1
Tech Clinic / USB Port Infected
« on: March 01, 2014, 03:16:15 PM »Thanks so much! You\'re a star! All done 
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
Tech Clinic / USB Port Infected
« on: March 01, 2014, 03:01:22 PM »I\'ve removed Combofix and OTL, all running smooth now 
Thank you very much for all your help! Truly appreciate it!
3
Tech Clinic / USB Port Infected
« on: March 01, 2014, 02:51:03 PM »Great, I\'ll do that now.
Another small query, we recently had our hard drive changed and for some reason the person who worked on it changed our PC name to Compag! It\'s a small thing but the misspelling bothers me, how do I change the name?
4
Tech Clinic / USB Port Infected
« on: March 01, 2014, 02:28:26 PM »Thank you so much for your help, all thumbdrives seem clean Have formatted them again now. Below is the OTL log -
OTL logfile created on: 3/2/2014 12:49:08 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\\Users\\compag\\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.75 Gb Total Physical Memory | 0.59 Gb Available Physical Memory | 33.92% Memory free
3.49 Gb Paging File | 1.91 Gb Available in Paging File | 54.67% Paging File free
Paging file location(s): ?:\\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files
Drive C: | 97.56 Gb Total Space | 66.65 Gb Free Space | 68.32% Space Free | Partition Type: NTFS
Drive D: | 146.48 Gb Total Space | 145.17 Gb Free Space | 99.10% Space Free | Partition Type: NTFS
Drive E: | 221.62 Gb Total Space | 166.43 Gb Free Space | 75.10% Space Free | Partition Type: NTFS
Computer Name: COMPAG-PC | User Name: compag | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/03/01 20:41:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\compag\\Desktop\\OTL.exe
PRC - [2014/02/22 23:10:58 | 000,064,384 | ---- | M] (Google) -- C:\\Users\\compag\\AppData\\Local\\Google\\Google Talk Plugin\\googletalkplugin.exe
PRC - [2014/02/21 00:55:39 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\\Windows\\System32\\Macromed\\Flash\\FlashPlayerPlugin_12_0_0_70.exe
PRC - [2014/02/14 12:37:35 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\\Program Files\\Mozilla Firefox\\firefox.exe
PRC - [2014/01/11 03:07:53 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\taskhost.exe
PRC - [2014/01/07 03:07:38 | 005,625,624 | ---- | M] (SUPERAntiSpyware) -- C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe
PRC - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- C:\\Program Files\\Microsoft Security Client\\NisSrv.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\\Program Files\\Microsoft Security Client\\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\\Program Files\\Microsoft Security Client\\msseces.exe
PRC - [2013/10/11 04:24:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\\Program Files\\SUPERAntiSpyware\\SASCore.exe
PRC - [2013/09/03 19:23:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamscheduler.exe
PRC - [2010/11/20 17:47:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\explorer.exe
PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\\Windows\\System32\\atieclxx.exe
PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\\Windows\\System32\\atiesrxx.exe
========== Modules (No Company Name) ==========
MOD - [2014/02/21 00:55:36 | 016,265,096 | ---- | M] () -- C:\\Windows\\System32\\Macromed\\Flash\\NPSWF32_12_0_0_70.dll
MOD - [2014/02/14 12:36:57 | 003,578,992 | ---- | M] () -- C:\\Program Files\\Mozilla Firefox\\mozjs.dll
MOD - [2014/02/06 00:52:52 | 000,073,544 | ---- | M] () -- C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\zlib1.dll
MOD - [2014/02/06 00:52:32 | 001,044,808 | ---- | M] () -- C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\libxml2.dll
========== Services (SafeList) ==========
SRV - [2014/02/21 00:55:40 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\\Windows\\System32\\Macromed\\Flash\\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/14 12:37:34 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\\Program Files\\Mozilla Maintenance Service\\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/06 15:17:18 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\System32\\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/01/09 03:03:40 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\System32\\Wat\\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\\Program Files\\Microsoft Security Client\\NisSrv.exe -- (NisSrv)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\\Program Files\\Microsoft Security Client\\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/10/11 04:24:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\\Program Files\\SUPERAntiSpyware\\SASCore.exe -- (!SASCORE)
SRV - [2013/09/03 19:23:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/27 10:27:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/10 18:57:18 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\\Program Files\\Skype\\Updater\\Updater.exe -- (SkypeUpdate)
SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\\Windows\\System32\\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/14 06:46:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\System32\\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\System32\\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\System32\\PeerDistSvc.dll -- (PeerDistSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\\Users\\compag\\AppData\\Local\\Temp\\catchme.sys -- (catchme)
DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 21:57:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\\Program Files\\SUPERAntiSpyware\\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 03:25:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\\Program Files\\SUPERAntiSpyware\\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 18:00:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\\Windows\\System32\\drivers\\vmbus.sys -- (vmbus)
DRV - [2010/11/20 18:00:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\\Windows\\System32\\drivers\\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 18:00:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\storvsc.sys -- (storvsc)
DRV - [2010/11/20 15:54:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 15:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\winusb.sys -- (WinUsb)
DRV - [2010/11/20 14:44:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 14:44:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\vms3cap.sys -- (s3cap)
DRV - [2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\atikmdag.sys -- (atikmdag)
DRV - [2009/07/14 05:15:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\serial.sys -- (Serial)
DRV - [2009/07/14 03:43:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 03:32:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\yk62x86.sys -- (yukonw7)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache_TIMESTAMP = 16 D5 19 57 49 0E CF 01 [binary data]
IE - HKCU\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0
IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyOverride\" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found
FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF32_12_0_0_70.dll ()
FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=: File not found
FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=1.0: C:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll ()
FF - HKLM\\Software\\MozillaPlugins\\@EDVR/WebClient: C:\\windows\\system32\\WebClient\\npwebclient.dll (Google)
FF - HKLM\\Software\\MozillaPlugins\\@google.com/npPicasa3,version=3.0.0: C:\\Program Files\\Google\\Picasa3\\npPicasa3.dll (Google, Inc.)
FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\\Software\\MozillaPlugins\\@videolan.org/vlc,version=2.1.2: C:\\Program Files\\VideoLAN\\VLC\\npvlc.dll (VideoLAN)
FF - HKLM\\Software\\MozillaPlugins\\Adobe Reader: C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\\Software\\MozillaPlugins\\@talk.google.com/GoogleTalkPlugin: C:\\Users\\compag\\AppData\\Roaming\\Mozilla\\plugins\\npgoogletalk.dll (Google)
FF - HKCU\\Software\\MozillaPlugins\\@talk.google.com/O1DPlugin: C:\\Users\\compag\\AppData\\Roaming\\Mozilla\\plugins\\npo1d.dll (Google)
FF - HKCU\\Software\\MozillaPlugins\\@talk.google.com/O3DPlugin: C:\\Users\\compag\\AppData\\Roaming\\Mozilla\\plugins\\npgtpo3dautoplugin.dll ()
FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Users\\compag\\AppData\\Local\\Google\\Update\\1.3.22.5\\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Users\\compag\\AppData\\Local\\Google\\Update\\1.3.22.5\\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 27.0.1\\extensions\\\\Components: C:\\Program Files\\Mozilla Firefox\\components
FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 27.0.1\\extensions\\\\Plugins: C:\\Program Files\\Mozilla Firefox\\plugins
FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 27.0.1\\extensions\\\\Components: C:\\Program Files\\Mozilla Firefox\\components
FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 27.0.1\\extensions\\\\Plugins: C:\\Program Files\\Mozilla Firefox\\plugins
[2014/01/07 23:36:22 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\compag\\AppData\\Roaming\\mozilla\\Extensions
[2014/02/14 12:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files\\Mozilla Firefox\\browser\\extensions
[2014/02/14 12:37:36 | 000,000,000 | ---D | M] (Default) -- C:\\Program Files\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/\'>http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\Application\\33.0.1750.117\\PepperFlash\\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\Application\\33.0.1750.117\\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\Application\\33.0.1750.117\\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.dll
CHR - plugin: Picasa (Enabled) = C:\\Program Files\\Google\\Picasa3\\npPicasa3.dll
CHR - Extension: Entanglement Web App = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aciahcmjmecflokailenpkdchphgkefd\\3.4.9_0\\
CHR - Extension: Google Docs = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.5_0\\
CHR - Extension: Google Drive = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\6.3_0\\
CHR - Extension: YouTube = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.6_0\\
CHR - Extension: Google Search = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.20_0\\
CHR - Extension: Poppit = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\mcbkbpnkkkipelfledbfocopglifcfmi\\2.2_0\\
CHR - Extension: Google Wallet = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\0.0.6.1_0\\
CHR - Extension: Gmail = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\7_0\\
O1 HOSTS File: ([2009/06/11 03:09:37 | 000,000,824 | ---- | M]) - C:\\Windows\\System32\\drivers\\etc\\hosts
O4 - HKLM..\\Run: [APSDaemon] C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\\Run: [MSC] C:\\Program Files\\Microsoft Security Client\\msseces.exe (Microsoft Corporation)
O4 - HKCU..\\Run: [SUPERAntiSpyware] C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - HKCU..\\Run: [uTorrent] C:\\Users\\compag\\AppData\\Roaming\\uTorrent\\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions present
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDrives = 0
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel present
O7 - HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\\Windows\\System32\\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\\Catalog_Entries\\000000000006 [] - C:\\Program Files\\Bonjour\\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 192.168.5.1
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{B2885AC2-8378-4262-AEDD-2365DCA7CC4E}: DhcpNameServer = 192.168.5.1
O18 - Protocol\\Handler\\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\Program Files\\Common Files\\Skype\\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\System32\\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\\Windows\\System32\\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\\..comfile [open] -- \"%1\" %*
O35 - HKLM\\..exefile [open] -- \"%1\" %*
O37 - HKLM\\...com [@ = ComFile] -- \"%1\" %*
O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*
O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/03/02 00:22:51 | 000,000,000 | ---D | C] -- C:\\_OTL
[2014/03/01 23:37:39 | 000,000,000 | ---D | C] -- C:\\Windows\\temp
[2014/03/01 23:37:12 | 000,000,000 | -HSD | C] -- C:\\$RECYCLE.BIN
[2014/03/01 23:27:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\\Windows\\SWREG.exe
[2014/03/01 23:27:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\\Windows\\SWSC.exe
[2014/03/01 23:27:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\\Windows\\NIRCMD.exe
[2014/03/01 23:26:41 | 000,000,000 | ---D | C] -- C:\\Qoobox
[2014/03/01 23:26:11 | 000,000,000 | ---D | C] -- C:\\Windows\\erdnt
[2014/03/01 23:23:31 | 005,185,084 | R--- | C] (Swearware) -- C:\\Users\\compag\\Desktop\\ComboFix.exe
[2014/03/01 20:41:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Users\\compag\\Desktop\\OTL.exe
[2014/03/01 14:27:35 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\HiJackThis
[2014/03/01 14:27:31 | 000,000,000 | ---D | C] -- C:\\Program Files\\Trend Micro
[2014/03/01 14:03:57 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\AppData\\Roaming\\SUPERAntiSpyware.com
[2014/03/01 14:03:23 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SUPERAntiSpyware
[2014/03/01 14:03:18 | 000,000,000 | ---D | C] -- C:\\ProgramData\\SUPERAntiSpyware.com
[2014/03/01 14:03:18 | 000,000,000 | ---D | C] -- C:\\Program Files\\SUPERAntiSpyware
[2014/02/27 14:03:36 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\AppData\\Roaming\\VanToM Folder
[2014/02/24 15:11:38 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\AppData\\Roaming\\Malwarebytes
[2014/02/24 15:11:24 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Malwarebytes\' Anti-Malware
[2014/02/24 15:11:19 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Malwarebytes
[2014/02/24 15:11:15 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\\Windows\\System32\\drivers\\mbam.sys
[2014/02/24 15:11:15 | 000,000,000 | ---D | C] -- C:\\Program Files\\Malwarebytes\' Anti-Malware
[2014/02/24 15:10:54 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\AppData\\Local\\Programs
[2014/02/22 13:29:33 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\iTunes
[2014/02/22 13:27:35 | 000,000,000 | ---D | C] -- C:\\Program Files\\iPod
[2014/02/22 13:27:33 | 000,000,000 | ---D | C] -- C:\\Program Files\\iTunes
[2014/02/22 13:27:33 | 000,000,000 | ---D | C] -- C:\\ProgramData\\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/02/20 12:26:34 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\Desktop\\Coins
[2014/02/14 12:36:45 | 000,000,000 | ---D | C] -- C:\\Program Files\\Mozilla Firefox
[2014/02/13 11:09:07 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\Desktop\\Pics
[2014/02/13 03:02:57 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieui.dll
[2014/02/13 03:02:56 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\mshtml.tlb
[2014/02/13 03:02:56 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ie4uinit.exe
[2014/02/13 03:02:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieetwcollectorres.dll
[2014/02/13 03:02:55 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\jsproxy.dll
[2014/02/13 03:02:54 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\msrating.dll
[2014/02/13 03:02:54 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\iesetup.dll
[2014/02/13 03:02:54 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\iernonce.dll
[2014/02/13 03:02:53 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\jscript9diag.dll
[2014/02/13 03:02:53 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieUnatt.exe
[2014/02/13 03:02:53 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieetwcollector.exe
[2014/02/13 03:02:53 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieetwproxystub.dll
[2014/02/13 03:02:52 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieapfltr.dll
[2014/02/13 03:02:52 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\msfeeds.dll
[2014/02/13 03:02:48 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\inetcpl.cpl
[2014/02/13 03:02:43 | 004,244,480 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\jscript9.dll
[2014/02/12 14:16:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\msxml3r.dll
[2014/02/12 14:16:23 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\d2d1.dll
[2014/02/12 14:16:23 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\d3d10warp.dll
[2014/02/03 15:34:23 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\Desktop\\Transcription
[2014/02/03 15:32:29 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\Desktop\\PS Invoices
[2014/02/03 15:21:36 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\Desktop\\SD Card
[2014/01/31 12:44:51 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\Desktop\\Iphone Music
[2 C:\\Users\\compag\\Desktop\\*.tmp files -> C:\\Users\\compag\\Desktop\\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/03/02 00:47:38 | 000,615,360 | ---- | M] () -- C:\\Windows\\System32\\perfh009.dat
[2014/03/02 00:47:38 | 000,103,702 | ---- | M] () -- C:\\Windows\\System32\\perfc009.dat
[2014/03/02 00:29:01 | 000,000,912 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskUserS-1-5-21-1194522279-2361252024-777755393-1000UA.job
[2014/03/02 00:24:34 | 000,067,584 | --S- | M] () -- C:\\Windows\\bootstat.dat
[2014/03/02 00:24:31 | 1406,820,352 | -HS- | M] () -- C:\\hiberfil.sys
[2014/03/02 00:23:59 | 000,010,336 | -H-- | M] () -- C:\\Windows\\System32\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/02 00:23:59 | 000,010,336 | -H-- | M] () -- C:\\Windows\\System32\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/01 23:55:01 | 000,000,830 | ---- | M] () -- C:\\Windows\\tasks\\Adobe Flash Player Updater.job
[2014/03/01 23:24:20 | 005,185,084 | R--- | M] (Swearware) -- C:\\Users\\compag\\Desktop\\ComboFix.exe
[2014/03/01 23:22:36 | 000,000,512 | ---- | M] () -- C:\\Windows\\tasks\\SUPERAntiSpyware Scheduled Task 399b3e82-3ea0-4076-9ec6-540468bd563c.job
[2014/03/01 20:41:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\compag\\Desktop\\OTL.exe
[2014/03/01 16:56:48 | 000,000,512 | ---- | M] () -- C:\\Windows\\tasks\\SUPERAntiSpyware Scheduled Task 64347694-cc76-4149-b9e6-f717b7f47d8b.job
[2014/03/01 16:54:33 | 000,137,262 | ---- | M] () -- C:\\Users\\compag\\Desktop\\products-2014-03-01.csv
[2014/03/01 15:29:04 | 000,000,860 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskUserS-1-5-21-1194522279-2361252024-777755393-1000Core.job
[2014/03/01 14:27:35 | 000,002,969 | ---- | M] () -- C:\\Users\\compag\\Desktop\\HiJackThis.lnk
[2014/03/01 14:03:23 | 000,001,961 | ---- | M] () -- C:\\Users\\Public\\Desktop\\SUPERAntiSpyware Professional.lnk
[2014/02/27 12:51:54 | 018,072,752 | ---- | M] () -- C:\\Users\\compag\\Desktop\\Dr. T. Colin Campbell 2014.mp3
[2014/02/25 17:01:56 | 019,933,232 | ---- | M] () -- C:\\Users\\compag\\Desktop\\Marc David 2014.mp3
[2014/02/25 09:48:14 | 021,135,616 | ---- | M] () -- C:\\Users\\compag\\Desktop\\WSO2-Prakash Iyer-022414.WMA
[2014/02/24 15:11:24 | 000,001,067 | ---- | M] () -- C:\\Users\\Public\\Desktop\\Malwarebytes Anti-Malware.lnk
[2014/02/22 13:29:33 | 000,001,753 | ---- | M] () -- C:\\Users\\Public\\Desktop\\iTunes.lnk
[2014/02/21 01:58:22 | 000,002,372 | ---- | M] () -- C:\\Users\\compag\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk
[2014/02/21 01:58:22 | 000,002,370 | ---- | M] () -- C:\\Users\\compag\\Desktop\\Google Chrome.lnk
[2014/02/21 00:55:39 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\System32\\FlashPlayerApp.exe
[2014/02/21 00:55:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\System32\\FlashPlayerCPLApp.cpl
[2014/02/19 23:23:37 | 027,971,170 | ---- | M] () -- C:\\Users\\compag\\Desktop\\WSO2-Rajesh Kaveti-021814.WMA
[2014/02/19 19:35:23 | 012,540,910 | ---- | M] () -- C:\\Users\\compag\\Desktop\\Rep Race 2013 - Leg 2 Audio part 1.mp3
[2014/02/19 19:32:29 | 024,668,592 | ---- | M] () -- C:\\Users\\compag\\Desktop\\Paul Hawken 2014.mp3
[2014/02/12 01:35:24 | 000,012,180 | ---- | M] () -- C:\\Users\\compag\\Desktop\\test.csv
[2014/02/12 01:07:07 | 000,071,337 | ---- | M] () -- C:\\Users\\compag\\Desktop\\BS.jpg
[2014/02/12 01:06:23 | 000,061,225 | ---- | M] () -- C:\\Users\\compag\\Desktop\\PS.jpg
[2014/02/10 07:10:42 | 003,175,836 | ---- | M] () -- C:\\Users\\compag\\Desktop\\products-2014-02-09.csv
[2014/02/06 15:50:26 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\mshtml.tlb
[2014/02/06 15:49:55 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ieetwcollectorres.dll
[2014/02/06 15:31:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\iesetup.dll
[2014/02/06 15:30:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ieetwproxystub.dll
[2014/02/06 15:22:56 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\jsproxy.dll
[2014/02/06 15:22:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\iernonce.dll
[2014/02/06 15:19:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ieui.dll
[2014/02/06 15:17:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ieUnatt.exe
[2014/02/06 15:17:18 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ieetwcollector.exe
[2014/02/06 15:16:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\jscript9diag.dll
[2014/02/06 15:04:32 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ie4uinit.exe
[2014/02/06 14:55:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\msrating.dll
[2014/02/06 14:55:36 | 004,244,480 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\jscript9.dll
[2014/02/06 14:43:13 | 000,524,288 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\msfeeds.dll
[2014/02/06 14:39:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\inetcpl.cpl
[2014/02/06 14:04:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ieapfltr.dll
[2 C:\\Users\\compag\\Desktop\\*.tmp files -> C:\\Users\\compag\\Desktop\\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/03/01 23:27:10 | 000,256,000 | ---- | C] () -- C:\\Windows\\PEV.exe
[2014/03/01 23:27:10 | 000,208,896 | ---- | C] () -- C:\\Windows\\MBR.exe
[2014/03/01 23:27:10 | 000,098,816 | ---- | C] () -- C:\\Windows\\sed.exe
[2014/03/01 23:27:10 | 000,080,412 | ---- | C] () -- C:\\Windows\\grep.exe
[2014/03/01 23:27:10 | 000,068,096 | ---- | C] () -- C:\\Windows\\zip.exe
[2014/03/01 15:03:06 | 000,137,262 | ---- | C] () -- C:\\Users\\compag\\Desktop\\products-2014-03-01.csv
[2014/03/01 14:27:35 | 000,002,969 | ---- | C] () -- C:\\Users\\compag\\Desktop\\HiJackThis.lnk
[2014/03/01 14:04:30 | 000,000,512 | ---- | C] () -- C:\\Windows\\tasks\\SUPERAntiSpyware Scheduled Task 399b3e82-3ea0-4076-9ec6-540468bd563c.job
[2014/03/01 14:04:29 | 000,000,512 | ---- | C] () -- C:\\Windows\\tasks\\SUPERAntiSpyware Scheduled Task 64347694-cc76-4149-b9e6-f717b7f47d8b.job
[2014/03/01 14:03:23 | 000,001,961 | ---- | C] () -- C:\\Users\\Public\\Desktop\\SUPERAntiSpyware Professional.lnk
[2014/02/27 12:44:43 | 018,072,752 | ---- | C] () -- C:\\Users\\compag\\Desktop\\Dr. T. Colin Campbell 2014.mp3
[2014/02/25 17:01:15 | 019,933,232 | ---- | C] () -- C:\\Users\\compag\\Desktop\\Marc David 2014.mp3
[2014/02/25 09:47:45 | 021,135,616 | ---- | C] () -- C:\\Users\\compag\\Desktop\\WSO2-Prakash Iyer-022414.WMA
[2014/02/24 15:11:24 | 000,001,067 | ---- | C] () -- C:\\Users\\Public\\Desktop\\Malwarebytes Anti-Malware.lnk
[2014/02/22 13:29:33 | 000,001,753 | ---- | C] () -- C:\\Users\\Public\\Desktop\\iTunes.lnk
[2014/02/19 23:19:14 | 027,971,170 | ---- | C] () -- C:\\Users\\compag\\Desktop\\WSO2-Rajesh Kaveti-021814.WMA
[2014/02/19 19:35:02 | 012,540,910 | ---- | C] () -- C:\\Users\\compag\\Desktop\\Rep Race 2013 - Leg 2 Audio part 1.mp3
[2014/02/19 19:31:37 | 024,668,592 | ---- | C] () -- C:\\Users\\compag\\Desktop\\Paul Hawken 2014.mp3
[2014/02/12 01:07:07 | 000,071,337 | ---- | C] () -- C:\\Users\\compag\\Desktop\\BS.jpg
[2014/02/12 01:06:23 | 000,061,225 | ---- | C] () -- C:\\Users\\compag\\Desktop\\PS.jpg
[2014/02/10 04:26:57 | 000,012,180 | ---- | C] () -- C:\\Users\\compag\\Desktop\\test.csv
[2014/02/10 03:33:54 | 003,175,836 | ---- | C] () -- C:\\Users\\compag\\Desktop\\products-2014-02-09.csv
[2014/01/09 14:16:33 | 000,066,048 | ---- | C] () -- C:\\Windows\\System32\\PrintBrmUi.exe
[2014/01/07 23:39:19 | 000,000,083 | ---- | C] () -- C:\\Windows\\K7TSUsrInfo.dat
[2013/12/31 06:34:05 | 000,000,000 | ---- | C] () -- C:\\Windows\\ativpsrm.bin
========== ZeroAccess Check ==========
[2009/07/14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\\Windows\\assembly\\Desktop.ini
[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]
[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32]
[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]
\"\" = %SystemRoot%\\system32\\shell32.dll -- [2013/07/26 07:25:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
\"ThreadingModel\" = Apartment
[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32]
\"\" = %systemroot%\\system32\\wbem\\fastprox.dll -- [2010/11/20 17:49:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
\"ThreadingModel\" = Free
[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32]
\"\" = %systemroot%\\system32\\wbem\\wbemess.dll -- [2009/07/14 06:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
\"ThreadingModel\" = Both
< End of report >
5
Tech Clinic / USB Port Infected
« on: March 01, 2014, 01:57:29 PM »Done! Here is the log -
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\\\MICROS~1 not found.
C:\\Users\\compag\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MICROS~1.VBS moved successfully.
========== REGISTRY ==========
Registry value HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\\\SPReview deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\\Users\\compag\\Desktop\\cmd.bat deleted successfully.
C:\\Users\\compag\\Desktop\\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYJAVA]
User: All Users
User: compag
User: Default
User: Default User
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: All Users
User: compag
->Flash cache emptied: 19080 bytes
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: compag
->Temp folder emptied: 91177 bytes
->Temporary Internet Files folder emptied: 19494703 bytes
->FireFox cache emptied: 136574638 bytes
->Google Chrome cache emptied: 42053408 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\\System32 .tmp files removed: 0 bytes
%systemroot%\\System32\\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1850 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 189.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03022014_002251
Files\\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
6
Tech Clinic / USB Port Infected
« on: March 01, 2014, 01:11:14 PM »Here is the log for Combofix -
ComboFix 14-02-24.02 - compag 03/01/2014 23:28:40.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1789.763 [GMT 5.5:30]
Running from: c:\\users\\compag\\Desktop\\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-02-01 to 2014-03-01 )))))))))))))))))))))))))))))))
.
.
2014-03-01 18:05 . 2014-03-01 18:05 -------- d-----w- c:\\users\\Default\\AppData\\Local\\temp
2014-03-01 08:57 . 2014-03-01 08:57 388096 ----a-r- c:\\users\\compag\\AppData\\Roaming\\Microsoft\\Installer\\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\\HiJackThis.exe
2014-03-01 08:57 . 2014-03-01 08:57 -------- d-----w- c:\\program files\\Trend Micro
2014-03-01 08:33 . 2014-03-01 08:33 -------- d-----w- c:\\users\\compag\\AppData\\Roaming\\SUPERAntiSpyware.com
2014-03-01 08:33 . 2014-03-01 08:33 -------- d-----w- c:\\program files\\SUPERAntiSpyware
2014-03-01 08:33 . 2014-03-01 08:33 -------- d-----w- c:\\programdata\\SUPERAntiSpyware.com
2014-02-28 12:55 . 2014-02-20 20:26 765968 ----a-w- c:\\programdata\\Microsoft\\Microsoft Antimalware\\Definition Updates\\{2F983C2E-FF27-4557-9E0D-AFDE24EFFC59}\\gapaengine.dll
2014-02-28 12:55 . 2014-02-06 07:08 7947048 ----a-w- c:\\programdata\\Microsoft\\Microsoft Antimalware\\Definition Updates\\{B103AF87-1A32-430A-A085-B3E2AC69D2BC}\\mpengine.dll
2014-02-27 08:33 . 2014-03-01 11:26 -------- d-----w- c:\\users\\compag\\AppData\\Roaming\\VanToM Folder
2014-02-27 05:25 . 2014-02-06 07:08 7947048 ----a-w- c:\\programdata\\Microsoft\\Microsoft Antimalware\\Definition Updates\\Backup\\mpengine.dll
2014-02-24 09:41 . 2014-02-24 09:41 -------- d-----w- c:\\users\\compag\\AppData\\Roaming\\Malwarebytes
2014-02-24 09:41 . 2014-02-24 09:41 -------- d-----w- c:\\programdata\\Malwarebytes
2014-02-24 09:41 . 2014-02-24 09:41 -------- d-----w- c:\\program files\\Malwarebytes\' Anti-Malware
2014-02-24 09:41 . 2013-04-04 09:20 22856 ----a-w- c:\\windows\\system32\\drivers\\mbam.sys
2014-02-24 09:40 . 2014-02-24 09:40 -------- d-----w- c:\\users\\compag\\AppData\\Local\\Programs
2014-02-22 07:57 . 2014-02-22 07:57 -------- d-----w- c:\\program files\\iPod
2014-02-22 07:57 . 2014-02-22 07:59 -------- d-----w- c:\\programdata\\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-22 07:57 . 2014-02-22 07:59 -------- d-----w- c:\\program files\\iTunes
2014-02-21 17:26 . 2013-09-25 15:52 163840 --sha-w- c:\\users\\compag\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MICROS~1.VBS
2014-02-12 08:46 . 2013-12-06 02:02 2048 ----a-w- c:\\windows\\system32\\msxml3r.dll
2014-02-12 08:46 . 2013-12-06 02:02 1237504 ----a-w- c:\\windows\\system32\\msxml3.dll
2014-02-12 08:46 . 2013-12-24 23:09 1987584 ----a-w- c:\\windows\\system32\\d3d10warp.dll
2014-02-12 08:46 . 2013-11-26 08:16 3419136 ----a-w- c:\\windows\\system32\\d2d1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-20 20:26 . 2014-01-23 18:59 765968 ----a-w- c:\\programdata\\Microsoft\\Microsoft Antimalware\\Definition Updates\\NISBackup\\gapaengine.dll
2014-02-20 19:25 . 2014-01-08 08:04 71048 ----a-w- c:\\windows\\system32\\FlashPlayerCPLApp.cpl
2014-02-20 19:25 . 2014-01-08 08:04 692616 ----a-w- c:\\windows\\system32\\FlashPlayerApp.exe
2014-01-19 07:32 . 2014-01-07 18:20 231584 ------w- c:\\windows\\system32\\MpSigStub.exe
2014-01-10 22:56 . 2014-01-10 22:56 646144 ----a-w- c:\\windows\\system32\\MsSpellCheckingFacility.exe
2014-01-10 22:56 . 2014-01-10 22:56 71680 ----a-w- c:\\windows\\system32\\RegisterIEPKEYs.exe
2014-01-10 22:56 . 2014-01-10 22:56 645120 ----a-w- c:\\windows\\system32\\jsIntl.dll
2014-01-10 22:56 . 2014-01-10 22:56 194048 ----a-w- c:\\windows\\system32\\elshyph.dll
2014-01-10 22:56 . 2014-01-10 22:56 182272 ----a-w- c:\\windows\\system32\\msls31.dll
2014-01-10 22:56 . 2014-01-10 22:56 62464 ----a-w- c:\\windows\\system32\\tdc.ocx
2014-01-10 22:56 . 2014-01-10 22:56 34816 ----a-w- c:\\windows\\system32\\JavaScriptCollectionAgent.dll
2014-01-10 22:56 . 2014-01-10 22:56 337408 ----a-w- c:\\windows\\system32\\html.iec
2014-01-10 22:56 . 2014-01-10 22:56 1051136 ----a-w- c:\\windows\\system32\\mshtmlmedia.dll
2014-01-10 22:56 . 2014-01-10 22:56 24576 ----a-w- c:\\windows\\system32\\licmgr10.dll
2014-01-10 22:56 . 2014-01-10 22:56 151552 ----a-w- c:\\windows\\system32\\iexpress.exe
2014-01-10 22:56 . 2014-01-10 22:56 139264 ----a-w- c:\\windows\\system32\\wextract.exe
2014-01-10 22:56 . 2014-01-10 22:56 61952 ----a-w- c:\\windows\\system32\\MshtmlDac.dll
2014-01-10 22:56 . 2014-01-10 22:56 36352 ----a-w- c:\\windows\\system32\\imgutil.dll
2014-01-10 22:56 . 2014-01-10 22:56 13312 ----a-w- c:\\windows\\system32\\mshta.exe
2014-01-10 22:56 . 2014-01-10 22:56 111616 ----a-w- c:\\windows\\system32\\IEAdvpack.dll
2014-01-10 22:56 . 2014-01-10 22:56 86016 ----a-w- c:\\windows\\system32\\iesysprep.dll
2014-01-10 22:56 . 2014-01-10 22:56 74240 ----a-w- c:\\windows\\system32\\SetIEInstalledDate.exe
2014-01-10 22:56 . 2014-01-10 22:56 48640 ----a-w- c:\\windows\\system32\\mshtmler.dll
2014-01-10 22:55 . 2014-01-10 22:55 640512 ----a-w- c:\\windows\\system32\\advapi32.dll
2014-01-10 22:55 . 2014-01-10 22:55 619520 ----a-w- c:\\windows\\system32\\tdh.dll
2014-01-10 22:55 . 2014-01-10 22:55 3969472 ----a-w- c:\\windows\\system32\\ntkrnlpa.exe
2014-01-10 22:55 . 2014-01-10 22:55 3914176 ----a-w- c:\\windows\\system32\\ntoskrnl.exe
2014-01-10 22:55 . 2014-01-10 22:55 1289096 ----a-w- c:\\windows\\system32\\ntdll.dll
2014-01-10 22:55 . 2014-01-10 22:55 338944 ----a-w- c:\\windows\\system32\\drivers\\afd.sys
2014-01-10 22:55 . 2014-01-10 22:55 231424 ----a-w- c:\\windows\\system32\\mswsock.dll
2014-01-10 22:55 . 2014-01-10 22:55 1294272 ----a-w- c:\\windows\\system32\\drivers\\tcpip.sys
2014-01-10 21:37 . 2014-01-10 21:37 49152 ----a-w- c:\\windows\\system32\\taskhost.exe
2014-01-10 21:36 . 2014-01-10 21:36 9728 ---ha-w- c:\\windows\\system32\\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-10 21:36 . 2014-01-10 21:36 5632 ---ha-w- c:\\windows\\system32\\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-01-10 21:36 . 2014-01-10 21:36 5632 ---ha-w- c:\\windows\\system32\\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-01-10 21:36 . 2014-01-10 21:36 417792 ----a-w- c:\\windows\\system32\\WMPhoto.dll
2014-01-10 21:36 . 2014-01-10 21:36 4096 ---ha-w- c:\\windows\\system32\\api-ms-win-downlevel-user32-l1-1-0.dll
2014-01-10 21:36 . 2014-01-10 21:36 364544 ----a-w- c:\\windows\\system32\\XpsGdiConverter.dll
2014-01-10 21:36 . 2014-01-10 21:36 3584 ---ha-w- c:\\windows\\system32\\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-01-10 21:36 . 2014-01-10 21:36 3072 ---ha-w- c:\\windows\\system32\\api-ms-win-downlevel-version-l1-1-0.dll
2014-01-10 21:36 . 2014-01-10 21:36 3072 ---ha-w- c:\\windows\\system32\\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-01-10 21:36 . 2014-01-10 21:36 2560 ---ha-w- c:\\windows\\system32\\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-01-10 21:36 . 2014-01-10 21:36 2284544 ----a-w- c:\\windows\\system32\\msmpeg2vdec.dll
2014-01-10 21:36 . 2014-01-10 21:36 1158144 ----a-w- c:\\windows\\system32\\XpsPrint.dll
2014-01-10 21:36 . 2014-01-10 21:36 10752 ---ha-w- c:\\windows\\system32\\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-01-10 21:36 . 2014-01-10 21:36 906240 ----a-w- c:\\windows\\system32\\FntCache.dll
2014-01-10 21:36 . 2014-01-10 21:36 604160 ----a-w- c:\\windows\\system32\\d3d10level9.dll
2014-01-10 21:36 . 2014-01-10 21:36 293376 ----a-w- c:\\windows\\system32\\dxgi.dll
2014-01-10 21:36 . 2014-01-10 21:36 249856 ----a-w- c:\\windows\\system32\\d3d10_1core.dll
2014-01-10 21:36 . 2014-01-10 21:36 220160 ----a-w- c:\\windows\\system32\\d3d10core.dll
2014-01-10 21:36 . 2014-01-10 21:36 207872 ----a-w- c:\\windows\\system32\\WindowsCodecsExt.dll
2014-01-10 21:36 . 2014-01-10 21:36 187392 ----a-w- c:\\windows\\system32\\UIAnimation.dll
2014-01-10 21:36 . 2014-01-10 21:36 161792 ----a-w- c:\\windows\\system32\\d3d10_1.dll
2014-01-10 21:36 . 2014-01-10 21:36 1247744 ----a-w- c:\\windows\\system32\\DWrite.dll
2014-01-10 21:36 . 2014-01-10 21:36 1230336 ----a-w- c:\\windows\\system32\\WindowsCodecs.dll
2014-01-10 21:36 . 2014-01-10 21:36 1080832 ----a-w- c:\\windows\\system32\\d3d10.dll
2014-01-10 21:34 . 2014-01-10 21:34 1505280 ----a-w- c:\\windows\\system32\\d3d11.dll
2014-01-09 23:24 . 2009-07-14 02:05 152576 ----a-w- c:\\windows\\system32\\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Skype\"=\"c:\\program files\\Skype\\Phone\\Skype.exe\" [2012-09-10 17984688]
\"uTorrent\"=\"c:\\users\\compag\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" [2014-01-25 905296]
\"SUPERAntiSpyware\"=\"c:\\program files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe\" [2014-01-06 5625624]
.
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Adobe ARM\"=\"c:\\program files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\" [2013-04-04 958576]
\"APSDaemon\"=\"c:\\program files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\" [2014-02-05 43848]
\"MSC\"=\"c:\\program files\\Microsoft Security Client\\msseces.exe\" [2013-10-23 948440]
\"GrooveMonitor\"=\"c:\\program files\\Microsoft Office\\Office12\\GrooveMonitor.exe\" [2009-02-26 30040]
\"iTunesHelper\"=\"c:\\program files\\iTunes\\iTunesHelper.exe\" [2014-02-06 152392]
.
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce]
\"SPReview\"=\"c:\\windows\\System32\\SPReview\\SPReview.exe\" [2014-01-09 280576]
.
c:\\users\\compag\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\
MICROS~1.VBS [2013-9-25 163840]
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\policies\\system]
\"ConsentPromptBehaviorAdmin\"= 5 (0x5)
\"ConsentPromptBehaviorUser\"= 3 (0x3)
\"EnableUIADesktopToggle\"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"aux\"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\!SASCORE]
@=\"\"
.
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\MsMpSvc]
@=\"Service\"
.
R2 MBAMScheduler;MBAMScheduler;c:\\program files\\Malwarebytes\' Anti-Malware\\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\\program files\\Malwarebytes\' Anti-Malware\\mbamservice.exe [2013-04-04 701512]
R2 SkypeUpdate;Skype Updater;c:\\program files\\Skype\\Updater\\Updater.exe [2012-09-10 160944]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\\windows\\system32\\IEEtwCollector.exe [2014-02-06 108032]
R3 MBAMProtector;MBAMProtector;c:\\windows\\system32\\drivers\\mbam.sys [2013-04-04 22856]
R3 NisDrv;Microsoft Network Inspection System;c:\\windows\\system32\\DRIVERS\\NisDrvWFP.sys [2013-09-27 104768]
R3 NisSrv;Microsoft Network Inspection;c:\\program files\\Microsoft Security Client\\NisSrv.exe [2013-10-23 280288]
R3 TsUsbFlt;TsUsbFlt;c:\\windows\\system32\\drivers\\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\\windows\\system32\\Wat\\WatAdminSvc.exe [2014-01-08 1343400]
S1 SASDIFSV;SASDIFSV;c:\\program files\\SUPERAntiSpyware\\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\\program files\\SUPERAntiSpyware\\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\\program files\\SUPERAntiSpyware\\SASCORE.EXE [2013-10-10 120088]
S2 AMD External Events Utility;AMD External Events Utility;c:\\windows\\system32\\atiesrxx.exe [2009-08-17 176128]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\\windows\\system32\\DRIVERS\\yk62x86.sys [2009-07-13 311296]
.
.
Contents of the \'Scheduled Tasks\' folder
.
2014-03-01 c:\\windows\\Tasks\\Adobe Flash Player Updater.job
- c:\\windows\\system32\\Macromed\\Flash\\FlashPlayerUpdateService.exe [2014-01-08 19:25]
.
2014-03-01 c:\\windows\\Tasks\\GoogleUpdateTaskUserS-1-5-21-1194522279-2361252024-777755393-1000Core.job
- c:\\users\\compag\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe [2014-01-01 15:47]
.
2014-03-01 c:\\windows\\Tasks\\GoogleUpdateTaskUserS-1-5-21-1194522279-2361252024-777755393-1000UA.job
- c:\\users\\compag\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe [2014-01-01 15:47]
.
2014-03-01 c:\\windows\\Tasks\\SUPERAntiSpyware Scheduled Task 399b3e82-3ea0-4076-9ec6-540468bd563c.job
- c:\\program files\\SUPERAntiSpyware\\SASTask.exe [2013-11-07 20:08]
.
2014-03-01 c:\\windows\\Tasks\\SUPERAntiSpyware Scheduled Task 64347694-cc76-4149-b9e6-f717b7f47d8b.job
- c:\\program files\\SUPERAntiSpyware\\SASTask.exe [2013-11-07 20:08]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\\windows\\system32\\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\\progra~1\\MICROS~1\\Office12\\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.5.1
FF - ProfilePath - c:\\users\\compag\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\03l3bb40.default\\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class\\{4D36E96D-E325-11CE-BFC1-08002BE10318}\\0000\\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
\"BlindDial\"=dword:00000000
\"MSCurrentCountry\"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\PCW\\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-01 23:37:37
ComboFix-quarantined-files.txt 2014-03-01 18:07
.
Pre-Run: 71,545,450,496 bytes free
Post-Run: 71,281,000,448 bytes free
.
- - End Of File - - 4645659EA234C5C9C31AB41395204861
A36C5E4F47E84449FF07ED3517B43A31
Thank you again!
7
Tech Clinic / USB Port Infected
« on: March 01, 2014, 10:28:41 AM »Here is the Extras.txt -
OTL Extras logfile created on: 3/1/2014 8:43:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\\Users\\compag\\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.75 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 63.88% Memory free
3.49 Gb Paging File | 2.45 Gb Available in Paging File | 70.17% Paging File free
Paging file location(s): ?:\\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files
Drive C: | 97.56 Gb Total Space | 64.21 Gb Free Space | 65.81% Space Free | Partition Type: NTFS
Drive D: | 146.48 Gb Total Space | 145.17 Gb Free Space | 99.10% Space Free | Partition Type: NTFS
Drive E: | 221.62 Gb Total Space | 157.67 Gb Free Space | 71.15% Space Free | Partition Type: NTFS
Computer Name: COMPAG-PC | User Name: compag | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<extension>]
.cpl [@ = cplfile] -- C:\\Windows\\System32\\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\\Windows\\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<key>\\shell\\[command]\\command]
batfile [open] -- \"%1\" %*
cmdfile [open] -- \"%1\" %*
comfile [open] -- \"%1\" %*
cplfile [cplopen] -- %SystemRoot%\\System32\\control.exe \"%1\",%* (Microsoft Corporation)
exefile [open] -- \"%1\" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\\System32\\InfDefaultInstall.exe \"%1\" (Microsoft Corporation)
piffile [open] -- \"%1\" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- \"%1\"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- \"%1\" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\\system32\\rundll32.exe %SystemRoot%\\system32\\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- \"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --playlist-enqueue \"%1\" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd \"%V\" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- \"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --no-playlist-enqueue \"%1\" (VideoLAN)
Folder [open] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]
\"cval\" = 1
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring]
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc]
\"VistaSp1\" = Reg Error: Unknown registry data type -- File not found
\"AntiVirusOverride\" = 0
\"AntiSpywareOverride\" = 0
\"FirewallOverride\" = 0
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc\\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile]
\"DisableNotifications\" = 0
\"EnableFirewall\" = 1
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile]
\"DisableNotifications\" = 0
\"EnableFirewall\" = 1
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\PublicProfile]
\"DisableNotifications\" = 0
\"EnableFirewall\" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules]
\"{228F7DC2-BDC7-4D52-B2B8-60BB7FD2FCA3}\" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\\system32\\svchost.exe |
\"{2D8CBFDA-A206-42DE-9234-13DC5620E6BA}\" = rport=139 | protocol=6 | dir=out | app=system |
\"{3F7584A4-5FFD-4409-B5E5-A3F0D2F419B7}\" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\\system32\\svchost.exe |
\"{4701C308-BD98-4B3E-882E-DEE6A3CFF121}\" = lport=10243 | protocol=6 | dir=in | app=system |
\"{4B377148-A720-47A5-AB12-B06B2719AEAE}\" = lport=6004 | protocol=17 | dir=in | app=c:\\program files\\microsoft office\\office12\\outlook.exe |
\"{4E73AA51-69ED-422E-A890-6C18A7D58A1D}\" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
\"{5C44EE20-6093-41FF-B867-16E7D69438B0}\" = lport=137 | protocol=17 | dir=in | app=system |
\"{6FD5F47D-F6BA-4DF6-BF3D-F7A09B8FA970}\" = lport=139 | protocol=6 | dir=in | app=system |
\"{788CC156-56C9-4956-B422-1BA5B5B28E51}\" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\\system32\\svchost.exe |
\"{8E0CFC3E-A0EC-4FBC-B049-EABE8B840C3B}\" = rport=137 | protocol=17 | dir=out | app=system |
\"{94F17EF3-364A-451F-8AB9-BD9BA2BD16E5}\" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\\system32\\svchost.exe |
\"{96CF727D-5907-49B7-BFEC-555F15EA68E2}\" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\\system32\\svchost.exe |
\"{999EB99F-FFED-4BB4-AAFA-D02EEB0C4A31}\" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\\system32\\spoolsv.exe |
\"{A96BB7E1-2CB7-4DAF-A567-DC8CB1F5452D}\" = lport=445 | protocol=6 | dir=in | app=system |
\"{B67C1643-BB15-43BE-BEB7-748EBC6E8F41}\" = lport=2869 | protocol=6 | dir=in | app=system |
\"{B988D69A-FA66-48B6-B763-956BEADBA1EB}\" = rport=138 | protocol=17 | dir=out | app=system |
\"{C5CE5616-6C01-40EA-9C52-4C992C687ECA}\" = rport=445 | protocol=6 | dir=out | app=system |
\"{C7C7EBFD-6F54-4163-8AD6-C823190583C8}\" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\\system32\\svchost.exe |
\"{CCCB0DF8-F969-4296-ABC5-C1D75DC6628A}\" = lport=138 | protocol=17 | dir=in | app=system |
\"{D43C9FBF-0DA7-45C1-BC3F-B1D0615D8BB9}\" = rport=10243 | protocol=6 | dir=out | app=system |
\"{DE308684-AA92-45A0-BA40-B5244EDF8348}\" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\\system32\\svchost.exe |
\"{E38EC2F6-66BE-4DF6-B6D2-3B92731F0BE4}\" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\\system32\\svchost.exe |
\"{E7AB3A98-BD16-4F8A-BA98-EE7EEB20600E}\" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\\system32\\svchost.exe |
\"{F74409AA-3774-41A1-8F1B-6825E35D42FA}\" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\\system32\\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules]
\"{0908BB37-5FDD-4A71-9966-72CCF3714C37}\" = protocol=6 | dir=in | app=c:\\program files\\microsoft office\\office12\\onenote.exe |
\"{10EA36A8-9A5C-409E-9D5D-843DD8BC9783}\" = protocol=17 | dir=in | app=c:\\users\\compag\\appdata\\local\\google\\google talk plugin\\googletalkplugin.exe |
\"{15B0C77C-84F6-4950-8936-DF9D66DE5C96}\" = protocol=6 | dir=in | app=c:\\users\\compag\\appdata\\local\\google\\google talk plugin\\googletalkplugin.exe |
\"{1B2B38AD-71F6-4C0A-936C-B6AABB7103E1}\" = protocol=17 | dir=in | app=c:\\program files\\bonjour\\mdnsresponder.exe |
\"{2E353CD4-E7C1-404D-8155-E56B99DB8611}\" = protocol=6 | dir=out | app=%programfiles%\\windows media player\\wmpnetwk.exe |
\"{4909F3FD-2BF7-48A8-AF68-B1B5134E2799}\" = protocol=6 | dir=in | app=c:\\users\\compag\\appdata\\roaming\\utorrent\\utorrent.exe |
\"{4F3EB955-CA47-4550-B095-DAEAB28F7FB1}\" = protocol=6 | dir=out | app=system |
\"{57AA2A96-CC10-4BCF-B89C-62EE612A68C6}\" = protocol=58 | dir=in | [email protected],-28545 |
\"{608E8F0F-AAEA-4990-AFBB-AD76DAD9CF0F}\" = protocol=6 | dir=in | app=c:\\program files\\microsoft office\\office12\\groove.exe |
\"{60D3758F-83E1-4354-92F7-97E10BB8E395}\" = dir=in | app=c:\\program files\\skype\\phone\\skype.exe |
\"{68A66745-B2D1-41D4-9624-06C94C01675F}\" = protocol=6 | dir=in | app=%programfiles%\\windows media player\\wmpnetwk.exe |
\"{71E9C800-EF4B-4A92-B806-C63DF20E3FBD}\" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\\system32\\svchost.exe |
\"{763D3C27-E110-4353-99DC-BE08092D2C96}\" = protocol=17 | dir=in | app=%programfiles%\\windows media player\\wmplayer.exe |
\"{82D26153-3712-41EB-BAED-EC55A6732926}\" = protocol=17 | dir=in | app=c:\\users\\compag\\appdata\\roaming\\utorrent\\utorrent.exe |
\"{84226B46-AB48-4B5F-B0BD-F3A220EE088C}\" = dir=in | app=c:\\program files\\itunes\\itunes.exe |
\"{8D6135DE-1939-4029-92F3-8C22A630BD24}\" = protocol=17 | dir=in | app=c:\\program files\\microsoft office\\office12\\onenote.exe |
\"{9987FB9C-7D93-4566-9D31-B64414B3E7D7}\" = protocol=17 | dir=out | app=%programfiles%\\windows media player\\wmplayer.exe |
\"{B24877BA-6C13-4338-90AB-58A977EABE0F}\" = protocol=17 | dir=in | app=%programfiles%\\windows media player\\wmpnetwk.exe |
\"{BD6676E5-DBDF-4D41-B042-9431239C0C0F}\" = protocol=17 | dir=in | app=%programfiles%\\windows media player\\wmplayer.exe |
\"{C2613690-1C37-4825-A071-B74D53B10AFF}\" = protocol=58 | dir=out | [email protected],-28546 |
\"{C4282389-642F-46F9-A6BF-AF59EC688725}\" = protocol=1 | dir=out | [email protected],-28544 |
\"{C5B95EA3-B79F-4A85-81BD-BE21B9EB441F}\" = protocol=6 | dir=out | app=%programfiles%\\windows media player\\wmplayer.exe |
\"{D422B0AE-75EF-4F6D-A848-C789692316FB}\" = protocol=1 | dir=in | [email protected],-28543 |
\"{DB52F325-600A-4393-91C7-23BBBFEC28C7}\" = protocol=17 | dir=out | app=%programfiles%\\windows media player\\wmplayer.exe |
\"{DF76AE04-6E1A-49AE-8C23-B8C533169FD0}\" = protocol=6 | dir=in | app=c:\\program files\\bonjour\\mdnsresponder.exe |
\"{E1134135-EBC6-4DFB-93C4-C818A659309E}\" = protocol=6 | dir=out | app=%programfiles%\\windows media player\\wmplayer.exe |
\"{E1DB4CD1-6DA4-4595-8B57-151A7A824C13}\" = protocol=17 | dir=out | app=%programfiles%\\windows media player\\wmpnetwk.exe |
\"{F372E68B-6360-4D40-8A89-8CA9F8DBCCAE}\" = protocol=17 | dir=in | app=c:\\program files\\microsoft office\\office12\\groove.exe |
\"TCP Query User{9E8B81FA-3C7F-445B-B0D6-066F84F0A533}C:\\program files\\ps3 media server\\jre\\bin\\javaw.exe\" = protocol=6 | dir=in | app=c:\\program files\\ps3 media server\\jre\\bin\\javaw.exe |
\"UDP Query User{BFC7A529-E04B-4AC5-87E1-B9211277C6FB}C:\\program files\\ps3 media server\\jre\\bin\\javaw.exe\" = protocol=17 | dir=in | app=c:\\program files\\ps3 media server\\jre\\bin\\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]
\"{00A61104-74B5-4056-AD00-4397EF4FB141}\" = iCloud
\"{0CD47142-BA4F-46B0-AA92-2675864928B8}\" = Microsoft Security Client
\"{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}\" = Apple Mobile Device Support
\"{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}\" = Apple Application Support
\"{45A66726-69BC-466B-A7A4-12FCBA4883D7}\" = HiJackThis
\"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\" = Apple Software Update
\"{79155F2B-9895-49D7-8612-D92580E0DE5B}\" = Bonjour
\"{90120000-0015-0409-0000-0000000FF1CE}\" = Microsoft Office Access MUI (English) 2007
\"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}\" = Microsoft Office 2007 Service Pack 3 (SP3)
\"{90120000-0016-0409-0000-0000000FF1CE}\" = Microsoft Office Excel MUI (English) 2007
\"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}\" = Microsoft Office 2007 Service Pack 3 (SP3)
\"{90120000-0018-0409-0000-0000000FF1CE}\" = Microsoft Office PowerPoint MUI (English) 2007
\"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}\" = Microsoft Office 2007 Service Pack 3 (SP3)
\"{90120000-0019-0409-0000-0000000FF1CE}\" = Microsoft Office Publisher MUI (English) 2007
\"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}\" = Microsoft Office 2007 Service Pack 3 (SP3)
\"{90120000-001A-0409-0000-0000000FF1CE}\" = Microsoft Office Outlook MUI (English) 2007
\"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}\" = Microsoft Office 2007 Service Pack 3 (SP3)
\"{90120000-001B-0409-0000-0000000FF1CE}\" = Microsoft Office Word MUI (English) 2007
\"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}\" = Microsoft Office 2007 Service Pack 3 (SP3)
\"{90120000-001F-0409-0000-0000000FF1CE}\" = Microsoft Office Proof (English) 2007
\"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}\" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
\"{90120000-001F-040C-0000-0000000FF1CE}\" = Microsoft Office Proof (French) 2007
\"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}\" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
\"{90120000-001F-0C0A-0000-0000000FF1CE}\" = Microsoft Office Proof (Spanish) 2007
\"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}\" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
\"{90120000-002C-0409-0000-0000000FF1CE}\" = Microsoft Office Proofing (English) 2007
\"{90120000-0030-0000-0000-0000000FF1CE}\" = Microsoft Office Enterprise 2007
\"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}\" = Microsoft Office 2007 Service Pack 3 (SP3)
\"{90120000-0044-0409-0000-0000000FF1CE}\" = Microsoft Office InfoPath MUI (English) 2007
\"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}\" = Microsoft Office 2007 Service Pack 3 (SP3)
\"{90120000-006E-0409-0000-0000000FF1CE}\" = Microsoft Office Shared MUI (English) 2007
\"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}\" = Microsoft Office 2007 Service Pack 3 (SP3)
\"{90120000-00A1-0409-0000-0000000FF1CE}\" = Microsoft Office OneNote MUI (English) 2007
\"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}\" = Microsoft Office 2007 Service Pack 3 (SP3)
\"{90120000-00BA-0409-0000-0000000FF1CE}\" = Microsoft Office Groove MUI (English) 2007
\"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}\" = Microsoft Office 2007 Service Pack 3 (SP3)
\"{90120000-0114-0409-0000-0000000FF1CE}\" = Microsoft Office Groove Setup Metadata MUI (English) 2007
\"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}\" = Microsoft Office 2007 Service Pack 3 (SP3)
\"{90120000-0115-0409-0000-0000000FF1CE}\" = Microsoft Office Shared Setup Metadata MUI (English) 2007
\"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}\" = Microsoft Office 2007 Service Pack 3 (SP3)
\"{90120000-0117-0409-0000-0000000FF1CE}\" = Microsoft Office Access Setup Metadata MUI (English) 2007
\"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}\" = Microsoft Office 2007 Service Pack 3 (SP3)
\"{AC76BA86-7AD7-1033-7B44-AA1000000001}\" = Adobe Reader X (10.1.
\"{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}\" = iTunes
\"{CCE68200-4ED0-3E0A-A7F2-504897E356AB}\" = Google Talk Plugin
\"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\" = SUPERAntiSpyware
\"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\" = Skype™ 5.11
\"Adobe Flash Player Plugin\" = Adobe Flash Player 12 Plugin
\"ENTERPRISE\" = Microsoft Office Enterprise 2007
\"Malwarebytes\' Anti-Malware_is1\" = Malwarebytes Anti-Malware version 1.75.0.1300
\"Microsoft Security Client\" = Microsoft Security Essentials
\"Mozilla Firefox 27.0.1 (x86 en-US)\" = Mozilla Firefox 27.0.1 (x86 en-US)
\"MozillaMaintenanceService\" = Mozilla Maintenance Service
\"Picasa 3\" = Picasa 3
\"Pidgin\" = Pidgin
\"PS3 Media Server\" = PS3 Media Server
\"Scribe\" = Express Scribe
\"VLC media player\" = VLC media player 2.1.2
\"WavePad\" = WavePad Sound Editor
\"WebClient\" = WebClient
\"WinRAR archiver\" = WinRAR 4.01 (32-bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]
\"Google Chrome\" = Google Chrome
\"uTorrent\" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 3/1/2014 12:44:26 AM | Computer Name = compag-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9407
Error - 3/1/2014 1:11:25 AM | Computer Name = compag-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 3/1/2014 1:11:25 AM | Computer Name = compag-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1628619
Error - 3/1/2014 1:11:25 AM | Computer Name = compag-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1628619
Error - 3/1/2014 1:11:26 AM | Computer Name = compag-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 3/1/2014 1:11:26 AM | Computer Name = compag-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1629992
Error - 3/1/2014 1:11:26 AM | Computer Name = compag-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1629992
Error - 3/1/2014 1:11:29 AM | Computer Name = compag-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 3/1/2014 1:11:29 AM | Computer Name = compag-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1632956
Error - 3/1/2014 1:11:29 AM | Computer Name = compag-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1632956
[ System Events ]
Error - 2/26/2014 2:14:24 AM | Computer Name = compag-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 2/26/2014 2:14:24 AM | Computer Name = compag-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 2/26/2014 2:14:47 AM | Computer Name = compag-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 256 Processor ID: 0 The details view of this entry
contains further information.
Error - 2/26/2014 2:14:47 AM | Computer Name = compag-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 256 Processor ID: 0 The details view of this entry
contains further information.
Error - 2/26/2014 2:14:47 AM | Computer Name = compag-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 256 Processor ID: 0 The details view of this entry
contains further information.
Error - 2/26/2014 2:14:47 AM | Computer Name = compag-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 256 Processor ID: 1 The details view of this entry
contains further information.
Error - 2/26/2014 4:57:38 AM | Computer Name = compag-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:47:19 PM on ?2/?26/?2014 was unexpected.
Error - 2/26/2014 4:57:39 AM | Computer Name = COMPAG-PC | Source = BugCheck | ID = 1001
Description =
Error - 2/26/2014 4:57:35 AM | Computer Name = compag-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 2/26/2014 4:57:35 AM | Computer Name = compag-PC | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
8
Tech Clinic / USB Port Infected
« on: March 01, 2014, 10:27:25 AM »Thank you. Here is the OTL log -
OTL logfile created on: 3/1/2014 8:43:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\\Users\\compag\\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.75 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 63.88% Memory free
3.49 Gb Paging File | 2.45 Gb Available in Paging File | 70.17% Paging File free
Paging file location(s): ?:\\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files
Drive C: | 97.56 Gb Total Space | 64.21 Gb Free Space | 65.81% Space Free | Partition Type: NTFS
Drive D: | 146.48 Gb Total Space | 145.17 Gb Free Space | 99.10% Space Free | Partition Type: NTFS
Drive E: | 221.62 Gb Total Space | 157.67 Gb Free Space | 71.15% Space Free | Partition Type: NTFS
Computer Name: COMPAG-PC | User Name: compag | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/03/01 20:41:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\compag\\Desktop\\OTL.exe
PRC - [2014/01/11 03:07:53 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\taskhost.exe
PRC - [2014/01/07 03:07:38 | 005,625,624 | ---- | M] (SUPERAntiSpyware) -- C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe
PRC - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- C:\\Program Files\\Microsoft Security Client\\NisSrv.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\\Program Files\\Microsoft Security Client\\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\\Program Files\\Microsoft Security Client\\msseces.exe
PRC - [2013/10/11 04:24:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\\Program Files\\SUPERAntiSpyware\\SASCore.exe
PRC - [2013/09/03 19:23:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamscheduler.exe
PRC - [2013/02/13 10:15:28 | 000,060,216 | ---- | M] (The Pidgin developer community) -- C:\\Program Files\\Pidgin\\pidgin.exe
PRC - [2010/11/20 17:47:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\explorer.exe
PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\\Windows\\System32\\atieclxx.exe
PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\\Windows\\System32\\atiesrxx.exe
========== Modules (No Company Name) ==========
MOD - [2014/02/06 00:52:52 | 000,073,544 | ---- | M] () -- C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\zlib1.dll
MOD - [2014/02/06 00:52:32 | 001,044,808 | ---- | M] () -- C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\libxml2.dll
MOD - [2014/01/08 14:02:30 | 000,090,496 | ---- | M] () -- C:\\Program Files\\Pidgin\\Gtk\\lib\\gtk-2.0\\2.10.0\\engines\\libwimp.dll
MOD - [2014/01/08 14:02:29 | 000,279,059 | ---- | M] () -- C:\\Program Files\\Pidgin\\Gtk\\bin\\libfontconfig-1.dll
MOD - [2014/01/08 14:02:29 | 000,216,992 | ---- | M] () -- C:\\Program Files\\Pidgin\\Gtk\\bin\\libpng14-14.dll
MOD - [2014/01/08 14:02:29 | 000,100,352 | ---- | M] () -- C:\\Program Files\\Pidgin\\Gtk\\bin\\zlib1.dll
MOD - [2014/01/08 14:02:28 | 000,904,525 | ---- | M] () -- C:\\Program Files\\Pidgin\\Gtk\\bin\\libcairo-2.dll
MOD - [2014/01/08 14:02:28 | 000,553,382 | ---- | M] () -- C:\\Program Files\\Pidgin\\Gtk\\bin\\freetype6.dll
MOD - [2014/01/08 14:02:28 | 000,177,586 | ---- | M] () -- C:\\Program Files\\Pidgin\\Gtk\\bin\\libexpat-1.dll
MOD - [2013/02/13 10:15:08 | 000,069,575 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\spellchk.dll
MOD - [2013/02/13 10:15:08 | 000,044,494 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\xmppdisco.dll
MOD - [2013/02/13 10:15:08 | 000,037,191 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\xmppconsole.dll
MOD - [2013/02/13 10:15:08 | 000,032,020 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\ticker.dll
MOD - [2013/02/13 10:15:08 | 000,030,771 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\winprefs.dll
MOD - [2013/02/13 10:15:08 | 000,030,353 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\themeedit.dll
MOD - [2013/02/13 10:15:08 | 000,029,791 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\win2ktrans.dll
MOD - [2013/02/13 10:15:08 | 000,029,256 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\pidginrc.dll
MOD - [2013/02/13 10:15:08 | 000,027,811 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\ssl-nss.dll
MOD - [2013/02/13 10:15:08 | 000,023,305 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\timestamp_format.dll
MOD - [2013/02/13 10:15:08 | 000,018,399 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\timestamp.dll
MOD - [2013/02/13 10:15:08 | 000,015,978 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\statenotify.dll
MOD - [2013/02/13 10:15:08 | 000,015,429 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\relnot.dll
MOD - [2013/02/13 10:15:08 | 000,015,380 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\psychic.dll
MOD - [2013/02/13 10:15:08 | 000,015,045 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\sendbutton.dll
MOD - [2013/02/13 10:15:08 | 000,012,004 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\ssl.dll
MOD - [2013/02/13 10:15:06 | 000,415,553 | ---- | M] () -- C:\\Program Files\\Pidgin\\libjabber.dll
MOD - [2013/02/13 10:15:06 | 000,373,657 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libmsn.dll
MOD - [2013/02/13 10:15:06 | 000,310,491 | ---- | M] () -- C:\\Program Files\\Pidgin\\liboscar.dll
MOD - [2013/02/13 10:15:06 | 000,228,908 | ---- | M] () -- C:\\Program Files\\Pidgin\\libymsg.dll
MOD - [2013/02/13 10:15:06 | 000,209,619 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libgg.dll
MOD - [2013/02/13 10:15:06 | 000,171,090 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libsilc.dll
MOD - [2013/02/13 10:15:06 | 000,149,933 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libmxit.dll
MOD - [2013/02/13 10:15:06 | 000,123,540 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libnovell.dll
MOD - [2013/02/13 10:15:06 | 000,116,583 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libsametime.dll
MOD - [2013/02/13 10:15:06 | 000,106,670 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libmyspace.dll
MOD - [2013/02/13 10:15:06 | 000,105,620 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libirc.dll
MOD - [2013/02/13 10:15:06 | 000,092,874 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libbonjour.dll
MOD - [2013/02/13 10:15:06 | 000,055,758 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libsimple.dll
MOD - [2013/02/13 10:15:06 | 000,047,391 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\log_reader.dll
MOD - [2013/02/13 10:15:06 | 000,029,225 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\notify.dll
MOD - [2013/02/13 10:15:06 | 000,024,924 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\convcolors.dll
MOD - [2013/02/13 10:15:06 | 000,022,832 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libyahoo.dll
MOD - [2013/02/13 10:15:06 | 000,021,795 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\markerline.dll
MOD - [2013/02/13 10:15:06 | 000,021,337 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libxmpp.dll
MOD - [2013/02/13 10:15:06 | 000,020,997 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\autoaccept.dll
MOD - [2013/02/13 10:15:06 | 000,019,793 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libyahoojp.dll
MOD - [2013/02/13 10:15:06 | 000,019,043 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\idle.dll
MOD - [2013/02/13 10:15:06 | 000,018,882 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\history.dll
MOD - [2013/02/13 10:15:06 | 000,018,555 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\joinpart.dll
MOD - [2013/02/13 10:15:06 | 000,017,023 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\offlinemsg.dll
MOD - [2013/02/13 10:15:06 | 000,016,005 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libicq.dll
MOD - [2013/02/13 10:15:06 | 000,015,702 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\extplacement.dll
MOD - [2013/02/13 10:15:06 | 000,015,074 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libaim.dll
MOD - [2013/02/13 10:15:06 | 000,014,147 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\gtkbuddynote.dll
MOD - [2013/02/13 10:15:06 | 000,013,456 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\newline.dll
MOD - [2013/02/13 10:15:06 | 000,013,253 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\buddynote.dll
MOD - [2013/02/13 10:15:06 | 000,012,865 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\iconaway.dll
MOD - [2013/02/13 10:14:56 | 000,671,031 | ---- | M] () -- C:\\Program Files\\Pidgin\\exchndl.dll
MOD - [2013/02/13 10:14:56 | 000,028,160 | ---- | M] () -- C:\\Program Files\\Pidgin\\libssp-0.dll
MOD - [2013/02/13 10:14:54 | 000,475,580 | ---- | M] () -- C:\\Program Files\\Pidgin\\spellcheck\\libgtkspell-0.dll
MOD - [2013/02/13 10:14:00 | 000,425,984 | ---- | M] () -- C:\\Program Files\\Pidgin\\sqlite3.dll
MOD - [2013/02/13 10:13:54 | 002,097,721 | ---- | M] () -- C:\\Program Files\\Pidgin\\libsilc-1-1-2.dll
MOD - [2013/02/13 10:13:54 | 000,818,985 | ---- | M] () -- C:\\Program Files\\Pidgin\\libsilcclient-1-1-3.dll
MOD - [2013/02/13 10:13:54 | 000,152,852 | ---- | M] () -- C:\\Program Files\\Pidgin\\libmeanwhile-1.dll
MOD - [2013/02/13 10:13:46 | 001,274,655 | ---- | M] () -- C:\\Program Files\\Pidgin\\libxml2-2.dll
MOD - [2013/02/13 10:13:46 | 000,190,464 | ---- | M] () -- C:\\Program Files\\Pidgin\\libsasl.dll
MOD - [2013/02/13 10:13:46 | 000,140,288 | ---- | M] () -- C:\\Program Files\\Pidgin\\sasl2\\saslDIGESTMD5.dll
MOD - [2013/02/13 10:13:46 | 000,115,712 | ---- | M] () -- C:\\Program Files\\Pidgin\\sasl2\\saslCRAMMD5.dll
MOD - [2013/02/13 10:13:46 | 000,102,912 | ---- | M] () -- C:\\Program Files\\Pidgin\\sasl2\\saslPLAIN.dll
MOD - [2013/02/13 10:13:46 | 000,102,912 | ---- | M] () -- C:\\Program Files\\Pidgin\\sasl2\\saslLOGIN.dll
MOD - [2013/02/13 10:13:46 | 000,102,400 | ---- | M] () -- C:\\Program Files\\Pidgin\\sasl2\\saslANONYMOUS.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\\Program Files\\WinRAR\\RarExt.dll
========== Services (SafeList) ==========
SRV - [2014/02/21 00:55:40 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\\Windows\\System32\\Macromed\\Flash\\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/14 12:37:34 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\\Program Files\\Mozilla Maintenance Service\\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/06 15:17:18 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\System32\\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/01/09 03:03:40 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\System32\\Wat\\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\\Program Files\\Microsoft Security Client\\NisSrv.exe -- (NisSrv)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\\Program Files\\Microsoft Security Client\\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/10/11 04:24:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\\Program Files\\SUPERAntiSpyware\\SASCore.exe -- (!SASCORE)
SRV - [2013/09/03 19:23:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/27 10:27:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/10 18:57:18 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\\Program Files\\Skype\\Updater\\Updater.exe -- (SkypeUpdate)
SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\\Windows\\System32\\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/14 06:46:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\System32\\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\System32\\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\System32\\PeerDistSvc.dll -- (PeerDistSvc)
========== Driver Services (SafeList) ==========
DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 21:57:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\\Program Files\\SUPERAntiSpyware\\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 03:25:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\\Program Files\\SUPERAntiSpyware\\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 18:00:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\\Windows\\System32\\drivers\\vmbus.sys -- (vmbus)
DRV - [2010/11/20 18:00:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\\Windows\\System32\\drivers\\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 18:00:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\storvsc.sys -- (storvsc)
DRV - [2010/11/20 15:54:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 15:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\winusb.sys -- (WinUsb)
DRV - [2010/11/20 14:44:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 14:44:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\vms3cap.sys -- (s3cap)
DRV - [2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\atikmdag.sys -- (atikmdag)
DRV - [2009/07/14 05:15:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\serial.sys -- (Serial)
DRV - [2009/07/14 03:43:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 03:32:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\yk62x86.sys -- (yukonw7)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache = http://in.msn.com/?rd=1&ucc=IN&dcc=IN&opt=0&ocid=iehp\'>http://in.msn.com/?rd=1&ucc=IN&dcc=IN&opt=0&ocid=iehp
IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache_TIMESTAMP = 16 D5 19 57 49 0E CF 01 [binary data]
IE - HKCU\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0
IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyOverride\" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found
FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF32_12_0_0_70.dll ()
FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=: File not found
FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=1.0: C:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll ()
FF - HKLM\\Software\\MozillaPlugins\\@EDVR/WebClient: C:\\windows\\system32\\WebClient\\npwebclient.dll (Google)
FF - HKLM\\Software\\MozillaPlugins\\@google.com/npPicasa3,version=3.0.0: C:\\Program Files\\Google\\Picasa3\\npPicasa3.dll (Google, Inc.)
FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\\Software\\MozillaPlugins\\@videolan.org/vlc,version=2.1.2: C:\\Program Files\\VideoLAN\\VLC\\npvlc.dll (VideoLAN)
FF - HKLM\\Software\\MozillaPlugins\\Adobe Reader: C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\\Software\\MozillaPlugins\\@talk.google.com/GoogleTalkPlugin: C:\\Users\\compag\\AppData\\Roaming\\Mozilla\\plugins\\npgoogletalk.dll (Google)
FF - HKCU\\Software\\MozillaPlugins\\@talk.google.com/O1DPlugin: C:\\Users\\compag\\AppData\\Roaming\\Mozilla\\plugins\\npo1d.dll (Google)
FF - HKCU\\Software\\MozillaPlugins\\@talk.google.com/O3DPlugin: C:\\Users\\compag\\AppData\\Roaming\\Mozilla\\plugins\\npgtpo3dautoplugin.dll ()
FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Users\\compag\\AppData\\Local\\Google\\Update\\1.3.22.5\\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Users\\compag\\AppData\\Local\\Google\\Update\\1.3.22.5\\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 27.0.1\\extensions\\\\Components: C:\\Program Files\\Mozilla Firefox\\components
FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 27.0.1\\extensions\\\\Plugins: C:\\Program Files\\Mozilla Firefox\\plugins
FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 27.0.1\\extensions\\\\Components: C:\\Program Files\\Mozilla Firefox\\components
FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 27.0.1\\extensions\\\\Plugins: C:\\Program Files\\Mozilla Firefox\\plugins
[2014/01/07 23:36:22 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\compag\\AppData\\Roaming\\mozilla\\Extensions
[2014/02/14 12:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files\\Mozilla Firefox\\browser\\extensions
[2014/02/14 12:37:36 | 000,000,000 | ---D | M] (Default) -- C:\\Program Files\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/\'>http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\Application\\33.0.1750.117\\PepperFlash\\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\Application\\33.0.1750.117\\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\Application\\33.0.1750.117\\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.dll
CHR - plugin: Picasa (Enabled) = C:\\Program Files\\Google\\Picasa3\\npPicasa3.dll
CHR - Extension: Entanglement Web App = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aciahcmjmecflokailenpkdchphgkefd\\3.4.9_0\\
CHR - Extension: Google Docs = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.5_0\\
CHR - Extension: Google Drive = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\6.3_0\\
CHR - Extension: YouTube = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.6_0\\
CHR - Extension: Google Search = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.20_0\\
CHR - Extension: Poppit = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\mcbkbpnkkkipelfledbfocopglifcfmi\\2.2_0\\
CHR - Extension: Google Wallet = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\0.0.6.1_0\\
CHR - Extension: Gmail = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\7_0\\
O1 HOSTS File: ([2009/06/11 03:09:37 | 000,000,824 | ---- | M]) - C:\\Windows\\System32\\drivers\\etc\\hosts
O4 - HKLM..\\Run: [APSDaemon] C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\\Run: [MSC] C:\\Program Files\\Microsoft Security Client\\msseces.exe (Microsoft Corporation)
O4 - HKCU..\\Run: [MICROS~1] wscript.exe //B \"C:\\Users\\compag\\AppData\\Local\\Temp\\MICROS~1.VBS\" File not found
O4 - HKCU..\\Run: [SUPERAntiSpyware] C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - HKCU..\\Run: [uTorrent] C:\\Users\\compag\\AppData\\Roaming\\uTorrent\\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\\Users\\compag\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MICROS~1.VBS ()
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\\Windows\\System32\\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\\Catalog_Entries\\000000000006 [] - C:\\Program Files\\Bonjour\\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 192.168.5.1
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{B2885AC2-8378-4262-AEDD-2365DCA7CC4E}: DhcpNameServer = 192.168.5.1
O18 - Protocol\\Handler\\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\Program Files\\Common Files\\Skype\\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\System32\\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\\Windows\\System32\\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\\..comfile [open] -- \"%1\" %*
O35 - HKLM\\..exefile [open] -- \"%1\" %*
O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*
O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*
O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/03/01 20:41:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Users\\compag\\Desktop\\OTL.exe
[2014/03/01 14:27:35 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\HiJackThis
[2014/03/01 14:27:31 | 000,000,000 | ---D | C] -- C:\\Program Files\\Trend Micro
[2014/03/01 14:03:57 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\AppData\\Roaming\\SUPERAntiSpyware.com
[2014/03/01 14:03:23 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SUPERAntiSpyware
[2014/03/01 14:03:18 | 000,000,000 | ---D | C] -- C:\\ProgramData\\SUPERAntiSpyware.com
[2014/03/01 14:03:18 | 000,000,000 | ---D | C] -- C:\\Program Files\\SUPERAntiSpyware
[2014/02/27 14:03:36 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\AppData\\Roaming\\VanToM Folder
[2014/02/24 15:11:38 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\AppData\\Roaming\\Malwarebytes
[2014/02/24 15:11:24 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Malwarebytes\' Anti-Malware
[2014/02/24 15:11:19 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Malwarebytes
[2014/02/24 15:11:15 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\\Windows\\System32\\drivers\\mbam.sys
[2014/02/24 15:11:15 | 000,000,000 | ---D | C] -- C:\\Program Files\\Malwarebytes\' Anti-Malware
[2014/02/24 15:10:54 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\AppData\\Local\\Programs
[2014/02/22 13:29:33 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\iTunes
[2014/02/22 13:27:35 | 000,000,000 | ---D | C] -- C:\\Program Files\\iPod
[2014/02/22 13:27:33 | 000,000,000 | ---D | C] -- C:\\Program Files\\iTunes
[2014/02/22 13:27:33 | 000,000,000 | ---D | C] -- C:\\ProgramData\\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/02/20 12:26:34 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\Desktop\\Coins
[2014/02/14 12:36:45 | 000,000,000 | ---D | C] -- C:\\Program Files\\Mozilla Firefox
[2014/02/13 11:09:07 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\Desktop\\Pics
[2014/02/13 03:02:57 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieui.dll
[2014/02/13 03:02:56 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\mshtml.tlb
[2014/02/13 03:02:56 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ie4uinit.exe
[2014/02/13 03:02:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieetwcollectorres.dll
[2014/02/13 03:02:55 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\jsproxy.dll
[2014/02/13 03:02:54 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\msrating.dll
[2014/02/13 03:02:54 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\iesetup.dll
[2014/02/13 03:02:54 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\iernonce.dll
[2014/02/13 03:02:53 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\jscript9diag.dll
[2014/02/13 03:02:53 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieUnatt.exe
[2014/02/13 03:02:53 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieetwcollector.exe
[2014/02/13 03:02:53 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieetwproxystub.dll
[2014/02/13 03:02:52 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieapfltr.dll
[2014/02/13 03:02:52 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\msfeeds.dll
[2014/02/13 03:02:48 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\inetcpl.cpl
[2014/02/13 03:02:43 | 004,244,480 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\jscript9.dll
[2014/02/12 14:16:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\msxml3r.dll
[2014/02/12 14:16:23 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\d2d1.dll
[2014/02/12 14:16:23 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\d3d10warp.dll
[2014/02/03 15:34:23 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\Desktop\\Transcription
[2014/02/03 15:32:29 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\Desktop\\PS Invoices
[2014/02/03 15:21:36 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\Desktop\\SD Card
[2014/01/31 12:44:51 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\Desktop\\Iphone Music
[2 C:\\Users\\compag\\Desktop\\*.tmp files -> C:\\Users\\compag\\Desktop\\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/03/01 20:41:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\compag\\Desktop\\OTL.exe
[2014/03/01 20:29:00 | 000,000,912 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskUserS-1-5-21-1194522279-2361252024-777755393-1000UA.job
[2014/03/01 19:56:58 | 000,010,336 | -H-- | M] () -- C:\\Windows\\System32\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/01 19:56:58 | 000,010,336 | -H-- | M] () -- C:\\Windows\\System32\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/01 19:55:00 | 000,000,830 | ---- | M] () -- C:\\Windows\\tasks\\Adobe Flash Player Updater.job
[2014/03/01 17:02:06 | 000,615,360 | ---- | M] () -- C:\\Windows\\System32\\perfh009.dat
[2014/03/01 17:02:06 | 000,103,702 | ---- | M] () -- C:\\Windows\\System32\\perfc009.dat
[2014/03/01 16:56:48 | 000,000,512 | ---- | M] () -- C:\\Windows\\tasks\\SUPERAntiSpyware Scheduled Task 64347694-cc76-4149-b9e6-f717b7f47d8b.job
[2014/03/01 16:56:48 | 000,000,512 | ---- | M] () -- C:\\Windows\\tasks\\SUPERAntiSpyware Scheduled Task 399b3e82-3ea0-4076-9ec6-540468bd563c.job
[2014/03/01 16:56:37 | 000,067,584 | --S- | M] () -- C:\\Windows\\bootstat.dat
[2014/03/01 16:56:35 | 1406,820,352 | -HS- | M] () -- C:\\hiberfil.sys
[2014/03/01 16:54:33 | 000,137,262 | ---- | M] () -- C:\\Users\\compag\\Desktop\\products-2014-03-01.csv
[2014/03/01 15:29:04 | 000,000,860 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskUserS-1-5-21-1194522279-2361252024-777755393-1000Core.job
[2014/03/01 14:27:35 | 000,002,969 | ---- | M] () -- C:\\Users\\compag\\Desktop\\HiJackThis.lnk
[2014/03/01 14:03:23 | 000,001,961 | ---- | M] () -- C:\\Users\\Public\\Desktop\\SUPERAntiSpyware Professional.lnk
[2014/02/27 12:51:54 | 018,072,752 | ---- | M] () -- C:\\Users\\compag\\Desktop\\Dr. T. Colin Campbell 2014.mp3
[2014/02/25 17:01:56 | 019,933,232 | ---- | M] () -- C:\\Users\\compag\\Desktop\\Marc David 2014.mp3
[2014/02/25 09:48:14 | 021,135,616 | ---- | M] () -- C:\\Users\\compag\\Desktop\\WSO2-Prakash Iyer-022414.WMA
[2014/02/24 15:11:24 | 000,001,067 | ---- | M] () -- C:\\Users\\Public\\Desktop\\Malwarebytes Anti-Malware.lnk
[2014/02/22 13:29:33 | 000,001,753 | ---- | M] () -- C:\\Users\\Public\\Desktop\\iTunes.lnk
[2014/02/21 01:58:22 | 000,002,372 | ---- | M] () -- C:\\Users\\compag\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk
[2014/02/21 01:58:22 | 000,002,370 | ---- | M] () -- C:\\Users\\compag\\Desktop\\Google Chrome.lnk
[2014/02/21 00:55:39 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\System32\\FlashPlayerApp.exe
[2014/02/21 00:55:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\System32\\FlashPlayerCPLApp.cpl
[2014/02/19 23:23:37 | 027,971,170 | ---- | M] () -- C:\\Users\\compag\\Desktop\\WSO2-Rajesh Kaveti-021814.WMA
[2014/02/19 19:35:23 | 012,540,910 | ---- | M] () -- C:\\Users\\compag\\Desktop\\Rep Race 2013 - Leg 2 Audio part 1.mp3
[2014/02/19 19:32:29 | 024,668,592 | ---- | M] () -- C:\\Users\\compag\\Desktop\\Paul Hawken 2014.mp3
[2014/02/12 01:35:24 | 000,012,180 | ---- | M] () -- C:\\Users\\compag\\Desktop\\test.csv
[2014/02/12 01:07:07 | 000,071,337 | ---- | M] () -- C:\\Users\\compag\\Desktop\\BS.jpg
[2014/02/12 01:06:23 | 000,061,225 | ---- | M] () -- C:\\Users\\compag\\Desktop\\PS.jpg
[2014/02/10 07:10:42 | 003,175,836 | ---- | M] () -- C:\\Users\\compag\\Desktop\\products-2014-02-09.csv
[2014/02/06 15:50:26 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\mshtml.tlb
[2014/02/06 15:49:55 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ieetwcollectorres.dll
[2014/02/06 15:31:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\iesetup.dll
[2014/02/06 15:30:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ieetwproxystub.dll
[2014/02/06 15:22:56 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\jsproxy.dll
[2014/02/06 15:22:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\iernonce.dll
[2014/02/06 15:19:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ieui.dll
[2014/02/06 15:17:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ieUnatt.exe
[2014/02/06 15:17:18 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ieetwcollector.exe
[2014/02/06 15:16:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\jscript9diag.dll
[2014/02/06 15:04:32 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ie4uinit.exe
[2014/02/06 14:55:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\msrating.dll
[2014/02/06 14:55:36 | 004,244,480 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\jscript9.dll
[2014/02/06 14:43:13 | 000,524,288 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\msfeeds.dll
[2014/02/06 14:39:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\inetcpl.cpl
[2014/02/06 14:04:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ieapfltr.dll
[2 C:\\Users\\compag\\Desktop\\*.tmp files -> C:\\Users\\compag\\Desktop\\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/03/01 15:03:06 | 000,137,262 | ---- | C] () -- C:\\Users\\compag\\Desktop\\products-2014-03-01.csv
[2014/03/01 14:27:35 | 000,002,969 | ---- | C] () -- C:\\Users\\compag\\Desktop\\HiJackThis.lnk
[2014/03/01 14:04:30 | 000,000,512 | ---- | C] () -- C:\\Windows\\tasks\\SUPERAntiSpyware Scheduled Task 399b3e82-3ea0-4076-9ec6-540468bd563c.job
[2014/03/01 14:04:29 | 000,000,512 | ---- | C] () -- C:\\Windows\\tasks\\SUPERAntiSpyware Scheduled Task 64347694-cc76-4149-b9e6-f717b7f47d8b.job
[2014/03/01 14:03:23 | 000,001,961 | ---- | C] () -- C:\\Users\\Public\\Desktop\\SUPERAntiSpyware Professional.lnk
[2014/02/27 12:44:43 | 018,072,752 | ---- | C] () -- C:\\Users\\compag\\Desktop\\Dr. T. Colin Campbell 2014.mp3
[2014/02/25 17:01:15 | 019,933,232 | ---- | C] () -- C:\\Users\\compag\\Desktop\\Marc David 2014.mp3
[2014/02/25 09:47:45 | 021,135,616 | ---- | C] () -- C:\\Users\\compag\\Desktop\\WSO2-Prakash Iyer-022414.WMA
[2014/02/24 15:11:24 | 000,001,067 | ---- | C] () -- C:\\Users\\Public\\Desktop\\Malwarebytes Anti-Malware.lnk
[2014/02/22 13:29:33 | 000,001,753 | ---- | C] () -- C:\\Users\\Public\\Desktop\\iTunes.lnk
[2014/02/21 22:56:45 | 000,163,840 | -HS- | C] () -- C:\\Users\\compag\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MICROS~1.VBS
[2014/02/19 23:19:14 | 027,971,170 | ---- | C] () -- C:\\Users\\compag\\Desktop\\WSO2-Rajesh Kaveti-021814.WMA
[2014/02/19 19:35:02 | 012,540,910 | ---- | C] () -- C:\\Users\\compag\\Desktop\\Rep Race 2013 - Leg 2 Audio part 1.mp3
[2014/02/19 19:31:37 | 024,668,592 | ---- | C] () -- C:\\Users\\compag\\Desktop\\Paul Hawken 2014.mp3
[2014/02/12 01:07:07 | 000,071,337 | ---- | C] () -- C:\\Users\\compag\\Desktop\\BS.jpg
[2014/02/12 01:06:23 | 000,061,225 | ---- | C] () -- C:\\Users\\compag\\Desktop\\PS.jpg
[2014/02/10 04:26:57 | 000,012,180 | ---- | C] () -- C:\\Users\\compag\\Desktop\\test.csv
[2014/02/10 03:33:54 | 003,175,836 | ---- | C] () -- C:\\Users\\compag\\Desktop\\products-2014-02-09.csv
[2014/01/09 14:16:33 | 000,066,048 | ---- | C] () -- C:\\Windows\\System32\\PrintBrmUi.exe
[2014/01/07 23:39:19 | 000,000,083 | ---- | C] () -- C:\\Windows\\K7TSUsrInfo.dat
[2013/12/31 06:34:05 | 000,000,000 | ---- | C] () -- C:\\Windows\\ativpsrm.bin
========== ZeroAccess Check ==========
[2009/07/14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\\Windows\\assembly\\Desktop.ini
[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]
[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32]
[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]
\"\" = %SystemRoot%\\system32\\shell32.dll -- [2013/07/26 07:25:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
\"ThreadingModel\" = Apartment
[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32]
\"\" = %systemroot%\\system32\\wbem\\fastprox.dll -- [2010/11/20 17:49:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
\"ThreadingModel\" = Free
[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32]
\"\" = %systemroot%\\system32\\wbem\\wbemess.dll -- [2009/07/14 06:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
\"ThreadingModel\" = Both
< End of report >
9
Tech Clinic / USB Port Infected
« on: March 01, 2014, 04:06:57 AM »Hello,
I have a virus which began with an infected USB Drive. Now every time I plug in any USB Drive it doesn\'t work, all files have become shortcuts and none of them work. Microsoft Security Essentials has identified the virus as follows - Worm:VBS/Jenxcus!Ink It quarantines it but every time I use a USB it keeps coming back. I tried Super Antispyware but it hasn\'t identified it either. I tried to format all my USB\'s but even after formatting when I plug in the USB the virus comes back. I am not sure if any other areas of the computer are infected yet. Please help removing this!
Here is the hijack this log -
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:34:05 PM, on 3/1/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal
Running processes:
C:\\Windows\\system32\\taskhost.exe
C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamgui.exe
C:\\Windows\\system32\\Dwm.exe
C:\\Windows\\Explorer.EXE
C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe
C:\\Program Files\\Microsoft Security Client\\msseces.exe
C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe
C:\\Program Files\\iTunes\\iTunesHelper.exe
C:\\Windows\\System32\\wscript.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\Program Files\\Mozilla Firefox\\plugin-container.exe
C:\\Users\\compag\\AppData\\Local\\Google\\Google Talk Plugin\\googletalkplugin.exe
C:\\Program Files\\Mozilla Firefox\\plugin-container.exe
C:\\Windows\\system32\\Macromed\\Flash\\FlashPlayerPlugin_12_0_0_70.exe
C:\\Windows\\system32\\Macromed\\Flash\\FlashPlayerPlugin_12_0_0_70.exe
C:\\Users\\compag\\AppData\\Roaming\\VanToM Folder\\Server.exe
C:\\Windows\\system32\\wuauclt.exe
C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe
C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe
C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe
C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe
C:\\Program Files\\Trend Micro\\HiJackThis\\HiJackThis.exe
C:\\Windows\\system32\\DllHost.exe
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157\'>http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141\'>http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141\'>http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =
R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,ProxyOverride = *.local
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll
O4 - HKLM\\..\\Run: [Adobe ARM] \"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"
O4 - HKLM\\..\\Run: [APSDaemon] \"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"
O4 - HKLM\\..\\Run: [MSC] \"C:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey
O4 - HKLM\\..\\Run: [GrooveMonitor] \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\"
O4 - HKLM\\..\\Run: [iTunesHelper] \"C:\\Program Files\\iTunes\\iTunesHelper.exe\"
O4 - HKCU\\..\\Run: [Skype] \"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun
O4 - HKCU\\..\\Run: [Google Update] \"C:\\Users\\compag\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c
O4 - HKCU\\..\\Run: [uTorrent] \"C:\\Users\\compag\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED
O4 - HKCU\\..\\Run: [MICROS~1] wscript.exe //B \"C:\\Users\\compag\\AppData\\Local\\Temp\\MICROS~1.VBS\"
O4 - HKCU\\..\\Run: [Server] C:\\Users\\compag\\AppData\\Roaming\\VanToM Folder\\Server.exe
O4 - HKCU\\..\\Run: [SUPERAntiSpyware] C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe
O4 - HKUS\\S-1-5-18\\..\\RunOnce: [SPReview] \"C:\\Windows\\System32\\SPReview\\SPReview.exe\" /sp:1 /errorfwlink:\"http://go.microsoft.com/fwlink/?LinkID=122915\'>http://go.microsoft.com/fwlink/?LinkID=122915\" /build:7601 (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\RunOnce: [SPReview] \"C:\\Windows\\System32\\SPReview\\SPReview.exe\" /sp:1 /errorfwlink:\"http://go.microsoft.com/fwlink/?LinkID=122915\'>http://go.microsoft.com/fwlink/?LinkID=122915\" /build:7601 (User \'Default user\')
O4 - Startup: MICROS~1.VBS
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~1\\Office12\\ONBttnIE.dll
O9 - Extra \'Tools\' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~1\\Office12\\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~1\\Office12\\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\\Program Files\\Microsoft Office\\Office12\\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\COMMON~1\\Skype\\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\\Program Files\\SUPERAntiSpyware\\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\\Windows\\system32\\Macromed\\Flash\\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\\Windows\\system32\\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\\Program Files\\Mozilla Maintenance Service\\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\\Program Files\\Skype\\Updater\\Updater.exe
--
End of file - 6415 bytes
Thank you!
Tanya
10
Tech Clinic / Laptop not working! Guestsolo pls help!
« on: October 01, 2011, 04:32:09 AM »
Hi,
Here is the log from the OTL scan:
OTL logfile created on: 01-10-2011 13:27:50 - Run 6
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Users\Tanya\Desktop\Folders & Extras\Anti Spyware and Malware Programs
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy
2.00 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 48.25% Memory free
4.00 Gb Paging File | 3.11 Gb Available in Paging File | 77.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 176.64 Gb Total Space | 21.80 Gb Free Space | 12.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TANYA-PC
Current User Name: Tanya
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2011-07-12 11:20:50 | 00,387,944 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2011-06-15 15:16:48 | 00,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011-05-25 14:06:20 | 00,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011-04-27 15:39:26 | 00,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011-04-27 15:39:26 | 00,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011-04-20 10:50:48 | 02,848,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
PRC - [2011-04-20 10:50:46 | 00,792,976 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
PRC - [2011-04-08 12:59:52 | 00,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2010-12-10 18:30:50 | 00,086,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010-12-10 18:29:30 | 00,238,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010-10-20 11:22:24 | 00,630,272 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010-10-20 11:20:46 | 00,149,504 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010-09-21 14:03:14 | 01,710,464 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010-09-21 14:03:14 | 00,193,408 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010-09-20 23:07:44 | 00,932,288 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2010-05-11 11:16:34 | 00,140,288 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2009-11-15 01:29:58 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Tanya\Desktop\Folders & Extras\Anti Spyware and Malware Programs\OTL.exe
PRC - [2009-11-11 10:57:36 | 01,451,520 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009-10-27 18:36:16 | 01,499,136 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2009-10-27 10:15:02 | 00,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009-09-16 13:27:12 | 00,480,624 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2009-07-14 21:45:07 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2009-04-11 10:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009-04-11 10:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009-04-11 10:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009-04-11 10:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-04-11 10:27:28 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009-03-05 18:59:50 | 00,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009-03-05 18:59:50 | 00,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009-03-05 18:41:58 | 05,189,992 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009-02-18 22:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2008-02-12 15:11:18 | 00,536,576 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008-01-19 11:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008-01-19 11:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008-01-11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007-10-27 04:17:00 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007-10-23 06:18:14 | 05,733,664 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
PRC - [2007-10-05 04:02:21 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007-09-19 23:09:58 | 00,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007-09-11 00:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007-08-15 08:05:18 | 00,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007-08-15 08:05:18 | 00,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007-06-16 00:45:20 | 00,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2007-06-11 03:58:45 | 00,253,952 | ---- | M] () -- C:\Program Files\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe
PRC - [2007-06-10 04:12:18 | 00,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007-06-10 04:12:18 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007-06-10 04:12:16 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007-01-05 07:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
========== Modules (SafeList) ==========
MOD - [2010-08-31 19:43:52 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009-11-15 01:29:58 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Tanya\Desktop\Folders & Extras\Anti Spyware and Malware Programs\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2011-07-12 11:20:50 | 00,387,944 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2011-05-25 14:06:20 | 00,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011-04-27 15:39:26 | 00,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011-04-27 15:39:26 | 00,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011-04-20 10:50:46 | 00,792,976 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV - [2011-02-22 17:33:09 | 00,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010-12-10 18:30:50 | 00,086,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010-12-10 18:29:30 | 29,293,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2010-12-10 18:29:30 | 00,238,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010-12-10 18:29:30 | 00,044,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010-10-20 11:22:24 | 00,630,272 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010-09-21 14:03:14 | 01,710,464 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010-07-21 15:52:54 | 00,540,968 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009-09-16 13:27:12 | 00,480,624 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009-09-08 18:09:14 | 00,083,312 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2009-03-30 08:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-03-05 18:59:50 | 00,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009-03-05 18:59:50 | 00,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009-03-05 18:59:50 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009-03-05 18:41:58 | 05,189,992 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009-02-18 22:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009-02-18 22:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009-02-18 22:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008-11-04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008-02-19 00:32:49 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008-02-19 00:25:15 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008-01-19 11:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-01-19 11:35:27 | 00,052,736 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZIPM12.DLL -- (Pml Driver HPZ12)
SRV - [2008-01-19 11:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008-01-19 11:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2008-01-11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007-10-27 04:17:00 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007-10-05 04:02:21 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007-09-23 23:36:38 | 02,818,048 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007-09-11 00:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007-08-15 08:05:18 | 00,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007-08-09 12:51:32 | 00,499,712 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007-08-09 12:51:30 | 01,089,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP)
SRV - [2007-08-09 12:51:30 | 01,089,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2007-08-09 12:51:30 | 00,397,312 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP)
SRV - [2007-08-09 12:51:30 | 00,397,312 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2007-06-15 07:07:44 | 00,075,952 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe -- (ICScsiSV)
SRV - [2007-06-15 07:07:36 | 00,059,568 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Image Converter 3\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2007-01-11 04:51:06 | 00,745,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007-01-05 07:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006-12-14 14:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006-12-14 14:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006-12-14 13:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006-11-02 16:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006-11-02 16:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006-10-27 02:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005-11-14 13:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - [2011-10-01 11:54:32 | 00,028,752 | ---- | M] (Microsoft Corporation) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3FAA1C62-0383-42B4-A27A-798877133328}\MpKslec07154e.sys -- (MpKslec07154e)
DRV - [2011-04-27 15:25:24 | 00,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011-04-18 13:18:50 | 00,165,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2011-04-18 13:18:50 | 00,043,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010-07-30 14:16:44 | 00,008,192 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010-07-30 14:16:42 | 00,023,040 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010-07-30 14:16:38 | 00,018,048 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010-04-19 20:47:42 | 00,041,984 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009-06-17 20:58:04 | 00,005,632 | ---- | M] () -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009-05-18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009-04-11 08:42:54 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio)
DRV - [2009-04-11 08:42:54 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbser.sys -- (usbser)
DRV - [2008-08-26 10:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-07-20 17:44:44 | 00,324,120 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007-10-30 04:33:23 | 07,115,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007-10-30 04:00:32 | 00,075,008 | ---- | M] (Ricoh) -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007-10-30 04:00:32 | 00,043,904 | ---- | M] (Ricoh) -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007-10-27 04:17:08 | 00,330,240 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007-10-26 10:21:13 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007-10-10 04:03:56 | 00,017,448 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007-10-10 04:03:54 | 00,099,880 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007-10-10 04:03:54 | 00,081,448 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007-10-10 04:03:13 | 00,028,464 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2007-10-05 04:02:21 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007-10-05 04:02:18 | 00,985,600 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007-10-05 04:02:18 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2007-10-05 04:02:17 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007-10-05 04:02:17 | 00,207,360 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007-10-05 04:02:08 | 00,246,784 | ---- | M] (Marvell) -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007-09-20 01:38:18 | 00,010,216 | ---- | M] (Sony Corporation) -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007-09-19 07:29:09 | 02,222,080 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007-08-29 05:58:45 | 00,009,344 | ---- | M] (Sony Corporation) -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007-06-10 04:12:18 | 00,140,800 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007-06-06 04:00:39 | 00,812,544 | ---- | M] (Texas Instruments) -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007-05-26 12:03:06 | 00,128,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007-04-18 08:09:28 | 00,011,032 | ---- | M] (InterVideo) -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007-04-03 10:43:28 | 01,131,136 | ---- | M] (Philips Semiconductors GmbH) -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2007-01-10 03:46:25 | 00,005,120 | ---- | M] (Samsung Electronics) -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2006-11-02 13:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006-11-02 13:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006-11-02 13:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006-11-02 13:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006-11-02 13:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006-11-02 13:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006-11-02 13:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006-11-02 13:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006-11-02 13:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006-11-02 13:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006-11-02 13:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006-11-02 13:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006-11-02 13:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006-11-02 13:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006-11-02 13:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006-11-02 13:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006-11-02 13:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006-11-02 13:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006-11-02 13:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006-11-02 13:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006-11-02 13:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006-11-02 13:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006-11-02 13:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006-11-02 13:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006-11-02 13:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006-11-02 13:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006-11-02 13:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006-11-02 13:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006-11-02 13:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006-11-02 13:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006-11-02 13:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006-11-02 13:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006-11-02 13:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006-11-02 13:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006-11-02 13:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006-11-02 12:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid)
DRV - [2006-11-02 12:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006-11-02 12:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006-11-02 12:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006-11-02 12:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006-11-02 12:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006-11-02 11:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006-11-02 11:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006-11-02 11:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60)
DRV - [2006-11-02 10:37:21 | 00,020,480 | ---- | M] () -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2004-10-18 15:02:20 | 00,049,152 | ---- | M] (DeviceGuys, Inc.) -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vaio-online.sony.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.google.ae"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.95
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.22
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cc9abb2&v=6.103.018.001&i=29&tp=ab&iy=&ychte=aa&lng=en-US&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: "localhost"
FF - prefs.js..network.proxy.backup.socks_port: 9050
FF - prefs.js..network.proxy.backup.ssl: "localhost"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.ftp: "proxy1.emirates.net.ae"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy1.emirates.net.ae"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy1.emirates.net.ae"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy1.emirates.net.ae"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "proxy1.emirates.net.ae"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-09-02 17:48:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010-01-06 10:47:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-10-01 12:08:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-10-01 12:08:17 | 00,000,000 | ---D | M]
[2008-06-20 05:37:20 | 00,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\Mozilla\Extensions
[2010-06-24 23:26:40 | 00,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011-10-01 13:26:52 | 00,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\3tapd7rs.default\extensions
[2010-11-29 23:02:11 | 00,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\3tapd7rs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-09-17 21:55:37 | 00,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\3tapd7rs.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011-09-18 21:46:01 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2011-09-18 20:03:54 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008-11-10 11:35:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008-12-03 08:07:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009-08-25 02:55:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009-11-10 03:24:32 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010-04-18 23:49:51 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-10-28 22:25:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011-07-05 00:57:53 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011-09-18 20:03:44 | 00,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2011-09-18 20:03:44 | 00,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2011-05-04 04:52:23 | 00,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011-09-18 20:03:48 | 00,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2011-04-14 03:39:02 | 00,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2006-10-07 05:18:48 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2011-10-01 12:08:15 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2011-10-01 12:08:15 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2011-10-01 12:08:15 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2011-10-01 12:08:16 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2011-10-01 12:08:16 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2011-10-01 12:08:16 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2011-10-01 12:08:17 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2006-10-07 05:01:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2011-09-18 20:03:49 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2011-09-18 20:03:49 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2011-05-13 13:19:36 | 00,002,359 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2011-09-18 20:03:49 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2011-09-18 20:03:49 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2011-09-18 20:03:49 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2011-09-18 20:03:49 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2011-09-18 20:03:49 | 00,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Logan_S2P] C:\Program Files\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Tanya\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio Filter.lnk = C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe (Sony Corporation)
O4 - Startup: C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BSEGadget.lnk = C:\Program Files\BSEMktWatch\BSE Mkt Watch.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-11-03 20:23:29 | 00,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
========== Files/Folders - Created Within 30 Days ==========
[2011-10-01 13:24:36 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2011-10-01 13:24:35 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011-10-01 12:15:22 | 00,000,000 | ---D | C] -- C:\Windows\LastGood
[2011-10-01 12:07:25 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011-10-01 12:02:56 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011-10-01 11:58:41 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011-10-01 11:58:36 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2011-09-20 22:28:23 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011-09-20 22:27:59 | 00,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011-09-20 21:54:35 | 02,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011-09-20 21:54:35 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2011-09-20 21:54:33 | 01,791,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2011-09-20 21:54:32 | 00,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011-09-20 21:54:32 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011-09-20 21:54:31 | 01,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011-09-20 21:54:31 | 01,126,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2011-09-20 21:54:31 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011-09-20 21:54:29 | 09,704,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2011-09-20 21:54:29 | 01,102,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2011-09-20 21:54:29 | 00,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011-09-20 21:54:25 | 12,273,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2011-09-19 18:53:46 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011-09-19 18:53:43 | 00,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthport.sys
[2011-09-19 18:53:43 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\BTHUSB.SYS
[2011-09-19 18:53:40 | 02,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011-09-19 18:53:27 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011-09-19 18:53:17 | 00,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2011-09-19 18:53:07 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011-09-19 18:42:20 | 00,892,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2011-09-19 18:41:44 | 00,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll
[2011-09-19 01:21:01 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2011-09-19 01:20:13 | 02,322,184 | ---- | C] (ESET) -- C:\Users\Tanya\Desktop\esetsmartinstaller_enu.exe
[2011-09-19 01:13:30 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2011-09-19 01:07:56 | 00,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\temp
[2011-09-19 01:00:47 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011-09-19 00:43:47 | 00,000,000 | ---D | C] -- C:\ComboFix
[2011-09-19 00:26:30 | 00,000,000 | ---D | C] -- C:\0da76018af0c496421a87383552d
[2011-09-19 00:25:38 | 00,913,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2011-09-19 00:25:38 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys
[2011-09-18 23:28:33 | 01,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tanya\Desktop\TDSSKiller.exe
[2011-09-18 19:56:54 | 00,000,000 | ---D | C] -- C:\found.001
[2011-09-18 08:38:41 | 00,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011-09-18 08:38:41 | 00,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011-09-18 08:38:41 | 00,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011-09-18 08:37:21 | 00,000,000 | ---D | C] -- C:\Qoobox
[2011-09-18 08:36:09 | 04,217,591 | R--- | C] (Swearware) -- C:\Users\Tanya\Desktop\ComboFix.exe
[2011-09-17 23:44:45 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2 C:\Users\Tanya\Desktop\*.tmp files -> C:\Users\Tanya\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011-10-01 13:27:53 | 04,718,592 | -HS- | M] () -- C:\Users\Tanya\ntuser.dat
[2011-10-01 13:26:34 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-10-01 13:26:34 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-10-01 12:39:02 | 00,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-963744613-1606295528-1370569751-1003UA.job
[2011-10-01 12:26:32 | 00,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011-10-01 12:08:03 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011-10-01 11:58:20 | 00,001,039 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011-10-01 11:51:11 | 00,780,070 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011-10-01 11:51:11 | 00,662,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-10-01 11:51:11 | 00,130,758 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-10-01 11:44:49 | 00,108,931 | ---- | M] () -- C:\Users\Tanya\AppData\Roaming\nvModes.001
[2011-10-01 11:43:20 | 00,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011-10-01 11:43:06 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011-10-01 11:43:00 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-09-28 01:02:23 | 00,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011-09-28 01:00:26 | 00,065,536 | -HS- | M] () -- C:\Users\Tanya\ntuser.dat{1a81cb27-ab1f-11e0-9991-001e3d8820d6}.TM.blf
[2011-09-28 01:00:25 | 00,524,288 | -HS- | M] () -- C:\Users\Tanya\ntuser.dat{1a81cb27-ab1f-11e0-9991-001e3d8820d6}.TMContainer00000000000000000001.regtrans-ms
[2011-09-28 01:00:18 | 02,050,614 | -H-- | M] () -- C:\Users\Tanya\AppData\Local\IconCache.db
[2011-09-28 00:36:33 | 00,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-963744613-1606295528-1370569751-1003Core.job
[2011-09-20 22:29:40 | 00,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011-09-20 22:09:39 | 00,409,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-09-19 22:29:27 | 00,038,912 | R--- | M] () -- C:\Users\Tanya\Desktop\Tanya CV (2).doc
[2011-09-19 01:20:17 | 02,322,184 | ---- | M] (ESET) -- C:\Users\Tanya\Desktop\esetsmartinstaller_enu.exe
[2011-09-19 01:00:30 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2011-09-19 01:00:25 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011-09-19 00:01:15 | 04,217,591 | R--- | M] (Swearware) -- C:\Users\Tanya\Desktop\ComboFix.exe
[2011-09-18 23:56:38 | 00,000,000 | ---- | M] () -- C:\Users\Tanya\defogger_reenable
[2011-09-18 23:56:09 | 00,050,477 | ---- | M] () -- C:\Users\Tanya\Desktop\Defogger.exe
[2011-09-18 01:14:20 | 00,001,356 | ---- | M] ()
Here is the log from the OTL scan:
OTL logfile created on: 01-10-2011 13:27:50 - Run 6
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Users\Tanya\Desktop\Folders & Extras\Anti Spyware and Malware Programs
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy
2.00 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 48.25% Memory free
4.00 Gb Paging File | 3.11 Gb Available in Paging File | 77.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 176.64 Gb Total Space | 21.80 Gb Free Space | 12.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TANYA-PC
Current User Name: Tanya
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2011-07-12 11:20:50 | 00,387,944 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2011-06-15 15:16:48 | 00,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011-05-25 14:06:20 | 00,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011-04-27 15:39:26 | 00,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011-04-27 15:39:26 | 00,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011-04-20 10:50:48 | 02,848,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
PRC - [2011-04-20 10:50:46 | 00,792,976 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
PRC - [2011-04-08 12:59:52 | 00,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2010-12-10 18:30:50 | 00,086,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010-12-10 18:29:30 | 00,238,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010-10-20 11:22:24 | 00,630,272 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010-10-20 11:20:46 | 00,149,504 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010-09-21 14:03:14 | 01,710,464 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010-09-21 14:03:14 | 00,193,408 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010-09-20 23:07:44 | 00,932,288 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2010-05-11 11:16:34 | 00,140,288 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2009-11-15 01:29:58 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Tanya\Desktop\Folders & Extras\Anti Spyware and Malware Programs\OTL.exe
PRC - [2009-11-11 10:57:36 | 01,451,520 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009-10-27 18:36:16 | 01,499,136 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2009-10-27 10:15:02 | 00,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009-09-16 13:27:12 | 00,480,624 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2009-07-14 21:45:07 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2009-04-11 10:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009-04-11 10:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009-04-11 10:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009-04-11 10:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-04-11 10:27:28 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009-03-05 18:59:50 | 00,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009-03-05 18:59:50 | 00,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009-03-05 18:41:58 | 05,189,992 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009-02-18 22:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2008-02-12 15:11:18 | 00,536,576 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008-01-19 11:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008-01-19 11:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008-01-11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007-10-27 04:17:00 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007-10-23 06:18:14 | 05,733,664 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
PRC - [2007-10-05 04:02:21 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007-09-19 23:09:58 | 00,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007-09-11 00:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007-08-15 08:05:18 | 00,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007-08-15 08:05:18 | 00,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007-06-16 00:45:20 | 00,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2007-06-11 03:58:45 | 00,253,952 | ---- | M] () -- C:\Program Files\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe
PRC - [2007-06-10 04:12:18 | 00,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007-06-10 04:12:18 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007-06-10 04:12:16 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007-01-05 07:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
========== Modules (SafeList) ==========
MOD - [2010-08-31 19:43:52 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009-11-15 01:29:58 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Tanya\Desktop\Folders & Extras\Anti Spyware and Malware Programs\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2011-07-12 11:20:50 | 00,387,944 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2011-05-25 14:06:20 | 00,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011-04-27 15:39:26 | 00,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011-04-27 15:39:26 | 00,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011-04-20 10:50:46 | 00,792,976 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV - [2011-02-22 17:33:09 | 00,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010-12-10 18:30:50 | 00,086,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010-12-10 18:29:30 | 29,293,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2010-12-10 18:29:30 | 00,238,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010-12-10 18:29:30 | 00,044,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010-10-20 11:22:24 | 00,630,272 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010-09-21 14:03:14 | 01,710,464 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010-07-21 15:52:54 | 00,540,968 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009-09-16 13:27:12 | 00,480,624 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009-09-08 18:09:14 | 00,083,312 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2009-03-30 08:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-03-05 18:59:50 | 00,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009-03-05 18:59:50 | 00,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009-03-05 18:59:50 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009-03-05 18:41:58 | 05,189,992 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009-02-18 22:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009-02-18 22:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009-02-18 22:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008-11-04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008-02-19 00:32:49 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008-02-19 00:25:15 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008-01-19 11:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-01-19 11:35:27 | 00,052,736 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZIPM12.DLL -- (Pml Driver HPZ12)
SRV - [2008-01-19 11:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008-01-19 11:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2008-01-11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007-10-27 04:17:00 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007-10-05 04:02:21 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007-09-23 23:36:38 | 02,818,048 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007-09-11 00:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007-08-15 08:05:18 | 00,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007-08-09 12:51:32 | 00,499,712 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007-08-09 12:51:30 | 01,089,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP)
SRV - [2007-08-09 12:51:30 | 01,089,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2007-08-09 12:51:30 | 00,397,312 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP)
SRV - [2007-08-09 12:51:30 | 00,397,312 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2007-06-15 07:07:44 | 00,075,952 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe -- (ICScsiSV)
SRV - [2007-06-15 07:07:36 | 00,059,568 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Image Converter 3\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2007-01-11 04:51:06 | 00,745,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007-01-05 07:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006-12-14 14:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006-12-14 14:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006-12-14 13:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006-11-02 16:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006-11-02 16:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006-10-27 02:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005-11-14 13:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - [2011-10-01 11:54:32 | 00,028,752 | ---- | M] (Microsoft Corporation) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3FAA1C62-0383-42B4-A27A-798877133328}\MpKslec07154e.sys -- (MpKslec07154e)
DRV - [2011-04-27 15:25:24 | 00,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011-04-18 13:18:50 | 00,165,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2011-04-18 13:18:50 | 00,043,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010-07-30 14:16:44 | 00,008,192 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010-07-30 14:16:42 | 00,023,040 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010-07-30 14:16:38 | 00,018,048 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010-04-19 20:47:42 | 00,041,984 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009-06-17 20:58:04 | 00,005,632 | ---- | M] () -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009-05-18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009-04-11 08:42:54 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio)
DRV - [2009-04-11 08:42:54 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbser.sys -- (usbser)
DRV - [2008-08-26 10:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-07-20 17:44:44 | 00,324,120 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007-10-30 04:33:23 | 07,115,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007-10-30 04:00:32 | 00,075,008 | ---- | M] (Ricoh) -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007-10-30 04:00:32 | 00,043,904 | ---- | M] (Ricoh) -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007-10-27 04:17:08 | 00,330,240 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007-10-26 10:21:13 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007-10-10 04:03:56 | 00,017,448 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007-10-10 04:03:54 | 00,099,880 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007-10-10 04:03:54 | 00,081,448 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007-10-10 04:03:13 | 00,028,464 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2007-10-05 04:02:21 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007-10-05 04:02:18 | 00,985,600 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007-10-05 04:02:18 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2007-10-05 04:02:17 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007-10-05 04:02:17 | 00,207,360 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007-10-05 04:02:08 | 00,246,784 | ---- | M] (Marvell) -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007-09-20 01:38:18 | 00,010,216 | ---- | M] (Sony Corporation) -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007-09-19 07:29:09 | 02,222,080 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007-08-29 05:58:45 | 00,009,344 | ---- | M] (Sony Corporation) -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007-06-10 04:12:18 | 00,140,800 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007-06-06 04:00:39 | 00,812,544 | ---- | M] (Texas Instruments) -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007-05-26 12:03:06 | 00,128,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007-04-18 08:09:28 | 00,011,032 | ---- | M] (InterVideo) -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007-04-03 10:43:28 | 01,131,136 | ---- | M] (Philips Semiconductors GmbH) -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2007-01-10 03:46:25 | 00,005,120 | ---- | M] (Samsung Electronics) -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2006-11-02 13:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006-11-02 13:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006-11-02 13:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006-11-02 13:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006-11-02 13:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006-11-02 13:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006-11-02 13:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006-11-02 13:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006-11-02 13:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006-11-02 13:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006-11-02 13:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006-11-02 13:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006-11-02 13:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006-11-02 13:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006-11-02 13:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006-11-02 13:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006-11-02 13:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006-11-02 13:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006-11-02 13:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006-11-02 13:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006-11-02 13:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006-11-02 13:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006-11-02 13:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006-11-02 13:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006-11-02 13:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006-11-02 13:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006-11-02 13:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006-11-02 13:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006-11-02 13:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006-11-02 13:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006-11-02 13:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006-11-02 13:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006-11-02 13:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006-11-02 13:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006-11-02 13:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006-11-02 12:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid)
DRV - [2006-11-02 12:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006-11-02 12:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006-11-02 12:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006-11-02 12:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006-11-02 12:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006-11-02 11:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006-11-02 11:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006-11-02 11:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60)
DRV - [2006-11-02 10:37:21 | 00,020,480 | ---- | M] () -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2004-10-18 15:02:20 | 00,049,152 | ---- | M] (DeviceGuys, Inc.) -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vaio-online.sony.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.google.ae"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.95
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.22
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cc9abb2&v=6.103.018.001&i=29&tp=ab&iy=&ychte=aa&lng=en-US&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: "localhost"
FF - prefs.js..network.proxy.backup.socks_port: 9050
FF - prefs.js..network.proxy.backup.ssl: "localhost"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.ftp: "proxy1.emirates.net.ae"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy1.emirates.net.ae"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy1.emirates.net.ae"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy1.emirates.net.ae"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "proxy1.emirates.net.ae"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-09-02 17:48:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010-01-06 10:47:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-10-01 12:08:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-10-01 12:08:17 | 00,000,000 | ---D | M]
[2008-06-20 05:37:20 | 00,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\Mozilla\Extensions
[2010-06-24 23:26:40 | 00,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011-10-01 13:26:52 | 00,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\3tapd7rs.default\extensions
[2010-11-29 23:02:11 | 00,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\3tapd7rs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-09-17 21:55:37 | 00,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\3tapd7rs.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011-09-18 21:46:01 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2011-09-18 20:03:54 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008-11-10 11:35:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008-12-03 08:07:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009-08-25 02:55:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009-11-10 03:24:32 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010-04-18 23:49:51 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-10-28 22:25:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011-07-05 00:57:53 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011-09-18 20:03:44 | 00,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2011-09-18 20:03:44 | 00,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2011-05-04 04:52:23 | 00,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011-09-18 20:03:48 | 00,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2011-04-14 03:39:02 | 00,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2006-10-07 05:18:48 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2011-10-01 12:08:15 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2011-10-01 12:08:15 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2011-10-01 12:08:15 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2011-10-01 12:08:16 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2011-10-01 12:08:16 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2011-10-01 12:08:16 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2011-10-01 12:08:17 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2006-10-07 05:01:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2011-09-18 20:03:49 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2011-09-18 20:03:49 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2011-05-13 13:19:36 | 00,002,359 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2011-09-18 20:03:49 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2011-09-18 20:03:49 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2011-09-18 20:03:49 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2011-09-18 20:03:49 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2011-09-18 20:03:49 | 00,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Logan_S2P] C:\Program Files\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Tanya\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio Filter.lnk = C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe (Sony Corporation)
O4 - Startup: C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BSEGadget.lnk = C:\Program Files\BSEMktWatch\BSE Mkt Watch.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-11-03 20:23:29 | 00,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
========== Files/Folders - Created Within 30 Days ==========
[2011-10-01 13:24:36 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2011-10-01 13:24:35 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011-10-01 12:15:22 | 00,000,000 | ---D | C] -- C:\Windows\LastGood
[2011-10-01 12:07:25 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011-10-01 12:02:56 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011-10-01 11:58:41 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011-10-01 11:58:36 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2011-09-20 22:28:23 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011-09-20 22:27:59 | 00,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011-09-20 21:54:35 | 02,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011-09-20 21:54:35 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2011-09-20 21:54:33 | 01,791,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2011-09-20 21:54:32 | 00,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011-09-20 21:54:32 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011-09-20 21:54:31 | 01,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011-09-20 21:54:31 | 01,126,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2011-09-20 21:54:31 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011-09-20 21:54:29 | 09,704,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2011-09-20 21:54:29 | 01,102,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2011-09-20 21:54:29 | 00,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011-09-20 21:54:25 | 12,273,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2011-09-19 18:53:46 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011-09-19 18:53:43 | 00,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthport.sys
[2011-09-19 18:53:43 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\BTHUSB.SYS
[2011-09-19 18:53:40 | 02,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011-09-19 18:53:27 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011-09-19 18:53:17 | 00,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2011-09-19 18:53:07 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011-09-19 18:42:20 | 00,892,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2011-09-19 18:41:44 | 00,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll
[2011-09-19 01:21:01 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2011-09-19 01:20:13 | 02,322,184 | ---- | C] (ESET) -- C:\Users\Tanya\Desktop\esetsmartinstaller_enu.exe
[2011-09-19 01:13:30 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2011-09-19 01:07:56 | 00,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\temp
[2011-09-19 01:00:47 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011-09-19 00:43:47 | 00,000,000 | ---D | C] -- C:\ComboFix
[2011-09-19 00:26:30 | 00,000,000 | ---D | C] -- C:\0da76018af0c496421a87383552d
[2011-09-19 00:25:38 | 00,913,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2011-09-19 00:25:38 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys
[2011-09-18 23:28:33 | 01,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tanya\Desktop\TDSSKiller.exe
[2011-09-18 19:56:54 | 00,000,000 | ---D | C] -- C:\found.001
[2011-09-18 08:38:41 | 00,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011-09-18 08:38:41 | 00,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011-09-18 08:38:41 | 00,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011-09-18 08:37:21 | 00,000,000 | ---D | C] -- C:\Qoobox
[2011-09-18 08:36:09 | 04,217,591 | R--- | C] (Swearware) -- C:\Users\Tanya\Desktop\ComboFix.exe
[2011-09-17 23:44:45 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2 C:\Users\Tanya\Desktop\*.tmp files -> C:\Users\Tanya\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011-10-01 13:27:53 | 04,718,592 | -HS- | M] () -- C:\Users\Tanya\ntuser.dat
[2011-10-01 13:26:34 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-10-01 13:26:34 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-10-01 12:39:02 | 00,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-963744613-1606295528-1370569751-1003UA.job
[2011-10-01 12:26:32 | 00,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011-10-01 12:08:03 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011-10-01 11:58:20 | 00,001,039 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011-10-01 11:51:11 | 00,780,070 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011-10-01 11:51:11 | 00,662,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-10-01 11:51:11 | 00,130,758 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-10-01 11:44:49 | 00,108,931 | ---- | M] () -- C:\Users\Tanya\AppData\Roaming\nvModes.001
[2011-10-01 11:43:20 | 00,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011-10-01 11:43:06 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011-10-01 11:43:00 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-09-28 01:02:23 | 00,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011-09-28 01:00:26 | 00,065,536 | -HS- | M] () -- C:\Users\Tanya\ntuser.dat{1a81cb27-ab1f-11e0-9991-001e3d8820d6}.TM.blf
[2011-09-28 01:00:25 | 00,524,288 | -HS- | M] () -- C:\Users\Tanya\ntuser.dat{1a81cb27-ab1f-11e0-9991-001e3d8820d6}.TMContainer00000000000000000001.regtrans-ms
[2011-09-28 01:00:18 | 02,050,614 | -H-- | M] () -- C:\Users\Tanya\AppData\Local\IconCache.db
[2011-09-28 00:36:33 | 00,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-963744613-1606295528-1370569751-1003Core.job
[2011-09-20 22:29:40 | 00,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011-09-20 22:09:39 | 00,409,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-09-19 22:29:27 | 00,038,912 | R--- | M] () -- C:\Users\Tanya\Desktop\Tanya CV (2).doc
[2011-09-19 01:20:17 | 02,322,184 | ---- | M] (ESET) -- C:\Users\Tanya\Desktop\esetsmartinstaller_enu.exe
[2011-09-19 01:00:30 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2011-09-19 01:00:25 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011-09-19 00:01:15 | 04,217,591 | R--- | M] (Swearware) -- C:\Users\Tanya\Desktop\ComboFix.exe
[2011-09-18 23:56:38 | 00,000,000 | ---- | M] () -- C:\Users\Tanya\defogger_reenable
[2011-09-18 23:56:09 | 00,050,477 | ---- | M] () -- C:\Users\Tanya\Desktop\Defogger.exe
[2011-09-18 01:14:20 | 00,001,356 | ---- | M] ()
11
Tech Clinic / Laptop not working! Guestsolo pls help!
« on: September 27, 2011, 03:58:59 PM »
Hi,
Attached are all the errors I got when I restarted the laptop.
Thanks!
Tanya
[attachment=5335:photo.JPG]
[attachment=5337:photo (3).JPG]
[attachment=5336:photo (2).JPG]
Attached are all the errors I got when I restarted the laptop.
Thanks!
Tanya
[attachment=5335:photo.JPG]
[attachment=5337:photo (3).JPG]
[attachment=5336:photo (2).JPG]
12
Tech Clinic / Laptop not working! Guestsolo pls help!
« on: September 27, 2011, 03:44:34 PM »
Hi,
Sorry for not replying earlier. I tried what you said but status is still the same. Also got some errors, will attach images in the next post.
Thanks,
Tanya
Sorry for not replying earlier. I tried what you said but status is still the same. Also got some errors, will attach images in the next post.
Thanks,
Tanya
13
Tech Clinic / Laptop not working! Guestsolo pls help!
« on: September 21, 2011, 03:12:31 AM »
Hi,
Thank you for all your help, laptop seems to be working fine now
http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' /> I have installed the Microsoft antivirus and ran a full scan yesterday. It found 2 trojans:
[size="2"]Trojan:Win32/Dynamer!dtc[/size]
[size="2"] &
[/size]
[size="2"]TrojanDownloader:Java/OpenConnection.DG[/size]
I have removed both of them. Do let me know if anything else needs to be done.
I also noticed there is an X on my internet connection even though I am connected. It says 'Connection status: unknown. The dependency service or group failed to start.' Should I be worried??
Once again, Thank you very much!
Tanya
Thank you for all your help, laptop seems to be working fine now
\' /> I have installed the Microsoft antivirus and ran a full scan yesterday. It found 2 trojans:[size="2"]Trojan:Win32/Dynamer!dtc[/size]
[size="2"] &
[/size]
[size="2"]TrojanDownloader:Java/OpenConnection.DG[/size]
I have removed both of them. Do let me know if anything else needs to be done.
I also noticed there is an X on my internet connection even though I am connected. It says 'Connection status: unknown. The dependency service or group failed to start.' Should I be worried??
Once again, Thank you very much!
Tanya
14
Tech Clinic / Laptop not working! Guestsolo pls help!
« on: September 19, 2011, 03:26:01 PM »
Hi,
So far normal mode is working fine. I am shutting it down for the night and hopefully tomorrow it would work as well. Will keep you posted. Do let me know what needs to be done next. Thank you very much for all your help!
Tanya
So far normal mode is working fine. I am shutting it down for the night and hopefully tomorrow it would work as well. Will keep you posted. Do let me know what needs to be done next. Thank you very much for all your help!
Tanya
15
Tech Clinic / Laptop not working! Guestsolo pls help!
« on: September 19, 2011, 11:38:37 AM »
Still working http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'\' />
\' />
16
Tech Clinic / Laptop not working! Guestsolo pls help!
« on: September 19, 2011, 10:12:08 AM »
Hi,
Update - For the last half hour my laptop has been working in normal mode! Yayy!! Hope this lasts...Windows update is saying new updates need to be installed, am extremely wary now...please let me know if I should install them.
Thank you very much for all your help!
Tanya
Update - For the last half hour my laptop has been working in normal mode! Yayy!! Hope this lasts...Windows update is saying new updates need to be installed, am extremely wary now...please let me know if I should install them.
Thank you very much for all your help!
Tanya
17
Tech Clinic / Laptop not working! Guestsolo pls help!
« on: September 18, 2011, 11:56:53 PM »
Hi,
Here is the log for ESET:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=c0016d958af976459e07fa25d4216dbb
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-18 10:44:39
# local_time=2011-09-19 02:44:39 (+0400, Arabian Standard Time)
# country="India"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 90581094 90581094 0 0
# compatibility_mode=1026 16777214 0 2 99186 99186 0 0
# compatibility_mode=5892 16776573 100 100 6241301 153910266 0 0
# compatibility_mode=8192 67108863 100 0 277 277 0 0
# scanned=183161
# found=1
# cleaned=1
# scan_time=4740
C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Here is the log for ESET:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=c0016d958af976459e07fa25d4216dbb
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-18 10:44:39
# local_time=2011-09-19 02:44:39 (+0400, Arabian Standard Time)
# country="India"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 90581094 90581094 0 0
# compatibility_mode=1026 16777214 0 2 99186 99186 0 0
# compatibility_mode=5892 16776573 100 100 6241301 153910266 0 0
# compatibility_mode=8192 67108863 100 0 277 277 0 0
# scanned=183161
# found=1
# cleaned=1
# scan_time=4740
C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
18
Tech Clinic / Laptop not working! Guestsolo pls help!
« on: September 18, 2011, 04:19:17 PM »
Hi,
I ran the defogger but after finish it did not ask me to reboot.
After the reboot after running combofix I again could not access firefox or IE as it said something like this "Access Denied. Attempt to access a registry key that has been marked for deletion." I rebooted again and then got access. Here is the combofix log:
ComboFix 11-09-18.02 - Tanya 19-09-2011 0:45.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.91.1033.18.2046.1532 [GMT 4:00]
Running from: c:\users\Tanya\Desktop\ComboFix.exe
Command switches used :: c:\users\Tanya\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\SDMsgUpdate (TE).job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\Tasks\SDMsgUpdate (TE).job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CED7CAB4EF465688
-------\Service_CED7CAB4EF465688
.
.
((((((((((((((((((((((((( Files Created from 2011-08-18 to 2011-09-18 )))))))))))))))))))))))))))))))
.
.
2011-09-18 20:58 . 2011-09-18 21:01 -------- d-----w- c:\users\Tanya\AppData\Local\temp
2011-09-18 20:58 . 2011-09-18 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-18 20:26 . 2011-09-18 20:26 -------- d-----w- C:\0da76018af0c496421a87383552d
2011-09-18 15:56 . 2011-09-18 15:56 -------- d-----w- C:\found.001
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Audio Filter.lnk - c:\program files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2008-2-19 5733664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Tanya^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Audio Filter.lnk]
path=c:\users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio Filter.lnk
backup=c:\windows\pss\Audio Filter.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Tanya^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BSEGadget.lnk]
path=c:\users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BSEGadget.lnk
backup=c:\windows\pss\BSEGadget.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 19:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-06-10 00:12 118784 ----a-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-07-13 11:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-01-05 17:00 133104 ----atw- c:\users\Tanya\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2007-09-19 19:09 311296 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 11:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logan_S2P]
2007-06-10 23:58 253952 ----a-w- c:\program files\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-05-29 05:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2009-11-06 12:00 2090272 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-10-30 00:32 8429568 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-10-30 00:33 86016 ----a-w- c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 06:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 01:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2008-02-12 11:11 536576 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 08:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-01-09 5120]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-10-10 28464]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-10-30 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-10-30 43904]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
R4 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\Image Converter 3\ICScsiSV.exe [2007-06-15 75952]
R4 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 745472]
R4 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-09 397312]
R4 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-09 1089536]
R4 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-03-05 5189992]
R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]
R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2009-09-08 83312]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-963744613-1606295528-1370569751-1003Core.job
- c:\users\Tanya\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-05 17:00]
.
2011-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-963744613-1606295528-1370569751-1003UA.job
- c:\users\Tanya\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-05 17:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://vaio-online.sony.com/
uInternet Settings,ProxyOverride = local
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1CE96795-E26D-490E-BB2A-BD8D83E891A8}: NameServer = 8.8.8.8,8.8.4.4
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\3tapd7rs.default\
FF - prefs.js: browser.startup.homepage - www.google.ae
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc9abb2&v=6.103.018.001&i=29&tp=ab&iy=&ychte=aa&lng=en-US&q=
FF - prefs.js: network.proxy.ftp - proxy1.emirates.net.ae
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy1.emirates.net.ae
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy1.emirates.net.ae
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy1.emirates.net.ae
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy1.emirates.net.ae
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Effective Measure Community Plugin: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-19 01:00
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-963744613-1606295528-1370569751-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{568E84CA-AB6A-4E5A-3FDD-2C44B76369DC}*]
@Allowed: (Read) (RestrictedCode)
"abekbmpdkhafkolecfbmiedbmjodkimnln"=hex:61,61,00,00
"bbekbmpdkhafkolecfambilpkgbobhnbkmfd"=hex:61,61,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1096)
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wbem\unsecapp.exe
c:\windows\helppane.exe
.
**************************************************************************
.
Completion time: 2011-09-19 01:07:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-18 21:06
ComboFix2.txt 2011-09-18 20:26
ComboFix3.txt 2011-09-18 04:53
.
Pre-Run: 30,176,997,376 bytes free
Post-Run: 30,851,457,024 bytes free
.
- - End Of File - - 8257F077FD4D3135563E80B6C1C77074
I ran the defogger but after finish it did not ask me to reboot.
After the reboot after running combofix I again could not access firefox or IE as it said something like this "Access Denied. Attempt to access a registry key that has been marked for deletion." I rebooted again and then got access. Here is the combofix log:
ComboFix 11-09-18.02 - Tanya 19-09-2011 0:45.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.91.1033.18.2046.1532 [GMT 4:00]
Running from: c:\users\Tanya\Desktop\ComboFix.exe
Command switches used :: c:\users\Tanya\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\SDMsgUpdate (TE).job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\Tasks\SDMsgUpdate (TE).job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CED7CAB4EF465688
-------\Service_CED7CAB4EF465688
.
.
((((((((((((((((((((((((( Files Created from 2011-08-18 to 2011-09-18 )))))))))))))))))))))))))))))))
.
.
2011-09-18 20:58 . 2011-09-18 21:01 -------- d-----w- c:\users\Tanya\AppData\Local\temp
2011-09-18 20:58 . 2011-09-18 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-18 20:26 . 2011-09-18 20:26 -------- d-----w- C:\0da76018af0c496421a87383552d
2011-09-18 15:56 . 2011-09-18 15:56 -------- d-----w- C:\found.001
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Audio Filter.lnk - c:\program files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2008-2-19 5733664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Tanya^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Audio Filter.lnk]
path=c:\users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio Filter.lnk
backup=c:\windows\pss\Audio Filter.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Tanya^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BSEGadget.lnk]
path=c:\users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BSEGadget.lnk
backup=c:\windows\pss\BSEGadget.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 19:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-06-10 00:12 118784 ----a-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-07-13 11:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-01-05 17:00 133104 ----atw- c:\users\Tanya\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2007-09-19 19:09 311296 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 11:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logan_S2P]
2007-06-10 23:58 253952 ----a-w- c:\program files\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-05-29 05:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2009-11-06 12:00 2090272 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-10-30 00:32 8429568 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-10-30 00:33 86016 ----a-w- c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 06:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 01:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2008-02-12 11:11 536576 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 08:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-01-09 5120]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-10-10 28464]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-10-30 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-10-30 43904]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
R4 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\Image Converter 3\ICScsiSV.exe [2007-06-15 75952]
R4 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 745472]
R4 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-09 397312]
R4 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-09 1089536]
R4 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-03-05 5189992]
R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]
R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2009-09-08 83312]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-963744613-1606295528-1370569751-1003Core.job
- c:\users\Tanya\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-05 17:00]
.
2011-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-963744613-1606295528-1370569751-1003UA.job
- c:\users\Tanya\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-05 17:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://vaio-online.sony.com/
uInternet Settings,ProxyOverride = local
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1CE96795-E26D-490E-BB2A-BD8D83E891A8}: NameServer = 8.8.8.8,8.8.4.4
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\3tapd7rs.default\
FF - prefs.js: browser.startup.homepage - www.google.ae
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc9abb2&v=6.103.018.001&i=29&tp=ab&iy=&ychte=aa&lng=en-US&q=
FF - prefs.js: network.proxy.ftp - proxy1.emirates.net.ae
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy1.emirates.net.ae
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy1.emirates.net.ae
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy1.emirates.net.ae
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy1.emirates.net.ae
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Effective Measure Community Plugin: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-19 01:00
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-963744613-1606295528-1370569751-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{568E84CA-AB6A-4E5A-3FDD-2C44B76369DC}*]
@Allowed: (Read) (RestrictedCode)
"abekbmpdkhafkolecfbmiedbmjodkimnln"=hex:61,61,00,00
"bbekbmpdkhafkolecfambilpkgbobhnbkmfd"=hex:61,61,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1096)
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wbem\unsecapp.exe
c:\windows\helppane.exe
.
**************************************************************************
.
Completion time: 2011-09-19 01:07:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-18 21:06
ComboFix2.txt 2011-09-18 20:26
ComboFix3.txt 2011-09-18 04:53
.
Pre-Run: 30,176,997,376 bytes free
Post-Run: 30,851,457,024 bytes free
.
- - End Of File - - 8257F077FD4D3135563E80B6C1C77074
19
Tech Clinic / Laptop not working! Guestsolo pls help!
« on: September 18, 2011, 02:31:48 PM »
Scan says no threats found. Here is the log:
2011/09/18 23:29:17.0131 1748 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/18 23:29:17.0848 1748 ================================================================================
2011/09/18 23:29:17.0848 1748 SystemInfo:
2011/09/18 23:29:17.0848 1748
2011/09/18 23:29:17.0848 1748 OS Version: 6.0.6002 ServicePack: 2.0
2011/09/18 23:29:17.0848 1748 Product type: Workstation
2011/09/18 23:29:17.0848 1748 ComputerName: TANYA-PC
2011/09/18 23:29:17.0848 1748 UserName: Tanya
2011/09/18 23:29:17.0848 1748 Windows directory: C:\Windows
2011/09/18 23:29:17.0848 1748 System windows directory: C:\Windows
2011/09/18 23:29:17.0848 1748 Processor architecture: Intel x86
2011/09/18 23:29:17.0848 1748 Number of processors: 2
2011/09/18 23:29:17.0848 1748 Page size: 0x1000
2011/09/18 23:29:17.0848 1748 Boot type: Safe boot with network
2011/09/18 23:29:17.0848 1748 ================================================================================
2011/09/18 23:29:19.0190 1748 Initialize success
2011/09/18 23:29:24.0197 1188 ================================================================================
2011/09/18 23:29:24.0197 1188 Scan started
2011/09/18 23:29:24.0197 1188 Mode: Manual;
2011/09/18 23:29:24.0197 1188 ================================================================================
2011/09/18 23:29:25.0133 1188 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/09/18 23:29:25.0258 1188 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/09/18 23:29:25.0336 1188 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/09/18 23:29:25.0399 1188 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/09/18 23:29:25.0508 1188 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/09/18 23:29:25.0648 1188 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/09/18 23:29:25.0757 1188 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/09/18 23:29:25.0898 1188 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/09/18 23:29:25.0960 1188 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/09/18 23:29:26.0023 1188 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/09/18 23:29:26.0069 1188 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/09/18 23:29:26.0179 1188 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/09/18 23:29:26.0241 1188 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/09/18 23:29:26.0381 1188 ApfiltrService (18bff317bdb10c64a35e1ca85f1ec051) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/09/18 23:29:26.0522 1188 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/09/18 23:29:26.0631 1188 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/09/18 23:29:26.0756 1188 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/18 23:29:26.0849 1188 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/09/18 23:29:26.0974 1188 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/09/18 23:29:27.0193 1188 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/18 23:29:27.0302 1188 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/18 23:29:27.0349 1188 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/09/18 23:29:27.0458 1188 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/09/18 23:29:27.0536 1188 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/09/18 23:29:27.0598 1188 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/18 23:29:27.0676 1188 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/09/18 23:29:27.0770 1188 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/09/18 23:29:27.0895 1188 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/18 23:29:28.0019 1188 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/09/18 23:29:28.0113 1188 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/09/18 23:29:28.0238 1188 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/09/18 23:29:28.0378 1188 btwaudio (f2195899900e358614fa535ea503373e) C:\Windows\system32\drivers\btwaudio.sys
2011/09/18 23:29:28.0472 1188 btwavdt (769dfbe72448b31221db818a049760a5) C:\Windows\system32\drivers\btwavdt.sys
2011/09/18 23:29:28.0519 1188 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/09/18 23:29:28.0659 1188 btwrchid (9fa7311ce621683aab68a324e623f9b2) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/09/18 23:29:28.0924 1188 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/18 23:29:29.0033 1188 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/18 23:29:29.0252 1188 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/09/18 23:29:29.0330 1188 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/09/18 23:29:29.0548 1188 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/18 23:29:29.0611 1188 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/09/18 23:29:29.0673 1188 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/18 23:29:29.0720 1188 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/09/18 23:29:29.0767 1188 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/09/18 23:29:29.0938 1188 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/09/18 23:29:30.0125 1188 DgiVecp (b327b0ca9fce58893d456ee2360378af) C:\Windows\system32\Drivers\DgiVecp.sys
2011/09/18 23:29:30.0281 1188 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/09/18 23:29:30.0328 1188 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
2011/09/18 23:29:30.0500 1188 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/09/18 23:29:30.0593 1188 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/18 23:29:30.0687 1188 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/18 23:29:30.0843 1188 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/09/18 23:29:30.0952 1188 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/09/18 23:29:31.0108 1188 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/09/18 23:29:31.0186 1188 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/09/18 23:29:31.0280 1188 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/18 23:29:31.0405 1188 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/09/18 23:29:31.0483 1188 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/09/18 23:29:31.0576 1188 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/18 23:29:31.0701 1188 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/09/18 23:29:31.0857 1188 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/18 23:29:31.0919 1188 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/18 23:29:32.0013 1188 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/18 23:29:32.0122 1188 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/09/18 23:29:32.0247 1188 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/18 23:29:32.0356 1188 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/18 23:29:32.0434 1188 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/09/18 23:29:32.0543 1188 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/18 23:29:32.0637 1188 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/09/18 23:29:32.0746 1188 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/09/18 23:29:32.0855 1188 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/09/18 23:29:32.0996 1188 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/09/18 23:29:33.0105 1188 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/09/18 23:29:33.0199 1188 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/09/18 23:29:33.0323 1188 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/18 23:29:33.0417 1188 iaStor (707c1692214b1c290271067197f075f6) C:\Windows\system32\drivers\iastor.sys
2011/09/18 23:29:33.0495 1188 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/09/18 23:29:33.0589 1188 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/09/18 23:29:33.0698 1188 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/09/18 23:29:33.0807 1188 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/18 23:29:33.0916 1188 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/18 23:29:34.0025 1188 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/18 23:29:34.0135 1188 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/18 23:29:34.0275 1188 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/09/18 23:29:34.0337 1188 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/09/18 23:29:34.0415 1188 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/18 23:29:34.0493 1188 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/09/18 23:29:34.0618 1188 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/09/18 23:29:34.0727 1188 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/18 23:29:34.0790 1188 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/18 23:29:34.0883 1188 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/18 23:29:35.0024 1188 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/18 23:29:35.0102 1188 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/18 23:29:35.0164 1188 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/18 23:29:35.0242 1188 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/18 23:29:35.0351 1188 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/09/18 23:29:35.0429 1188 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/09/18 23:29:35.0523 1188 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/09/18 23:29:35.0601 1188 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/09/18 23:29:35.0695 1188 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/18 23:29:35.0804 1188 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/18 23:29:35.0851 1188 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/18 23:29:35.0929 1188 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/09/18 23:29:36.0007 1188 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/09/18 23:29:36.0085 1188 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/18 23:29:36.0163 1188 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/18 23:29:36.0241 1188 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/18 23:29:36.0365 1188 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/18 23:29:36.0475 1188 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/18 23:29:36.0584 1188 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/18 23:29:36.0646 1188 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/09/18 23:29:36.0724 1188 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/09/18 23:29:36.0865 1188 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/09/18 23:29:36.0943 1188 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/09/18 23:29:37.0083 1188 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/18 23:29:37.0161 1188 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/18 23:29:37.0208 1188 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/09/18 23:29:37.0286 1188 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/09/18 23:29:37.0395 1188 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/18 23:29:37.0582 1188 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/09/18 23:29:37.0894 1188 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/09/18 23:29:38.0019 1188 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/18 23:29:38.0128 1188 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/09/18 23:29:38.0721 1188 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/18 23:29:39.0236 1188 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/18 23:29:39.0501 1188 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/18 23:29:39.0688 1188 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/09/18 23:29:39.0875 1188 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/18 23:29:40.0000 1188 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/18 23:29:40.0234 1188 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/09/18 23:29:40.0343 1188 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/09/18 23:29:40.0468 1188 nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\Windows\system32\drivers\ccdcmb.sys
2011/09/18 23:29:40.0889 1188 nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\Windows\system32\drivers\ccdcmbo.sys
2011/09/18 23:29:41.0451 1188 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/09/18 23:29:41.0966 1188 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/18 23:29:42.0793 1188 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/09/18 23:29:43.0339 1188 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/09/18 23:29:43.0432 1188 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/09/18 23:29:44.0321 1188 nvlddmkm (39d8f5a92427c57309355199592ead9f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/09/18 23:29:45.0257 1188 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/09/18 23:29:45.0320 1188 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/09/18 23:29:45.0367 1188 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/09/18 23:29:45.0601 1188 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/18 23:29:45.0725 1188 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/09/18 23:29:45.0928 1188 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/09/18 23:29:45.0991 1188 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/09/18 23:29:46.0115 1188 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/09/18 23:29:46.0193 1188 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/09/18 23:29:46.0287 1188 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/09/18 23:29:46.0396 1188 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/18 23:29:46.0724 1188 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/09/18 23:29:47.0083 1188 Ph3xIB32 (9f2f541c52cd7a452e235e885f7d95de) C:\Windows\system32\DRIVERS\Ph3xIB32.sys
2011/09/18 23:29:47.0363 1188 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/18 23:29:47.0457 1188 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/09/18 23:29:47.0707 1188 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/18 23:29:47.0925 1188 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/09/18 23:29:48.0112 1188 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/09/18 23:29:48.0206 1188 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/09/18 23:29:48.0284 1188 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/18 23:29:48.0377 1188 R5U870FLx86 (619fee09714903ef72f0fb80882cc946) C:\Windows\system32\Drivers\R5U870FLx86.sys
2011/09/18 23:29:48.0549 1188 R5U870FUx86 (3f75ba4b7e81a42781b725657883a2b4) C:\Windows\system32\Drivers\R5U870FUx86.sys
2011/09/18 23:29:48.0736 1188 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/18 23:29:48.0986 1188 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/18 23:29:49.0079 1188 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/18 23:29:49.0142 1188 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/18 23:29:49.0235 1188 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/18 23:29:49.0345 1188 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/18 23:29:49.0407 1188 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/09/18 23:29:49.0501 1188 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/18 23:29:49.0610 1188 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/09/18 23:29:49.0719 1188 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
2011/09/18 23:29:49.0828 1188 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/09/18 23:29:50.0000 1188 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/18 23:29:50.0078 1188 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/09/18 23:29:50.0140 1188 secdrv (71768f197395dbfb4e876311172d4d93) C:\Windows\system32\drivers\secdrv.sys
2011/09/18 23:29:50.0234 1188 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/09/18 23:29:50.0296 1188 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/09/18 23:29:50.0374 1188 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/09/18 23:29:50.0546 1188 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
2011/09/18 23:29:50.0764 1188 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/09/18 23:29:50.0983 1188 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/18 23:29:51.0076 1188 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/18 23:29:51.0123 1188 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/18 23:29:51.0185 1188 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/09/18 23:29:51.0263 1188 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/09/18 23:29:51.0373 1188 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/09/18 23:29:51.0451 1188 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/09/18 23:29:51.0731 1188 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/09/18 23:29:51.0919 1188 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/09/18 23:29:52.0043 1188 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/18 23:29:52.0106 1188 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/18 23:29:52.0215 1188 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
2011/09/18 23:29:52.0371 1188 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
2011/09/18 23:29:52.0527 1188 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
2011/09/18 23:29:52.0636 1188 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/18 23:29:52.0777 1188 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/09/18 23:29:52.0933 1188 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/09/18 23:29:52.0995 1188 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/09/18 23:29:53.0104 1188 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/09/18 23:29:53.0213 1188 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/18 23:29:53.0338 1188 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/18 23:29:53.0416 1188 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/09/18 23:29:53.0479 1188 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/09/18 23:29:53.0650 1188 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/18 23:29:53.0900 1188 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/18 23:29:54.0025 1188 ti21sony (909cd987b54a8179c9aee874d754721a) C:\Windows\system32\drivers\ti21sony.sys
2011/09/18 23:29:54.0134 1188 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/18 23:29:54.0290 1188 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/18 23:29:54.0399 1188 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/18 23:29:54.0477 1188 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/09/18 23:29:54.0602 1188 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/18 23:29:54.0711 1188 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/18 23:29:54.0789 1188 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/09/18 23:29:54.0851 1188 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/09/18 23:29:54.0914 1188 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/09/18 23:29:55.0023 1188 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/18 23:29:55.0179 1188 upperdev (e526a166e6acafd0a9b3841d3941669e) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
2011/09/18 23:29:55.0257 1188 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/09/18 23:29:55.0351 1188 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/09/18 23:29:55.0460 1188 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/18 23:29:55.0678 1188 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/09/18 23:29:55.0772 1188 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/18 23:29:55.0912 1188 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/18 23:29:56.0084 1188 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/09/18 23:29:56.0146 1188 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/18 23:29:56.0255 1188 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/18 23:29:56.0333 1188 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys
2011/09/18 23:29:56.0411 1188 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/18 23:29:56.0505 1188 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/18 23:29:56.0677 1188 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/09/18 23:29:56.0895 1188 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/18 23:29:56.0973 1188 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/09/18 23:29:57.0067 1188 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/09/18 23:29:57.0160 1188 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/09/18 23:29:57.0238 1188 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/09/18 23:29:57.0316 1188 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/09/18 23:29:57.0394 1188 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/09/18 23:29:57.0472 1188 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/09/18 23:29:57.0597 1188 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/09/18 23:29:57.0753 1188 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/09/18 23:29:57.0909 1188 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/18 23:29:57.0940 1188 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/18 23:29:58.0034 1188 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/09/18 23:29:58.0127 1188 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/18 23:29:58.0315 1188 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/09/18 23:29:58.0424 1188 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/09/18 23:29:58.0627 1188 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/18 23:29:58.0783 1188 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/09/18 23:29:58.0861 1188 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/18 23:29:59.0001 1188 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/09/18 23:29:59.0079 1188 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/18 23:29:59.0141 1188 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/09/18 23:29:59.0344 1188 yukonwlh (2d07e65ed0023bb10b13a912b27dfb1a) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/09/18 23:29:59.0391 1188 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/09/18 23:29:59.0422 1188 Boot (0x1200) (6133ba64ebc59ebed67d5ad3ff04dca4) \Device\Harddisk0\DR0\Partition0
2011/09/18 23:29:59.0422 1188 ================================================================================
2011/09/18 23:29:59.0422 1188 Scan finished
2011/09/18 23:29:59.0422 1188 ================================================================================
2011/09/18 23:29:59.0438 1008 Detected object count: 0
2011/09/18 23:29:59.0438 1008 Actual detected object count: 0
2011/09/18 23:29:17.0131 1748 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/18 23:29:17.0848 1748 ================================================================================
2011/09/18 23:29:17.0848 1748 SystemInfo:
2011/09/18 23:29:17.0848 1748
2011/09/18 23:29:17.0848 1748 OS Version: 6.0.6002 ServicePack: 2.0
2011/09/18 23:29:17.0848 1748 Product type: Workstation
2011/09/18 23:29:17.0848 1748 ComputerName: TANYA-PC
2011/09/18 23:29:17.0848 1748 UserName: Tanya
2011/09/18 23:29:17.0848 1748 Windows directory: C:\Windows
2011/09/18 23:29:17.0848 1748 System windows directory: C:\Windows
2011/09/18 23:29:17.0848 1748 Processor architecture: Intel x86
2011/09/18 23:29:17.0848 1748 Number of processors: 2
2011/09/18 23:29:17.0848 1748 Page size: 0x1000
2011/09/18 23:29:17.0848 1748 Boot type: Safe boot with network
2011/09/18 23:29:17.0848 1748 ================================================================================
2011/09/18 23:29:19.0190 1748 Initialize success
2011/09/18 23:29:24.0197 1188 ================================================================================
2011/09/18 23:29:24.0197 1188 Scan started
2011/09/18 23:29:24.0197 1188 Mode: Manual;
2011/09/18 23:29:24.0197 1188 ================================================================================
2011/09/18 23:29:25.0133 1188 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/09/18 23:29:25.0258 1188 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/09/18 23:29:25.0336 1188 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/09/18 23:29:25.0399 1188 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/09/18 23:29:25.0508 1188 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/09/18 23:29:25.0648 1188 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/09/18 23:29:25.0757 1188 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/09/18 23:29:25.0898 1188 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/09/18 23:29:25.0960 1188 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/09/18 23:29:26.0023 1188 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/09/18 23:29:26.0069 1188 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/09/18 23:29:26.0179 1188 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/09/18 23:29:26.0241 1188 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/09/18 23:29:26.0381 1188 ApfiltrService (18bff317bdb10c64a35e1ca85f1ec051) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/09/18 23:29:26.0522 1188 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/09/18 23:29:26.0631 1188 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/09/18 23:29:26.0756 1188 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/18 23:29:26.0849 1188 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/09/18 23:29:26.0974 1188 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/09/18 23:29:27.0193 1188 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/18 23:29:27.0302 1188 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/18 23:29:27.0349 1188 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/09/18 23:29:27.0458 1188 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/09/18 23:29:27.0536 1188 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/09/18 23:29:27.0598 1188 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/18 23:29:27.0676 1188 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/09/18 23:29:27.0770 1188 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/09/18 23:29:27.0895 1188 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/18 23:29:28.0019 1188 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/09/18 23:29:28.0113 1188 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/09/18 23:29:28.0238 1188 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/09/18 23:29:28.0378 1188 btwaudio (f2195899900e358614fa535ea503373e) C:\Windows\system32\drivers\btwaudio.sys
2011/09/18 23:29:28.0472 1188 btwavdt (769dfbe72448b31221db818a049760a5) C:\Windows\system32\drivers\btwavdt.sys
2011/09/18 23:29:28.0519 1188 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/09/18 23:29:28.0659 1188 btwrchid (9fa7311ce621683aab68a324e623f9b2) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/09/18 23:29:28.0924 1188 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/18 23:29:29.0033 1188 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/18 23:29:29.0252 1188 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/09/18 23:29:29.0330 1188 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/09/18 23:29:29.0548 1188 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/18 23:29:29.0611 1188 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/09/18 23:29:29.0673 1188 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/18 23:29:29.0720 1188 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/09/18 23:29:29.0767 1188 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/09/18 23:29:29.0938 1188 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/09/18 23:29:30.0125 1188 DgiVecp (b327b0ca9fce58893d456ee2360378af) C:\Windows\system32\Drivers\DgiVecp.sys
2011/09/18 23:29:30.0281 1188 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/09/18 23:29:30.0328 1188 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
2011/09/18 23:29:30.0500 1188 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/09/18 23:29:30.0593 1188 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/18 23:29:30.0687 1188 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/18 23:29:30.0843 1188 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/09/18 23:29:30.0952 1188 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/09/18 23:29:31.0108 1188 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/09/18 23:29:31.0186 1188 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/09/18 23:29:31.0280 1188 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/18 23:29:31.0405 1188 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/09/18 23:29:31.0483 1188 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/09/18 23:29:31.0576 1188 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/18 23:29:31.0701 1188 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/09/18 23:29:31.0857 1188 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/18 23:29:31.0919 1188 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/18 23:29:32.0013 1188 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/18 23:29:32.0122 1188 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/09/18 23:29:32.0247 1188 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/18 23:29:32.0356 1188 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/18 23:29:32.0434 1188 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/09/18 23:29:32.0543 1188 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/18 23:29:32.0637 1188 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/09/18 23:29:32.0746 1188 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/09/18 23:29:32.0855 1188 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/09/18 23:29:32.0996 1188 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/09/18 23:29:33.0105 1188 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/09/18 23:29:33.0199 1188 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/09/18 23:29:33.0323 1188 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/18 23:29:33.0417 1188 iaStor (707c1692214b1c290271067197f075f6) C:\Windows\system32\drivers\iastor.sys
2011/09/18 23:29:33.0495 1188 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/09/18 23:29:33.0589 1188 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/09/18 23:29:33.0698 1188 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/09/18 23:29:33.0807 1188 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/18 23:29:33.0916 1188 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/18 23:29:34.0025 1188 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/18 23:29:34.0135 1188 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/18 23:29:34.0275 1188 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/09/18 23:29:34.0337 1188 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/09/18 23:29:34.0415 1188 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/18 23:29:34.0493 1188 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/09/18 23:29:34.0618 1188 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/09/18 23:29:34.0727 1188 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/18 23:29:34.0790 1188 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/18 23:29:34.0883 1188 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/18 23:29:35.0024 1188 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/18 23:29:35.0102 1188 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/18 23:29:35.0164 1188 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/18 23:29:35.0242 1188 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/18 23:29:35.0351 1188 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/09/18 23:29:35.0429 1188 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/09/18 23:29:35.0523 1188 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/09/18 23:29:35.0601 1188 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/09/18 23:29:35.0695 1188 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/18 23:29:35.0804 1188 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/18 23:29:35.0851 1188 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/18 23:29:35.0929 1188 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/09/18 23:29:36.0007 1188 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/09/18 23:29:36.0085 1188 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/18 23:29:36.0163 1188 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/18 23:29:36.0241 1188 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/18 23:29:36.0365 1188 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/18 23:29:36.0475 1188 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/18 23:29:36.0584 1188 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/18 23:29:36.0646 1188 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/09/18 23:29:36.0724 1188 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/09/18 23:29:36.0865 1188 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/09/18 23:29:36.0943 1188 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/09/18 23:29:37.0083 1188 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/18 23:29:37.0161 1188 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/18 23:29:37.0208 1188 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/09/18 23:29:37.0286 1188 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/09/18 23:29:37.0395 1188 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/18 23:29:37.0582 1188 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/09/18 23:29:37.0894 1188 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/09/18 23:29:38.0019 1188 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/18 23:29:38.0128 1188 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/09/18 23:29:38.0721 1188 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/18 23:29:39.0236 1188 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/18 23:29:39.0501 1188 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/18 23:29:39.0688 1188 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/09/18 23:29:39.0875 1188 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/18 23:29:40.0000 1188 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/18 23:29:40.0234 1188 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/09/18 23:29:40.0343 1188 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/09/18 23:29:40.0468 1188 nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\Windows\system32\drivers\ccdcmb.sys
2011/09/18 23:29:40.0889 1188 nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\Windows\system32\drivers\ccdcmbo.sys
2011/09/18 23:29:41.0451 1188 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/09/18 23:29:41.0966 1188 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/18 23:29:42.0793 1188 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/09/18 23:29:43.0339 1188 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/09/18 23:29:43.0432 1188 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/09/18 23:29:44.0321 1188 nvlddmkm (39d8f5a92427c57309355199592ead9f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/09/18 23:29:45.0257 1188 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/09/18 23:29:45.0320 1188 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/09/18 23:29:45.0367 1188 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/09/18 23:29:45.0601 1188 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/18 23:29:45.0725 1188 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/09/18 23:29:45.0928 1188 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/09/18 23:29:45.0991 1188 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/09/18 23:29:46.0115 1188 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/09/18 23:29:46.0193 1188 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/09/18 23:29:46.0287 1188 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/09/18 23:29:46.0396 1188 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/18 23:29:46.0724 1188 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/09/18 23:29:47.0083 1188 Ph3xIB32 (9f2f541c52cd7a452e235e885f7d95de) C:\Windows\system32\DRIVERS\Ph3xIB32.sys
2011/09/18 23:29:47.0363 1188 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/18 23:29:47.0457 1188 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/09/18 23:29:47.0707 1188 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/18 23:29:47.0925 1188 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/09/18 23:29:48.0112 1188 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/09/18 23:29:48.0206 1188 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/09/18 23:29:48.0284 1188 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/18 23:29:48.0377 1188 R5U870FLx86 (619fee09714903ef72f0fb80882cc946) C:\Windows\system32\Drivers\R5U870FLx86.sys
2011/09/18 23:29:48.0549 1188 R5U870FUx86 (3f75ba4b7e81a42781b725657883a2b4) C:\Windows\system32\Drivers\R5U870FUx86.sys
2011/09/18 23:29:48.0736 1188 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/18 23:29:48.0986 1188 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/18 23:29:49.0079 1188 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/18 23:29:49.0142 1188 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/18 23:29:49.0235 1188 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/18 23:29:49.0345 1188 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/18 23:29:49.0407 1188 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/09/18 23:29:49.0501 1188 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/18 23:29:49.0610 1188 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/09/18 23:29:49.0719 1188 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
2011/09/18 23:29:49.0828 1188 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/09/18 23:29:50.0000 1188 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/18 23:29:50.0078 1188 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/09/18 23:29:50.0140 1188 secdrv (71768f197395dbfb4e876311172d4d93) C:\Windows\system32\drivers\secdrv.sys
2011/09/18 23:29:50.0234 1188 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/09/18 23:29:50.0296 1188 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/09/18 23:29:50.0374 1188 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/09/18 23:29:50.0546 1188 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
2011/09/18 23:29:50.0764 1188 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/09/18 23:29:50.0983 1188 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/18 23:29:51.0076 1188 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/18 23:29:51.0123 1188 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/18 23:29:51.0185 1188 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/09/18 23:29:51.0263 1188 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/09/18 23:29:51.0373 1188 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/09/18 23:29:51.0451 1188 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/09/18 23:29:51.0731 1188 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/09/18 23:29:51.0919 1188 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/09/18 23:29:52.0043 1188 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/18 23:29:52.0106 1188 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/18 23:29:52.0215 1188 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
2011/09/18 23:29:52.0371 1188 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
2011/09/18 23:29:52.0527 1188 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
2011/09/18 23:29:52.0636 1188 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/18 23:29:52.0777 1188 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/09/18 23:29:52.0933 1188 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/09/18 23:29:52.0995 1188 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/09/18 23:29:53.0104 1188 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/09/18 23:29:53.0213 1188 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/18 23:29:53.0338 1188 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/18 23:29:53.0416 1188 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/09/18 23:29:53.0479 1188 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/09/18 23:29:53.0650 1188 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/18 23:29:53.0900 1188 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/18 23:29:54.0025 1188 ti21sony (909cd987b54a8179c9aee874d754721a) C:\Windows\system32\drivers\ti21sony.sys
2011/09/18 23:29:54.0134 1188 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/18 23:29:54.0290 1188 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/18 23:29:54.0399 1188 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/18 23:29:54.0477 1188 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/09/18 23:29:54.0602 1188 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/18 23:29:54.0711 1188 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/18 23:29:54.0789 1188 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/09/18 23:29:54.0851 1188 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/09/18 23:29:54.0914 1188 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/09/18 23:29:55.0023 1188 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/18 23:29:55.0179 1188 upperdev (e526a166e6acafd0a9b3841d3941669e) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
2011/09/18 23:29:55.0257 1188 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/09/18 23:29:55.0351 1188 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/09/18 23:29:55.0460 1188 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/18 23:29:55.0678 1188 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/09/18 23:29:55.0772 1188 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/18 23:29:55.0912 1188 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/18 23:29:56.0084 1188 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/09/18 23:29:56.0146 1188 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/18 23:29:56.0255 1188 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/18 23:29:56.0333 1188 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys
2011/09/18 23:29:56.0411 1188 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/18 23:29:56.0505 1188 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/18 23:29:56.0677 1188 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/09/18 23:29:56.0895 1188 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/18 23:29:56.0973 1188 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/09/18 23:29:57.0067 1188 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/09/18 23:29:57.0160 1188 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/09/18 23:29:57.0238 1188 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/09/18 23:29:57.0316 1188 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/09/18 23:29:57.0394 1188 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/09/18 23:29:57.0472 1188 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/09/18 23:29:57.0597 1188 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/09/18 23:29:57.0753 1188 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/09/18 23:29:57.0909 1188 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/18 23:29:57.0940 1188 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/18 23:29:58.0034 1188 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/09/18 23:29:58.0127 1188 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/18 23:29:58.0315 1188 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/09/18 23:29:58.0424 1188 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/09/18 23:29:58.0627 1188 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/18 23:29:58.0783 1188 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/09/18 23:29:58.0861 1188 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/18 23:29:59.0001 1188 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/09/18 23:29:59.0079 1188 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/18 23:29:59.0141 1188 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/09/18 23:29:59.0344 1188 yukonwlh (2d07e65ed0023bb10b13a912b27dfb1a) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/09/18 23:29:59.0391 1188 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/09/18 23:29:59.0422 1188 Boot (0x1200) (6133ba64ebc59ebed67d5ad3ff04dca4) \Device\Harddisk0\DR0\Partition0
2011/09/18 23:29:59.0422 1188 ================================================================================
2011/09/18 23:29:59.0422 1188 Scan finished
2011/09/18 23:29:59.0422 1188 ================================================================================
2011/09/18 23:29:59.0438 1008 Detected object count: 0
2011/09/18 23:29:59.0438 1008 Actual detected object count: 0
20
Tech Clinic / Laptop not working! Guestsolo pls help!
« on: September 18, 2011, 12:57:35 PM »
[quote name='guestolo' timestamp='1316363105' post='480255']
I'm stepping out soon, what happens if you shut down the computer
Wait a couple minutes
Restart the computer into Normal windows
Can you remain in Normal windows now?
Check again if you have access to either IE or Firefox
[/quote]
I shut it down, it works briefly in normal windows 10-15 mins and then hangs again. My IE and Firefox are working now.
Thanks!
Tanya
I'm stepping out soon, what happens if you shut down the computer
Wait a couple minutes
Restart the computer into Normal windows
Can you remain in Normal windows now?
Check again if you have access to either IE or Firefox
[/quote]
I shut it down, it works briefly in normal windows 10-15 mins and then hangs again. My IE and Firefox are working now.
Thanks!
Tanya