12:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/17 00:30:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/10/31 12:48:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/31 12:47:25 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Dr.Web Anti-Virus Link Checker = C:\Users\charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleggpabliehgbeagmfhnodcijcmbonb\2.56_0\
CHR - Extension: Mac OS X Simple Theme = C:\Users\charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\cihohekcekjgjdkeljpkbaaecgfoimbj\1.0.1_0\
 
O1 HOSTS File: ([2011/10/17 12:45:58 | 000,614,319 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1  localhost
O1 - Hosts: ::1  localhost #[IPv6]
O1 - Hosts: 127.0.0.1  www.pdflite.com
O1 - Hosts: 127.0.0.1  fr.a2dfp.net
O1 - Hosts: 127.0.0.1  m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1  ad.a8.net
O1 - Hosts: 127.0.0.1  asy.a8ww.net
O1 - Hosts: 127.0.0.1  abcstats.com
O1 - Hosts: 127.0.0.1  a.abv.bg
O1 - Hosts: 127.0.0.1  adserver.abv.bg
O1 - Hosts: 127.0.0.1  adv.abv.bg
O1 - Hosts: 127.0.0.1  bimg.abv.bg
O1 - Hosts: 127.0.0.1  ca.abv.bg
O1 - Hosts: 127.0.0.1  www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1  track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1  accuserveadsystem.com
O1 - Hosts: 127.0.0.1  www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1  achmedia.com
O1 - Hosts: 127.0.0.1  aconti.net
O1 - Hosts: 127.0.0.1  secure.aconti.net
O1 - Hosts: 127.0.0.1  www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1  am1.activemeter.com
O1 - Hosts: 127.0.0.1  www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1  ads.activepower.net
O1 - Hosts: 127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 16345 more lines...
O2 - BHO: (WRShell.BHO) - {255215E2-87DC-4819-8724-D0B4C94DBEF5} - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (WRShell.EditBand) - {5338DF6C-3B3B-4E38-8B31-7B99986627B2} - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WRShell.ToolBand) - {8F0F47B1-7D4B-4834-A981-91E2A3DCE069} - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O3 - HKU\S-1-5-21-3565876915-1613788483-8259272-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [adm_tray.exe] C:\Program Files\Acronis\DriveMonitor\adm_tray.exe (Acronis)
O4 - HKLM..\Run: [Cm102Sound] RunDll32 cm102.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [Dr.Web Firewall] C:\Program Files\DrWeb\frwl_notify.exe (Doctor Web, Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray File not found
O4 - HKLM..\Run: [Spare Backup] C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)
O4 - HKLM..\Run: [SpIDerAgent] C:\Program Files\DrWeb\SpIDerAgent.exe (Doctor Web, Ltd.)
O4 - HKLM..\Run: [SpIDerMail] C:\Program Files\DrWeb\spiderml.exe (Doctor Web, Ltd.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3565876915-1613788483-8259272-1000..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-3565876915-1613788483-8259272-1000..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe ()
O4 - HKU\S-1-5-21-3565876915-1613788483-8259272-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3565876915-1613788483-8259272-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3565876915-1613788483-8259272-501..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CaptureWiz.lnk = C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe (PixelMetrics)
O4 - Startup: C:\Users\charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\odrive.bat ()
O4 - Startup: C:\Users\charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CaptureWiz.lnk = C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe (PixelMetrics)
O4 - Startup: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CaptureWiz.lnk = C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe (PixelMetrics)
O4 - Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: WebResearch: Save Link Address As... - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: WebResearch: Save Page Area (Frame) - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: WebResearch: Save Page Area (Frame) As... - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: WebResearch: Save Picture - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: WebResearch: Save Picture As... - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: WebResearch: Save Selected Targets As... - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: WebResearch: Save Selection - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: WebResearch: Save Selection As... - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: WebResearch: Save Target - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: WebResearch: Save Target As... - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3565876915-1613788483-8259272-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3565876915-1613788483-8259272-1000\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-3565876915-1613788483-8259272-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3565876915-1613788483-8259272-1001\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-3565876915-1613788483-8259272-1002\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3565876915-1613788483-8259272-1002\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-3565876915-1613788483-8259272-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3565876915-1613788483-8259272-1003\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-3565876915-1613788483-8259272-501\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3565876915-1613788483-8259272-501\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AA66C24-F5AD-4973-875D-B23365C7DEFE}: DhcpNameServer = 192.168.2.254
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/10/31 12:49:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/31 12:48:26 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/10/31 12:48:26 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/10/31 12:48:26 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/10/31 11:34:49 | 000,000,000 | ---D | C] -- C:\Users\charles\Desktop\malware removal
[2011/10/25 23:52:47 | 000,000,000 | ---D | C] -- C:\Users\charles\Desktop\linux
[2011/10/24 20:02:50 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2011/10/24 20:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2011/10/23 20:54:47 | 000,000,000 | ---D | C] -- C:\Users\charles\Desktop\Install Mplayer and Multimedia Codecs (libdvdcss2,w32codecs,w64codecs) in Ubuntu 9.04 (Jaunty)   Ubuntu Geek_files
[2011/10/17 12:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/09 17:44:54 | 000,000,000 | ---D | C] -- C:\Users\charles\Desktop\homeschool
[2011/10/04 12:06:59 | 000,000,000 | ---D | C] -- C:\Users\charles\Desktop\minivans dodge
[2011/10/03 00:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/10/02 21:08:38 | 000,000,000 | ---D | C] -- C:\Users\charles\Documents\My Kindle Content
[2011/10/02 21:08:20 | 000,000,000 | ---D | C] -- C:\Users\charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2011/10/02 21:08:09 | 000,000,000 | ---D | C] -- C:\Users\charles\AppData\Local\Amazon
[2011/10/02 12:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2011/10/02 12:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft MapPoint 2011
[2011/10/02 12:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011/10/02 11:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/10/31 12:51:27 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\Dr.Web Update.job
[2011/10/31 12:47:25 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2011/10/31 12:47:25 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/10/31 12:47:25 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/10/31 12:47:25 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/10/31 12:42:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/31 12:12:04 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011/10/31 12:08:43 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/31 12:08:24 | 000,000,292 | ---- | M] () -- C:\XWNTFS32.TRC
[2011/10/31 12:06:46 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/31 12:06:46 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/31 12:06:45 | 000,001,024 | ---- | M] () -- C:\XWP2KFSD.TRC
[2011/10/31 12:06:45 | 000,001,024 | ---- | M] () -- C:\XWP2KFSD.TR_
[2011/10/31 12:06:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/31 12:06:37 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/31 11:38:56 | 000,001,224 | ---- | M] () -- C:\XWNTFS32.TR_
[2011/10/26 06:42:37 | 000,000,004 | ---- | M] () -- C:\Users\charles\Documents\Unsaved Document 1
[2011/10/23 20:54:47 | 000,113,217 | ---- | M] () -- C:\Users\charles\Desktop\Install Mplayer and Multimedia Codecs (libdvdcss2,w32codecs,w64codecs) in Ubuntu 9.04 (Jaunty)   Ubuntu Geek.htm
[2011/10/18 10:48:31 | 000,640,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/18 10:48:31 | 000,118,362 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/16 18:27:24 | 000,000,762 | ---- | M] () -- C:\Users\charles\AppData\Roaming\ClockTraySkins.ini
[2011/10/11 13:33:03 | 000,001,356 | ---- | M] () -- C:\Users\charles\AppData\Local\d3d9caps.dat
[2011/10/10 21:12:43 | 000,000,833 | ---- | M] () -- C:\Users\charles\Desktop\wyzant first reponse.rtf
[2011/10/05 21:39:56 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/05 21:09:55 | 000,008,583 | ---- | M] () -- C:\Users\charles\Desktop\payment interest term calc.ods
[2011/10/04 10:10:19 | 000,244,911 | ---- | M] () -- C:\Users\charles\Desktop\classmates settlement documentation.xps
[2011/10/03 00:25:28 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/10/03 00:03:17 | 000,341,030 | ---- | M] () -- C:\Users\charles\Desktop\Homicide Studies-2011-Farrell-228-52.pdf
[2011/10/02 21:08:23 | 000,002,028 | ---- | M] () -- C:\Users\charles\Desktop\Kindle.lnk
[2011/10/02 19:17:54 | 000,241,498 | ---- | M] () -- C:\Users\charles\Desktop\books.xps
[2011/10/01 19:17:54 | 000,000,065 | ---- | M] () -- C:\Users\charles\Desktop\Ultimate Research Assistant.url
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/10/26 06:42:37 | 000,000,004 | ---- | C] () -- C:\Users\charles\Documents\Unsaved Document 1
[2011/10/23 20:54:46 | 000,113,217 | ---- | C] () -- C:\Users\charles\Desktop\Install Mplayer and Multimedia Codecs (libdvdcss2,w32codecs,w64codecs) in Ubuntu 9.04 (Jaunty)   Ubuntu Geek.htm
[2011/10/16 18:18:18 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/05 21:09:53 | 000,008,583 | ---- | C] () -- C:\Users\charles\Desktop\payment interest term calc.ods
[2011/10/04 12:44:39 | 000,000,833 | ---- | C] () -- C:\Users\charles\Desktop\wyzant first reponse.rtf
[2011/10/04 10:10:14 | 000,244,911 | ---- | C] () -- C:\Users\charles\Desktop\classmates settlement documentation.xps
[2011/10/03 00:25:28 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/10/03 00:25:26 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/03 00:03:13 | 000,341,030 | ---- | C] () -- C:\Users\charles\Desktop\Homicide Studies-2011-Farrell-228-52.pdf
[2011/10/02 21:08:23 | 000,002,028 | ---- | C] () -- C:\Users\charles\Desktop\Kindle.lnk
[2011/10/02 19:17:37 | 000,241,498 | ---- | C] () -- C:\Users\charles\Desktop\books.xps
[2011/10/02 12:17:49 | 000,002,020 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft MapPoint North America 2011.lnk
[2011/10/01 19:17:54 | 000,000,065 | ---- | C] () -- C:\Users\charles\Desktop\Ultimate Research Assistant.url
[2011/09/25 13:33:38 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/09/22 21:29:10 | 000,000,762 | ---- | C] () -- C:\Users\charles\AppData\Roaming\ClockTraySkins.ini
[2011/09/20 01:15:33 | 000,177,918 | ---- | C] () -- C:\Windows\System32\drivers\XWPFSW2K.SYS
[2011/09/20 01:15:33 | 000,070,656 | ---- | C] () -- C:\Windows\System32\XWPSHELL.DLL
[2011/09/20 01:15:32 | 000,205,952 | ---- | C] () -- C:\Windows\System32\XWNTSERV.EXE
[2011/09/20 01:15:32 | 000,086,251 | ---- | C] () -- C:\Windows\System32\XWNTFS32.DLL
[2011/09/19 21:34:50 | 000,014,976 | ---- | C] () -- C:\Windows\System32\drivers\SBKUPNT.SYS
[2011/09/19 21:34:50 | 000,013,312 | ---- | C] () -- C:\Windows\System32\DEVLOAD.EXE
[2011/09/19 21:34:48 | 000,000,543 | ---- | C] () -- C:\Windows\SWISV3.INI
[2011/09/19 21:34:46 | 000,000,355 | ---- | C] () -- C:\Windows\SKNIFE.INI
[2011/09/19 21:34:16 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI
[2011/09/18 20:32:29 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib_iMiser.dll
[2011/09/13 17:29:48 | 000,000,483 | ---- | C] () -- C:\Windows\CDRipper.ini
[2011/05/17 09:31:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/04/15 04:30:00 | 000,079,296 | ---- | C] () -- C:\Windows\System32\wr4zlib.dll
[2011/01/17 08:23:26 | 000,001,356 | ---- | C] () -- C:\Users\charles\AppData\Local\d3d9caps.dat
[2011/01/10 21:11:57 | 000,000,054 | ---- | C] () -- C:\Windows\Composer.INI
[2011/01/04 13:41:56 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/04 13:41:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/12/17 20:56:48 | 000,139,264 | R--- | C] () -- C:\Windows\Vmix102.dll
[2010/12/17 20:56:29 | 000,503,808 | R--- | C] () -- C:\Windows\System32\Cmeau102.exe
[2010/12/17 20:56:29 | 000,000,103 | ---- | C] () -- C:\Windows\Cm102.ini.cfl
[2010/12/17 20:55:42 | 000,000,081 | ---- | C] () -- C:\Windows\Cm102.ini.imi
[2010/12/17 20:55:41 | 000,258,048 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010/12/17 20:55:41 | 000,002,027 | R--- | C] () -- C:\Windows\Cm102.ini.cfg
[2010/12/17 20:55:33 | 000,000,449 | R--- | C] () -- C:\Windows\cm102.ini
[2010/12/17 12:53:08 | 000,303,104 | ---- | C] () -- C:\Windows\emunist.exe
[2010/12/17 12:52:58 | 000,002,199 | ---- | C] () -- C:\Windows\TVEpaDrv.ini
[2010/12/05 06:05:07 | 000,037,344 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2010/12/03 15:11:03 | 000,037,376 | ---- | C] () -- C:\Users\charles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 20:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 20:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 20:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007/12/12 10:53:10 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/12/12 10:53:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1268.dll
[2007/12/12 10:52:23 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,329,232 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,640,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,118,362 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/11 19:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[2004/12/27 18:48:36 | 000,044,544 | ---- | C] () -- C:\Windows\System32\gif89.dll
[2003/11/18 02:37:20 | 000,072,192 | ---- | C] () -- C:\Windows\System32\cszlib.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/12/13 20:55:59 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\Acronis
[2011/09/18 15:37:15 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\Brief
[2011/03/30 13:44:43 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\Canon
[2011/09/25 01:31:45 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\CloneSpy
[2011/09/17 00:59:53 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\gtk-2.0
[2011/01/11 20:58:19 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\MusE
[2011/01/19 11:33:33 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\OpenOffice.org
[2011/01/17 10:43:24 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\Opera
[2011/02/26 16:03:50 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\PixelMetrics
[2010/12/21 20:44:04 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\QuickScan
[2010/12/20 13:23:57 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\Registry Mechanic
[2010/12/03 14:57:50 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\SampleView
[2011/10/31 12:14:20 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\Spare Backup
[2011/10/02 10:51:21 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\Spotify
[2011/01/17 09:51:26 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\SwordSearcher
[2011/07/11 13:47:55 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\Sync App Settings
[2011/01/11 18:53:34 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\TaxCut
[2011/09/19 19:35:38 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\WebResearch
[2011/09/18 21:58:30 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\WinNc
[2011/01/19 00:22:05 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\WinPatrol
[2011/04/01 22:25:21 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Canon
[2011/01/21 10:15:33 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\OpenOffice.org
[2011/04/17 21:14:50 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Opera
[2011/01/24 23:56:27 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\PixelMetrics
[2011/10/16 18:29:21 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Spare Backup
[2011/03/04 04:54:55 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\TaxCut
[2011/09/27 19:48:59 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\WebResearch
[2011/01/29 19:57:46 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\WinPatrol
[2011/04/30 10:56:48 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\OpenOffice.org
[2011/05/02 19:49:20 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\PixelMetrics
[2011/05/30 18:50:33 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\SampleView
[2011/05/31 21:23:46 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Spare Backup
[2011/05/31 19:43:30 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Spare Backup
[2011/07/08 14:11:47 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Canon
[2011/07/08 14:17:47 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\OpenOffice.org
[2011/08/20 11:55:41 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Spare Backup
[2011/10/13 08:45:14 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\WebResearch
[2011/01/01 20:33:28 | 000,000,288 | ---- | M] () -- C:\Windows\Tasks\Dr.Web Daily scan.job
[2011/10/31 12:51:27 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\Dr.Web Update.job
[2011/10/31 12:05:41 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0D786AE3
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >


Extras.txt
Code: Select all
OTL Extras logfile created on: 10/31/2011 12:52:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\charles\Desktop\malware removal
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 48.34% Memory free
4.21 Gb Paging File | 2.96 Gb Available in Paging File | 70.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.55 Gb Total Space | 38.53 Gb Free Space | 17.39% Space Free | Partition Type: NTFS
Drive D: | 11.33 Gb Total Space | 2.61 Gb Free Space | 23.04% Space Free | Partition Type: NTFS
Drive F: | 7.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: CHARLES-PC | User Name: charles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-3565876915-1613788483-8259272-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A885410-D721-4ACF-8BDE-0E7DB3401DD3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{0F444067-B184-434E-9B96-53AC03E93150}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{132A5411-67E9-4020-9AA7-1518FCC75754}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2398B50B-2DCF-46CA-B686-E5AFF672D61B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2CB49BAA-3203-4625-B903-F49CC92D5047}" = lport=138 | protocol=17 | dir=in | app=system | 
"{34497731-8654-4B49-964C-415E5B94D896}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{394D1CB3-C479-4275-8F0D-316037E23A9A}" = lport=24727 | protocol=6 | dir=in | name=flipshareserver | 
"{3C63B786-8699-4F82-A736-8A384333FB9A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3D2D87D8-7F83-4840-912D-0B96D17893A2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{422E3F05-F994-42DD-8C96-333F3C7467A1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7AD39990-AABB-4901-953E-E365D83C36CC}" = lport=24726 | protocol=6 | dir=in | name=flipshareserver | 
"{7C691B07-C720-4B4A-B228-3A9822F6379A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{84C567BD-5C3B-45EE-9F47-D2C05AFF7ADB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{88BA78F6-617F-4B5B-A2EC-66BB5955E933}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9822A523-AC26-4C83-925D-070277C59418}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AE01C2C9-F29E-411F-8778-60F22D0491D0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{BB5E3745-7B70-41D3-8E50-08C8402AF20D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BC4D5FC6-02FF-4EDD-8686-EB696518EC4C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E15C1378-6CAB-45D4-B044-962A129B676F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F7FFEBD7-7BE4-4720-96CD-C3CB27173096}" = lport=139 | protocol=6 | dir=in | app=system | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B840989-C99A-4F3C-ACED-38E17E409D0E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1A609F19-5C67-47AA-9A89-CBDBFC6281CF}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{3A75F1AC-9A4B-4E9F-9050-746F3AB0A37A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{47FB1862-922E-46BB-8F38-54007660E2C3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{5B266C50-A245-4A55-9559-192D35CF14D1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{738F9CB3-E908-46F4-8136-4A5DA23E1336}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{807D30E9-E0F9-45AE-88CA-BE1688B14B57}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{895C70B8-C6E5-4BEF-A973-48598D43F3D7}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr8.exe | 
"{8C97A25C-D504-4816-8489-C937628A1AD1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9B87F5B8-2B60-4F07-9942-66E955EE3550}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9C214F08-23E7-4C93-AEF2-15B00CEB4375}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E481C636-113E-4362-8735-86D1F4C5A290}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{F0231EEA-DC90-4D33-A549-AA84B54430B8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F05BC598-8CA3-4996-9C3F-0B16EF59DAAE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{0A2D00E9-B53E-4CFB-99E1-75E8AA2DF2A2}C:\users\public\program files\lab-nc\pronfs\nfs_serv.exe" = protocol=6 | dir=in | app=c:\users\public\program files\lab-nc\pronfs\nfs_serv.exe | 
"TCP Query User{0E3110DD-CF6F-4C98-BDBC-19A70D4A5943}C:\users\public\program files\labf.com\nfsaxe\nfs_serv.exe" = protocol=6 | dir=in | app=c:\users\public\program files\labf.com\nfsaxe\nfs_serv.exe | 
"TCP Query User{6B4974BB-89DA-46BB-A509-697E32C06388}C:\users\charles\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\charles\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{B14A5A1E-951C-4A25-9B41-C8FF01CC3E8F}C:\users\daniela\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\daniela\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"TCP Query User{F3BB54E8-0C41-4D86-940A-EB8D3A3D57C1}C:\users\public\program files\labf.com\nfsaxe\nfs_serv.exe" = protocol=6 | dir=in | app=c:\users\public\program files\labf.com\nfsaxe\nfs_serv.exe | 
"UDP Query User{2A058FA6-0401-4BB8-9E76-FFBA4BEB8A5F}C:\users\public\program files\lab-nc\pronfs\nfs_serv.exe" = protocol=17 | dir=in | app=c:\users\public\program files\lab-nc\pronfs\nfs_serv.exe | 
"UDP Query User{6AAAE4A1-7C2E-4154-B0E1-38B201AFC518}C:\users\public\program files\labf.com\nfsaxe\nfs_serv.exe" = protocol=17 | dir=in | app=c:\users\public\program files\labf.com\nfsaxe\nfs_serv.exe | 
"UDP Query User{85DDBF3C-624F-4DFE-B173-B80A7A64B206}C:\users\public\program files\labf.com\nfsaxe\nfs_serv.exe" = protocol=17 | dir=in | app=c:\users\public\program files\labf.com\nfsaxe\nfs_serv.exe | 
"UDP Query User{97CFE31E-DE72-499B-A6F0-D0762253A857}C:\users\daniela\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\daniela\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{F97C83CB-0FF2-4971-A10B-410834544B05}C:\users\charles\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\charles\appdata\roaming\spotify\spotify.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}" = Free NaturalReader
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1
"{272C8DEE-F54F-406C-9AA6-B4DE2985A47C}" = Flash Drive Tester v1.14
"{29C7B52B-F7C6-4033-93EF-DE4A59AB076C}" = Dr.Web anti-virus for Windows Pro 6.0 (x86)
"{2E295B5B-1AD4-4d36-97C2-A316084722CF}" = Python 2.7.2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{706AE61D-40A4-4F50-8359-FE8F6F7FA461}" = Acronis Drive Monitor
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DB3521-B5F4-442B-A4CF-99112E625DED}" = Infinite Pre-Algebra
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E011FB2-3BF0-468E-A00F-A5D8DCA7EA87}" = nfsAxe
"{7E011FB2-3BF0-468E-A1EA-A5D8DCA7EA87}" = ProNFS
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{81FB87B4-AEA6-49A8-9110-BED4AEFC20E8}" = H&R Block Deluxe + Efile 2010
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87022FF4-CD0C-44A5-8084-1FE3F5F96369}" = Help Explorer 3.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8FE8614E-5E08-4E34-B525-484D759A709F}" = Brief
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}" = Spare Backup
"{A7CED170-295C-4238-8683-9CEE34F3CCE5}_is1" = ClipboardCC 5.4.0.0
"{A7D5787B-3A91-4433-A753-CFE520671683}" = Acronis True Image WD Edition
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{BD42A7E4-1104-411D-80A9-8E75DE5D9741}" = WebResearch 3
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C82185E8-C27B-4EF4-2011-1111BC2C2B6D}" = Microsoft MapPoint North America 2011
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}" = Gateway Connect
"{EF53DD60-C4E2-11DB-3D6C-167690F54AE1}" = Notation Composer 2.6.3 (Trial Version)
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Allway Sync_is1" = Allway Sync version 11.1.11
"AnyDVD" = AnyDVD
"AutoHotkey" = AutoHotkey 1.1.00.00
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BurnWorld.Com BurnOn CD&DVD_is1" = BurnOn CD&DVD, Version 3.1.3 ( Build 2009-2-22, Win32, )
"CaptureWiz" = CaptureWizPro 4.50
"Clock Tray Skins_is1" = Clock Tray Skins 4.2
"CloneDVD2" = CloneDVD2
"CloneSpy" = CloneSpy 2.61
"C-Media CM102 Like Sound Driver" = USB Audio Device
"CompuApps SwissKnife V3" = CompuApps SwissKnife V3
"ffdshow_is1" = ffdshow v1.1.3800 [2011-03-28]
"FileASSASSIN" = FileASSASSIN
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Infinite Pre-Algebra" = Infinite Pre-Algebra Trial
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"KWorld Editing Device Driver_is1" = KWorld Editing Device Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Money2007b" = Microsoft Money Essentials
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MuseScore" = MuseScore 0.9.6.3 MuseScore score typesetter
"Opera 11.00.1156" = Opera 11.00
"PC Tools Utilities_is1" = Performance Toolkit 1.0
"Pegasus Mail" = Pegasus Mail
"SwordSearcher_5_InnoSetup_is1" = SwordSearcher 6.0.1.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tar-1.13-bin_is1" = Tar-1.13 Binaries (GnuWin32)
"VirtualCloneDrive" = VirtualCloneDrive
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1
"WinNc 5" = WinNc 5 .5.0.0
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-3565876915-1613788483-8259272-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"f031ef6ac137efc5" = Dell Driver Download Manager
"Spotify" = Spotify
"WinImage" = WinImage
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-3565876915-1613788483-8259272-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 10/11/2011 2:05:50 PM | Computer Name = charles-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6001.18164, time stamp
 0x4907e242, faulting module kernel32.dll, version 6.0.6001.18215, time stamp 0x49953395,
 exception code 0x0eedfade, fault offset 0x000442eb,  process id 0x68c, application
 start time 0x01cc884063c288d5.
 
Error - 10/11/2011 2:06:00 PM | Computer Name = charles-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6001.18164, time stamp
 0x4907e242, faulting module kernel32.dll, version 6.0.6001.18215, time stamp 0x49953395,
 exception code 0x0eedfade, fault offset 0x000442eb,  process id 0x134c, application
 start time 0x01cc88406b627055.
 
Error - 10/11/2011 2:06:15 PM | Computer Name = charles-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6001.18164, time stamp
 0x4907e242, faulting module kernel32.dll, version 6.0.6001.18215, time stamp 0x49953395,
 exception code 0x0eedfade, fault offset 0x000442eb,  process id 0x1638, application
 start time 0x01cc8840726ec295.
 
Error - 10/11/2011 2:06:30 PM | Computer Name = charles-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6001.18164, time stamp
 0x4907e242, faulting module kernel32.dll, version 6.0.6001.18215, time stamp 0x49953395,
 exception code 0x0eedfade, fault offset 0x000442eb,  process id 0xe1c, application
 start time 0x01cc88407bfbb4d5.
 
Error - 10/11/2011 2:06:38 PM | Computer Name = charles-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6001.18164, time stamp
 0x4907e242, faulting module kernel32.dll, version 6.0.6001.18215, time stamp 0x49953395,
 exception code 0x0eedfade, fault offset 0x000442eb,  process id 0x42c, application
 start time 0x01cc8840838fb575.
 
Error - 10/11/2011 2:06:51 PM | Computer Name = charles-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6001.18164, time stamp
 0x4907e242, faulting module kernel32.dll, version 6.0.6001.18215, time stamp 0x49953395,
 exception code 0x0eedfade, fault offset 0x000442eb,  process id 0xc60, application
 start time 0x01cc884088658075.
 
Error - 10/11/2011 2:31:58 PM | Computer Name = charles-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 10/11/2011 2:49:19 PM | Computer Name = charles-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
 0x4907e242, faulting module kernel32.dll, version 6.0.6001.18215, time stamp 0x49953395,
 exception code 0x0eedfade, fault offset 0x000442eb,  process id 0xe80, application
 start time 0x01cc8845eaa2b202.
 
Error - 10/11/2011 3:05:56 PM | Computer Name = charles-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
 0x4907e242, faulting module kernel32.dll, version 6.0.6001.18215, time stamp 0x49953395,
 exception code 0x0eedfade, fault offset 0x000442eb,  process id 0xe30, application
 start time 0x01cc88487a82a78b.
 
Error - 10/13/2011 10:18:07 AM | Computer Name = charles-PC | Source = EventSystem | ID = 4622
Description = 
 
[ Doctor Web Events ]
Error - 8/26/2011 9:43:29 PM | Computer Name = charles-PC | Source = Dr.Web Engine | ID = 4044
Description = No valid SpIDer Guard license (no license file foun
 
Error - 8/27/2011 12:39:18 PM | Computer Name = charles-PC | Source = Dr.Web Engine | ID = 4044
Description = No valid SpIDer Guard license (no license file foun
 
Error - 8/28/2011 11:21:44 AM | Computer Name = charles-PC | Source = Dr.Web Engine | ID = 4044
Description = No valid SpIDer Guard license (no license file foun
 
Error - 8/28/2011 6:20:48 PM | Computer Name = charles-PC | Source = Dr.Web Engine | ID = 4044
Description = No valid SpIDer Guard license (no license file foun
 
Error - 9/1/2011 5:48:33 PM | Computer Name = charles-PC | Source = Dr.Web Engine | ID = 4044
Description = No valid SpIDer Guard license (no license file foun
 
Error - 9/3/2011 1:11:49 PM | Computer Name = charles-PC | Source = Dr.Web Engine | ID = 4044
Description = No valid SpIDer Guard license (no license file foun
 
Error - 9/4/2011 9:58:39 PM | Computer Name = charles-PC | Source = Dr.Web Engine | ID = 4044
Description = No valid SpIDer Guard license (no license file foun
 
Error - 9/7/2011 1:18:50 PM | Computer Name = charles-PC | Source = Dr.Web Engine | ID = 4044
Description = No valid SpIDer Guard license (no license file foun
 
Error - 9/10/2011 6:30:54 PM | Computer Name = charles-PC | Source = Dr.Web Engine | ID = 2021
Description = Failed to remove object FF7FDA193305F0FBB912AF94BE54DDAB9626CBE6AC309107A6AD0089B5CC639D
 because of Access is deni
 
Error - 9/25/2011 10:36:03 PM | Computer Name = charles-PC | Source = Dr.Web Engine | ID = 9002
Description = Dr.Web Scanning Engine Monitor detected Scanning Engine unrecoverable
 error.      Dr.Web Scanning Engine Monitor unsubscribed from SpIDer Guard events.      Process:
 1656    Thread: 3260      Exception: 0xc0000005    Flags: 0x00000000    Address: 0x0011ef
 
[ System Events ]
Error - 12/21/2010 7:08:37 PM | Computer Name = charles-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12/21/2010 7:13:05 PM | Computer Name = charles-PC | Source = Microsoft-Windows-Eventlog | ID = 30
Description = 
 
Error - 12/21/2010 8:11:53 PM | Computer Name = charles-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.68 for the Network Card with network
 address 001CBFA6790D has been denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 12/22/2010 1:14:19 AM | Computer Name = charles-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
 address 001CBFA6790D has been denied by the DHCP server 192.168.1.254 (The DHCP
 Server sent a DHCPNACK message).
 
Error - 12/22/2010 12:31:53 PM | Computer Name = charles-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 12/22/2010 12:35:07 PM | Computer Name = charles-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 12/22/2010 12:36:20 PM | Computer Name = charles-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12/22/2010 12:36:56 PM | Computer Name = charles-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 12/25/2010 11:14:37 AM | Computer Name = charles-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 12/25/2010 11:15:57 AM | Computer Name = charles-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
User avatar
cdmccreary
Member+
 
Posts: 32
Joined: August 9th, 2010, 6:57 pm

Re: Vista on Gateway

Unread postby askey127 » November 2nd, 2011, 4:24 pm

cdmccreary,
If you are still with me, let me apologize for the delay.
Our town got zapped with a large snowstorm that wiped out power and my ISP.
Could not get a message out or in.
-----------------------------------------
Check hard Drive for Errors
Open Notepad... then copy and paste the following line into Notepad:
(Notepad is in Start, Programs, Accessories)
Code: Select all
cmd  /c  chkdsk  c:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"

Now Save the NotePad file like this:
  • Click on File from the top menu bar.
  • Select Save As, use Filename: testhd.bat and Save As Type: All Files.
  • Choose Desktop as the location
  • Click Save.
Right click on testhd.bat on your desktop and select Run As Administrator to run it. OK the UAC.
A Command Prompt box will pop up, then close after a couple minutes.
Please post the contents of the checkhd.txt file from your desktop.
If the file is very long, just copy and paste the LAST 20 or 30 lines into your reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Vista on Gateway

Unread postby cdmccreary » November 6th, 2011, 10:40 pm

Code: Select all
The type of the file system is NTFS.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
  665 large file records processed.                            

  0 bad file records processed.                              

  0 EA records processed.                                    

  108 reparse records processed.                               

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.

Errors found.  CHKDSK cannot continue in read-only mode.
User avatar
cdmccreary
Member+
 
Posts: 32
Joined: August 9th, 2010, 6:57 pm

Re: Vista on Gateway

Unread postby askey127 » November 7th, 2011, 7:22 am

cdmcreary,
-----------------------------------------------------------
Hard Disk Repair
IF Chkdsk has found any errors having to do with bad sectors in your file system, or if it reports that it cannot continue in Read-Only Mode, it needs to run a different sequence on reboot to do repairs. It can't repair the file system while Windows is running.
DO NOT START THIS SEQUENCE UNLESS YOU CAN DO WITHOUT THE MACHINE FOR AN HOUR OR TWO. It may not take very long , but could, depending on the number of files and folders.
It will not relinquish control until it is done. You cannot stop it, and it would be a BIG mistake to pull the plug.

  1. Open Notepad... then copy and paste the following into Notepad:
    Code: Select all
    cmd  /c  chkdsk  c: /F
  2. Now Save the NotePad file like this:
    • Click on File from the top menu bar.
    • Select Save As, use Filename: fixhd.bat. and Save As Type: All Files.
    • Choose Desktop as the location
    • Click Save.
  3. Right click on fixhd.bat on your desktop and select Run As Administrator to run it.
  4. You will get a message that the volume is locked, with a request to do the repair on Reboot. Answer Y
  5. Click Continue at the UAC prompt.
Go to Start, Turn Off Computer and choose Reboot
It will scan again when it boots up and make the repairs as the first part of the reboot process.
-----------------------------------------------------------
Check Hard Disk For Errors
Once the computer boots up again, please delete your original file Checkhd.txt If it's present on your Desktop.
Right click on testhd.bat on your desktop and select Run As Administrator to run it.
Click Continue at the UAC prompt.
A Command Prompt box will pop up, then close after a couple minutes.
Please post the contents of the new checkhd.txt file from your desktop.
If it's very long just post the last 30-50 lines.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Vista on Gateway

Unread postby cdmccreary » November 10th, 2011, 11:19 am

Code: Select all
The type of the file system is NTFS.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
  655 large file records processed.                            

  0 bad file records processed.                              

  0 EA records processed.                                    

  108 reparse records processed.                               

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
  0 unindexed files processed.                               

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
  45645 data files processed.                                    

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

 232315964 KB total disk space.
 192629940 KB in 410111 files.
    185052 KB in 45646 indexes.
         0 KB in bad sectors.
    586572 KB in use by the system.
     65536 KB occupied by the log file.
  38914400 KB available on disk.

      4096 bytes in each allocation unit.
  58078991 total allocation units on disk.
   9728600 allocation units available on disk.


It did not make sense to me why it took so long to scan. It was not running it before boot. Maybe it had to do with Ubuntu and Grub loader.

Ok. It was not scanning but I guess stuck. I had to boot with F8 and bring up restore tools before I could get to a command prompt to actually run chkdsk.

It found problems and fixed them.

Trying to run TDSKiller now.

Found nothing.

Code: Select all
18:04:10.0103 4264	TDSS rootkit removing tool 2.6.17.0 Nov  9 2011 16:48:26
18:04:12.0116 4264	============================================================
18:04:12.0116 4264	Current date / time: 2011/11/10 18:04:12.0116
18:04:12.0116 4264	SystemInfo:
18:04:12.0116 4264	
18:04:12.0116 4264	OS Version: 6.0.6001 ServicePack: 1.0
18:04:12.0116 4264	Product type: Workstation
18:04:12.0116 4264	ComputerName: CHARLES-PC
18:04:12.0116 4264	UserName: charles
18:04:12.0116 4264	Windows directory: C:\Windows
18:04:12.0116 4264	System windows directory: C:\Windows
18:04:12.0116 4264	Processor architecture: Intel x86
18:04:12.0116 4264	Number of processors: 2
18:04:12.0116 4264	Page size: 0x1000
18:04:12.0116 4264	Boot type: Normal boot
18:04:12.0116 4264	============================================================
18:04:12.0615 4264	Initialize success
18:04:28.0480 3220	============================================================
18:04:28.0480 3220	Scan started
18:04:28.0480 3220	Mode: Manual; 
18:04:28.0480 3220	============================================================
18:04:29.0369 3220	ac97intc        (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
18:04:29.0369 3220	ac97intc - ok
18:04:29.0775 3220	ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
18:04:29.0775 3220	ACPI - ok
18:04:30.0477 3220	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
18:04:30.0493 3220	adp94xx - ok
18:04:31.0179 3220	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
18:04:31.0195 3220	adpahci - ok
18:04:31.0475 3220	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
18:04:31.0507 3220	adpu160m - ok
18:04:31.0756 3220	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
18:04:31.0756 3220	adpu320 - ok
18:04:32.0131 3220	AFD             (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
18:04:32.0131 3220	AFD - ok
18:04:32.0505 3220	AgereSoftModem  (a19871ae65a769c65034b4dc44c29023) C:\Windows\system32\DRIVERS\AGRSM.sys
18:04:32.0583 3220	AgereSoftModem - ok
18:04:32.0801 3220	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
18:04:32.0817 3220	agp440 - ok
18:04:32.0848 3220	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:04:32.0848 3220	aic78xx - ok
18:04:33.0004 3220	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
18:04:33.0004 3220	aliide - ok
18:04:33.0223 3220	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
18:04:33.0223 3220	amdagp - ok
18:04:33.0379 3220	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
18:04:33.0379 3220	amdide - ok
18:04:33.0644 3220	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
18:04:33.0644 3220	AmdK7 - ok
18:04:34.0018 3220	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
18:04:34.0018 3220	AmdK8 - ok
18:04:34.0252 3220	AnyDVD          (64f24088dbb1d68ee9963f66f8eb68cf) C:\Windows\system32\Drivers\AnyDVD.sys
18:04:34.0252 3220	AnyDVD - ok
18:04:34.0502 3220	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
18:04:34.0502 3220	arc - ok
18:04:34.0689 3220	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
18:04:34.0705 3220	arcsas - ok
18:04:34.0767 3220	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:04:34.0767 3220	AsyncMac - ok
18:04:34.0954 3220	atapi           (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
18:04:34.0970 3220	atapi - ok
18:04:35.0282 3220	bcm4sbxp        (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
18:04:35.0282 3220	bcm4sbxp - ok
18:04:35.0531 3220	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:04:35.0531 3220	Beep - ok
18:04:35.0797 3220	blbdrive - ok
18:04:35.0999 3220	bowser          (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
18:04:35.0999 3220	bowser - ok
18:04:36.0062 3220	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:04:36.0062 3220	BrFiltLo - ok
18:04:36.0077 3220	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:04:36.0077 3220	BrFiltUp - ok
18:04:36.0296 3220	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:04:36.0311 3220	Brserid - ok
18:04:36.0327 3220	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:04:36.0327 3220	BrSerWdm - ok
18:04:36.0343 3220	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:04:36.0343 3220	BrUsbMdm - ok
18:04:36.0358 3220	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:04:36.0358 3220	BrUsbSer - ok
18:04:36.0374 3220	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:04:36.0374 3220	BTHMODEM - ok
18:04:36.0436 3220	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:04:36.0436 3220	cdfs - ok
18:04:36.0483 3220	cdrom           (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
18:04:36.0499 3220	cdrom - ok
18:04:36.0545 3220	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
18:04:36.0545 3220	circlass - ok
18:04:36.0701 3220	CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
18:04:36.0717 3220	CLFS - ok
18:04:36.0951 3220	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:04:36.0967 3220	CmBatt - ok
18:04:37.0123 3220	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
18:04:37.0138 3220	cmdide - ok
18:04:37.0325 3220	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:04:37.0325 3220	Compbatt - ok
18:04:37.0559 3220	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
18:04:37.0559 3220	crcdisk - ok
18:04:37.0965 3220	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
18:04:37.0965 3220	Crusoe - ok
18:04:38.0371 3220	DfsC            (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
18:04:38.0371 3220	DfsC - ok
18:04:39.0041 3220	disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
18:04:39.0041 3220	disk - ok
18:04:39.0572 3220	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:04:39.0572 3220	drmkaud - ok
18:04:39.0962 3220	DRWEBAF         (b5dc0a7a807c419cdb6398a014788fc0) C:\Windows\system32\drivers\drwebaf.sys
18:04:39.0962 3220	DRWEBAF - ok
18:04:40.0196 3220	DrWebPF         (31ca09a3f6c8817e399a3c934565c8ba) C:\Windows\system32\DRIVERS\DrWebPF.sys
18:04:40.0196 3220	DrWebPF - ok
18:04:40.0336 3220	DwProt          (e736679543c307dc432c9756cb3d1340) C:\Windows\system32\drivers\dwprot.sys
18:04:40.0336 3220	DwProt - ok
18:04:40.0399 3220	DXGKrnl         (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
18:04:40.0414 3220	DXGKrnl - ok
18:04:40.0461 3220	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:04:40.0461 3220	E1G60 - ok
18:04:40.0679 3220	Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
18:04:40.0679 3220	Ecache - ok
18:04:40.0789 3220	ElbyCDIO        (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
18:04:40.0789 3220	ElbyCDIO - ok
18:04:40.0851 3220	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
18:04:40.0851 3220	elxstor - ok
18:04:41.0085 3220	exfat           (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
18:04:41.0085 3220	exfat - ok
18:04:41.0116 3220	fastfat         (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
18:04:41.0116 3220	fastfat - ok
18:04:41.0163 3220	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
18:04:41.0163 3220	fdc - ok
18:04:41.0225 3220	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:04:41.0225 3220	FileInfo - ok
18:04:41.0272 3220	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:04:41.0272 3220	Filetrace - ok
18:04:41.0475 3220	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
18:04:41.0475 3220	flpydisk - ok
18:04:41.0506 3220	FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
18:04:41.0522 3220	FltMgr - ok
18:04:41.0553 3220	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:04:41.0553 3220	Fs_Rec - ok
18:04:41.0756 3220	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
18:04:41.0756 3220	gagp30kx - ok
18:04:41.0787 3220	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:04:41.0803 3220	GEARAspiWDM - ok
18:04:42.0083 3220	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:04:42.0099 3220	HdAudAddService - ok
18:04:42.0427 3220	HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:04:42.0427 3220	HDAudBus - ok
18:04:42.0863 3220	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:04:42.0879 3220	HidBth - ok
18:04:43.0066 3220	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:04:43.0066 3220	HidIr - ok
18:04:43.0129 3220	HidUsb          (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
18:04:43.0129 3220	HidUsb - ok
18:04:43.0175 3220	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
18:04:43.0175 3220	HpCISSs - ok
18:04:43.0222 3220	HTTP            (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
18:04:43.0238 3220	HTTP - ok
18:04:43.0394 3220	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
18:04:43.0394 3220	i2omp - ok
18:04:43.0472 3220	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:04:43.0472 3220	i8042prt - ok
18:04:43.0706 3220	ialm            (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
18:04:43.0737 3220	ialm - ok
18:04:43.0799 3220	iaStor          (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
18:04:43.0799 3220	iaStor - ok
18:04:43.0862 3220	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
18:04:43.0877 3220	iaStorV - ok
18:04:44.0392 3220	igfx            (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:04:44.0517 3220	igfx - ok
18:04:44.0657 3220	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:04:44.0657 3220	iirsp - ok
18:04:44.0720 3220	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:04:44.0720 3220	intelide - ok
18:04:44.0782 3220	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:04:44.0782 3220	intelppm - ok
18:04:44.0860 3220	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:04:44.0860 3220	IpFilterDriver - ok
18:04:44.0891 3220	IpInIp - ok
18:04:44.0954 3220	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
18:04:44.0954 3220	IPMIDRV - ok
18:04:45.0032 3220	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:04:45.0032 3220	IPNAT - ok
18:04:45.0094 3220	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:04:45.0094 3220	IRENUM - ok
18:04:45.0125 3220	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
18:04:45.0125 3220	isapnp - ok
18:04:45.0188 3220	iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
18:04:45.0188 3220	iScsiPrt - ok
18:04:45.0219 3220	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:04:45.0235 3220	iteatapi - ok
18:04:45.0250 3220	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:04:45.0250 3220	iteraid - ok
18:04:45.0297 3220	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:04:45.0297 3220	kbdclass - ok
18:04:45.0359 3220	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
18:04:45.0359 3220	kbdhid - ok
18:04:45.0453 3220	KSecDD          (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
18:04:45.0484 3220	KSecDD - ok
18:04:45.0562 3220	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:04:45.0578 3220	lltdio - ok
18:04:45.0609 3220	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
18:04:45.0625 3220	LSI_FC - ok
18:04:45.0640 3220	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
18:04:45.0640 3220	LSI_SAS - ok
18:04:45.0656 3220	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
18:04:45.0656 3220	LSI_SCSI - ok
18:04:45.0734 3220	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:04:45.0734 3220	luafv - ok
18:04:45.0765 3220	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
18:04:45.0781 3220	megasas - ok
18:04:45.0843 3220	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:04:45.0859 3220	Modem - ok
18:04:45.0921 3220	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:04:45.0921 3220	monitor - ok
18:04:46.0264 3220	motmodem        (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys
18:04:46.0264 3220	motmodem - ok
18:04:46.0389 3220	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:04:46.0389 3220	mouclass - ok
18:04:46.0420 3220	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:04:46.0420 3220	mouhid - ok
18:04:46.0467 3220	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:04:46.0467 3220	MountMgr - ok
18:04:46.0514 3220	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
18:04:46.0514 3220	mpio - ok
18:04:46.0561 3220	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:04:46.0561 3220	mpsdrv - ok
18:04:46.0717 3220	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:04:46.0717 3220	Mraid35x - ok
18:04:47.0169 3220	MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
18:04:47.0169 3220	MRxDAV - ok
18:04:47.0341 3220	mrxsmb          (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:04:47.0341 3220	mrxsmb - ok
18:04:47.0403 3220	mrxsmb10        (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:04:47.0403 3220	mrxsmb10 - ok
18:04:47.0590 3220	mrxsmb20        (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:04:47.0590 3220	mrxsmb20 - ok
18:04:47.0793 3220	msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
18:04:47.0793 3220	msahci - ok
18:04:47.0824 3220	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
18:04:47.0824 3220	msdsm - ok
18:04:48.0011 3220	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:04:48.0011 3220	Msfs - ok
18:04:48.0277 3220	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:04:48.0277 3220	msisadrv - ok
18:04:48.0729 3220	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:04:48.0729 3220	MSKSSRV - ok
18:04:48.0932 3220	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:04:48.0932 3220	MSPCLOCK - ok
18:04:49.0103 3220	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:04:49.0119 3220	MSPQM - ok
18:04:49.0353 3220	MsRPC           (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
18:04:49.0353 3220	MsRPC - ok
18:04:49.0587 3220	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:04:49.0587 3220	mssmbios - ok
18:04:49.0805 3220	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:04:49.0805 3220	MSTEE - ok
18:04:50.0071 3220	Mup             (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
18:04:50.0071 3220	Mup - ok
18:04:50.0273 3220	NativeWifiP     (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
18:04:50.0273 3220	NativeWifiP - ok
18:04:50.0507 3220	NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
18:04:50.0523 3220	NDIS - ok
18:04:50.0741 3220	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:04:50.0741 3220	NdisTapi - ok
18:04:50.0897 3220	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:04:50.0897 3220	Ndisuio - ok
18:04:51.0085 3220	NdisWan         (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
18:04:51.0085 3220	NdisWan - ok
18:04:51.0272 3220	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:04:51.0272 3220	NDProxy - ok
18:04:51.0490 3220	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:04:51.0490 3220	NetBIOS - ok
18:04:51.0693 3220	netbt           (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
18:04:51.0693 3220	netbt - ok
18:04:52.0832 3220	NETw2v32        (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
18:04:52.0941 3220	NETw2v32 - ok
18:04:53.0440 3220	NETw3v32        (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
18:04:53.0534 3220	NETw3v32 - ok
18:04:54.0002 3220	NETw4v32        (cb3af516a6797b27725e3f1e73f3496c) C:\Windows\system32\DRIVERS\NETw4v32.sys
18:04:54.0064 3220	NETw4v32 - ok
18:04:54.0673 3220	NETw5v32        (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
18:04:54.0813 3220	NETw5v32 - ok
18:04:55.0172 3220	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:04:55.0172 3220	nfrd960 - ok
18:04:55.0468 3220	Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
18:04:55.0468 3220	Npfs - ok
18:04:55.0671 3220	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:04:55.0671 3220	nsiproxy - ok
18:04:55.0921 3220	Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
18:04:55.0952 3220	Ntfs - ok
18:04:56.0155 3220	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:04:56.0155 3220	ntrigdigi - ok
18:04:56.0420 3220	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:04:56.0420 3220	Null - ok
18:04:56.0607 3220	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
18:04:56.0607 3220	nvraid - ok
18:04:56.0716 3220	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
18:04:56.0716 3220	nvstor - ok
18:04:56.0935 3220	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
18:04:56.0935 3220	nv_agp - ok
18:04:57.0137 3220	NwlnkFlt - ok
18:04:57.0231 3220	NwlnkFwd - ok
18:04:57.0356 3220	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
18:04:57.0356 3220	ohci1394 - ok
18:04:57.0543 3220	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:04:57.0543 3220	Parport - ok
18:04:57.0777 3220	partmgr         (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
18:04:57.0777 3220	partmgr - ok
18:04:57.0793 3220	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:04:57.0793 3220	Parvdm - ok
18:04:57.0964 3220	pci             (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
18:04:57.0964 3220	pci - ok
18:04:58.0151 3220	pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
18:04:58.0151 3220	pciide - ok
18:04:58.0354 3220	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
18:04:58.0370 3220	pcmcia - ok
18:04:58.0573 3220	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:04:58.0588 3220	PEAUTH - ok
18:04:59.0072 3220	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:04:59.0072 3220	PptpMiniport - ok
18:04:59.0353 3220	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
18:04:59.0353 3220	Processor - ok
18:04:59.0602 3220	PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
18:04:59.0602 3220	PSched - ok
18:04:59.0789 3220	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
18:04:59.0821 3220	ql2300 - ok
18:05:00.0039 3220	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:05:00.0039 3220	ql40xx - ok
18:05:00.0164 3220	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:05:00.0179 3220	QWAVEdrv - ok
18:05:00.0211 3220	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:05:00.0211 3220	RasAcd - ok
18:05:00.0382 3220	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:05:00.0382 3220	Rasl2tp - ok
18:05:00.0460 3220	RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
18:05:00.0460 3220	RasPppoe - ok
18:05:00.0507 3220	RasSstp         (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
18:05:00.0507 3220	RasSstp - ok
18:05:00.0694 3220	rdbss           (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
18:05:00.0694 3220	rdbss - ok
18:05:00.0913 3220	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:05:00.0913 3220	RDPCDD - ok
18:05:01.0084 3220	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
18:05:01.0100 3220	rdpdr - ok
18:05:01.0303 3220	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:05:01.0303 3220	RDPENCDD - ok
18:05:01.0521 3220	RDPWD           (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
18:05:01.0521 3220	RDPWD - ok
18:05:01.0864 3220	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:05:01.0864 3220	rspndr - ok
18:05:02.0005 3220	RTL8169         (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:05:02.0005 3220	RTL8169 - ok
18:05:02.0145 3220	RTSTOR          (68180821fedebb2b373d83a2d8e4e16a) C:\Windows\system32\drivers\RTSTOR.SYS
18:05:02.0145 3220	RTSTOR - ok
18:05:02.0239 3220	SBKUPNT         (729248b54aff21e740054acebfdbcb1c) C:\Windows\system32\Drivers\SBKUPNT.SYS
18:05:02.0239 3220	SBKUPNT - ok
18:05:02.0317 3220	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:05:02.0317 3220	sbp2port - ok
18:05:02.0426 3220	sdbus           (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
18:05:02.0426 3220	sdbus - ok
18:05:02.0551 3220	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:05:02.0551 3220	secdrv - ok
18:05:02.0644 3220	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:05:02.0644 3220	Serenum - ok
18:05:02.0691 3220	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:05:02.0707 3220	Serial - ok
18:05:02.0800 3220	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:05:02.0800 3220	sermouse - ok
18:05:02.0925 3220	sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
18:05:02.0925 3220	sffdisk - ok
18:05:02.0972 3220	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
18:05:02.0972 3220	sffp_mmc - ok
18:05:03.0081 3220	sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
18:05:03.0081 3220	sffp_sd - ok
18:05:03.0081 3220	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:05:03.0081 3220	sfloppy - ok
18:05:03.0128 3220	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
18:05:03.0128 3220	sisagp - ok
18:05:03.0128 3220	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
18:05:03.0143 3220	SiSRaid2 - ok
18:05:03.0159 3220	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
18:05:03.0159 3220	SiSRaid4 - ok
18:05:03.0268 3220	Smb             (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
18:05:03.0268 3220	Smb - ok
18:05:03.0346 3220	snapman         (624f51c7c12b9aeec433a2dd9b43f90f) C:\Windows\system32\DRIVERS\snapman.sys
18:05:03.0346 3220	snapman - ok
18:05:03.0409 3220	SpiderG3        (d64eb5fbc0733a3be16c73ef86ab0f5b) C:\Windows\system32\drivers\spiderg3.sys
18:05:03.0409 3220	SpiderG3 - ok
18:05:03.0471 3220	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:05:03.0471 3220	spldr - ok
18:05:03.0533 3220	srv             (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
18:05:03.0533 3220	srv - ok
18:05:03.0643 3220	srv2            (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
18:05:03.0643 3220	srv2 - ok
18:05:03.0736 3220	srvnet          (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
18:05:03.0736 3220	srvnet - ok
18:05:03.0830 3220	STHDA           (513f70b6a184fe3765f679c5c64ea9e5) C:\Windows\system32\drivers\stwrt.sys
18:05:03.0845 3220	STHDA - ok
18:05:03.0908 3220	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:05:03.0908 3220	swenum - ok
18:05:03.0970 3220	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:05:03.0970 3220	Symc8xx - ok
18:05:04.0064 3220	SymIMMP - ok
18:05:04.0126 3220	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:05:04.0142 3220	Sym_hi - ok
18:05:04.0220 3220	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:05:04.0267 3220	Sym_u3 - ok
18:05:04.0345 3220	SynTP           (21470bf105b96ded47e99e1ee7495e8f) C:\Windows\system32\DRIVERS\SynTP.sys
18:05:04.0345 3220	SynTP - ok
18:05:04.0454 3220	Tcpip           (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
18:05:04.0485 3220	Tcpip - ok
18:05:04.0547 3220	Tcpip6          (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
18:05:04.0563 3220	Tcpip6 - ok
18:05:04.0625 3220	tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
18:05:04.0625 3220	tcpipreg - ok
18:05:04.0735 3220	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:05:04.0750 3220	TDPIPE - ok
18:05:04.0828 3220	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:05:04.0828 3220	TDTCP - ok
18:05:04.0922 3220	tdx             (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
18:05:04.0969 3220	tdx - ok
18:05:05.0047 3220	TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
18:05:05.0047 3220	TermDD - ok
18:05:05.0593 3220	timounter       (1dcf219ec8de87c99b5ad6216000f6d3) C:\Windows\system32\DRIVERS\timntr.sys
18:05:05.0608 3220	timounter - ok
18:05:06.0045 3220	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:05:06.0045 3220	tssecsrv - ok
18:05:06.0560 3220	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:05:06.0560 3220	tunmp - ok
18:05:07.0184 3220	tunnel          (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
18:05:07.0184 3220	tunnel - ok
18:05:07.0730 3220	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
18:05:07.0745 3220	uagp35 - ok
18:05:08.0260 3220	udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
18:05:08.0260 3220	udfs - ok
18:05:08.0713 3220	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
18:05:08.0713 3220	uliagpkx - ok
18:05:08.0915 3220	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
18:05:08.0947 3220	uliahci - ok
18:05:09.0836 3220	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:05:09.0836 3220	UlSata - ok
18:05:10.0600 3220	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:05:10.0600 3220	ulsata2 - ok
18:05:11.0146 3220	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:05:11.0146 3220	umbus - ok
18:05:11.0614 3220	USB28xxBGA      (622ec135224892a42a65a4b5aa75b436) C:\Windows\system32\DRIVERS\emBDA.sys
18:05:11.0630 3220	USB28xxBGA - ok
18:05:11.0817 3220	USB28xxOEM      (62c94d5a9667567985d250769fb46f6b) C:\Windows\system32\DRIVERS\emOEM.sys
18:05:11.0817 3220	USB28xxOEM - ok
18:05:12.0051 3220	USBAU           (b81125ae6314ad151fcb24f3192ee1a9) C:\Windows\system32\drivers\CM102.sys
18:05:12.0207 3220	USBAU - ok
18:05:12.0987 3220	usbaudio        (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
18:05:12.0987 3220	usbaudio - ok
18:05:13.0393 3220	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:05:13.0408 3220	usbccgp - ok
18:05:13.0954 3220	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:05:13.0954 3220	usbcir - ok
18:05:14.0453 3220	usbehci         (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
18:05:14.0453 3220	usbehci - ok
18:05:14.0859 3220	usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
18:05:14.0859 3220	usbhub - ok
18:05:15.0046 3220	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:05:15.0046 3220	usbohci - ok
18:05:15.0389 3220	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:05:15.0389 3220	usbprint - ok
18:05:15.0733 3220	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:05:15.0733 3220	usbscan - ok
18:05:15.0857 3220	USBSTOR         (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:05:15.0857 3220	USBSTOR - ok
18:05:15.0889 3220	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:05:15.0904 3220	usbuhci - ok
18:05:15.0935 3220	VBoxNetAdp      (bf69f5c6ecaf24ca5ff0d9394baad7b9) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
18:05:15.0935 3220	VBoxNetAdp - ok
18:05:15.0998 3220	VBoxNetFlt      (c75785cb32f683924088040904cb544d) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
18:05:15.0998 3220	VBoxNetFlt - ok
18:05:16.0123 3220	VClone          (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
18:05:16.0123 3220	VClone - ok
18:05:16.0154 3220	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
18:05:16.0154 3220	vga - ok
18:05:16.0201 3220	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:05:16.0201 3220	VgaSave - ok
18:05:16.0216 3220	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
18:05:16.0216 3220	viaagp - ok
18:05:16.0232 3220	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
18:05:16.0232 3220	ViaC7 - ok
18:05:16.0247 3220	viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
18:05:16.0247 3220	viaide - ok
18:05:16.0403 3220	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:05:16.0419 3220	volmgr - ok
18:05:16.0591 3220	volmgrx         (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
18:05:16.0606 3220	volmgrx - ok
18:05:16.0762 3220	volsnap         (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
18:05:16.0762 3220	volsnap - ok
18:05:16.0918 3220	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
18:05:16.0918 3220	vsmraid - ok
18:05:16.0965 3220	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:05:16.0965 3220	WacomPen - ok
18:05:17.0027 3220	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:05:17.0027 3220	Wanarp - ok
18:05:17.0043 3220	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:05:17.0059 3220	Wanarpv6 - ok
18:05:17.0121 3220	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
18:05:17.0121 3220	Wd - ok
18:05:17.0215 3220	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:05:17.0215 3220	Wdf01000 - ok
18:05:17.0402 3220	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:05:17.0402 3220	WmiAcpi - ok
18:05:17.0573 3220	WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
18:05:17.0573 3220	WpdUsb - ok
18:05:17.0683 3220	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:05:17.0683 3220	ws2ifsl - ok
18:05:17.0807 3220	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:05:17.0807 3220	WUDFRd - ok
18:05:18.0166 3220	XwpNTrdr        (c69e6f4705ba19944ce4f6e244838251) C:\Windows\system32\Drivers\xwpfsw2k.sys
18:05:18.0166 3220	XwpNTrdr - ok
18:05:18.0868 3220	MBR (0x1B8)     (0c78574a07f55fe7587e1608dfe01302) \Device\Harddisk0\DR0
18:05:18.0868 3220	\Device\Harddisk0\DR0 - ok
18:05:18.0946 3220	Boot (0x1200)   (880bb4aea1e0f3b1e2f872824a42614e) \Device\Harddisk0\DR0\Partition0
18:05:18.0946 3220	\Device\Harddisk0\DR0\Partition0 - ok
18:05:19.0040 3220	Boot (0x1200)   (f2715a9a69f3335b0bb86df4718301e1) \Device\Harddisk0\DR0\Partition1
18:05:19.0040 3220	\Device\Harddisk0\DR0\Partition1 - ok
18:05:19.0118 3220	============================================================
18:05:19.0118 3220	Scan finished
18:05:19.0118 3220	============================================================
18:05:19.0118 4712	Detected object count: 0
18:05:19.0118 4712	Actual detected object count: 0
User avatar
cdmccreary
Member+
 
Posts: 32
Joined: August 9th, 2010, 6:57 pm

Re: Vista on Gateway

Unread postby askey127 » November 14th, 2011, 8:23 am

cdmccreary,
I don't see anything, but I'm still suspicious that you may have a recent, difficult-to-detect rootkit.
Our tools may not respond properly in all cases with the different bootloader.
-----------------------------------------------
Run aswMBR
Download aswMBR.exe and save to your desktop.
Double click on aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click "save log". Save it to your desktop and post the contents in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Vista on Gateway

Unread postby askey127 » November 18th, 2011, 5:21 pm

Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 341 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware