Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Help I think I have a scvhost.exe trojan

(In Progress)
(!)

sparticus2982's Avatar
sparticus2982 sparticus2982 is offline
Computer Specs
Member with 15 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Beginner
22-Aug-2012, 03:33 PM #1
Help I think I have a scvhost.exe trojan
I have run an avg scan it came up with this scvhost.exe corruptable file. I'm sure that it's the conficker worm I've been educating myself on but I'm a beginner and have very little knowledge about how to fix things. I also saw a couple of other posts on this forum for the similar thing but read on here not to follow the steps in another forum because it may not be applicable to my laptop. Please be patient with me! My computer is very slow and I have a program running 'svchost' or 'service' and using a lot of memory in the 'task manager'. Computer is backed up with all the essential files so good to go there. I read the post on posting information from the hijack and dds and whatever else that was. I will post below. Computer information that I am aware of:
Dell Inspiron 6000
1.60GHz 1.99 ram
Windows XP

Here are the notepad docs that I have. This forum is awesome and I hope this is an easy fix
HIJACK THIS
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:10:53 PM, on 8/22/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Bret Wickstrom\Local Settings\Temporary Internet Files\Content.IE5\HAU131TP\HijackThis[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bret Wickstrom\Local Settings\Temporary Internet Files\Content.IE5\MK3BEENW\dds[1].com
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\cscript.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - https://compulink-softwaretraining.w...ex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Sentinel HASP License Manager (hasplms) - SafeNet Inc. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 8788 bytes


DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Bret Wickstrom at 15:10:38 on 2012-08-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.326 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Bret Wickstrom\Local Settings\Temporary Internet Files\Content.IE5\HAU131TP\HijackThis[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
BHO: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: c:\windows\system32\iavlsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://compulink-softwaretraining.webex.com/client/T27L/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.2.1 192.168.1.99
TCP: Interfaces\{677F8159-25D3-4341-8624-79D99EC859BC} : DhcpNameServer = 192.168.2.1 192.168.1.99
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-07-25 13:47:55 -------- d-----w- c:\windows\SxsCaPendDel
.
==================== Find3M ====================
.
2012-08-14 21:22:45 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-14 21:22:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 19:15:36 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-12 19:15:36 52128 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-07-12 19:15:35 87456 ----a-w- c:\windows\system32\LMIinit.dll
2012-07-12 19:15:35 30624 ----a-w- c:\windows\system32\LMIport.dll
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD400VE-75HDT1 rev.11.07D11 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8974E4B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8975593c]; MOV EAX, [0x89755ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE140] -> \Device\Harddisk0\DR0[0x89E17AB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EE140] -> [0x8972A030]
\Driver\atapi[0x89A3BD28] -> IRP_MJ_CREATE -> 0x8974E4B1
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8974E2E2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 15:17:20.60 ===============


ATTACH

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/28/2010 10:49:29 AM
System Uptime: 8/22/2012 2:11:34 PM (1 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Celeron(R) M processor 1.60GHz | Microprocessor | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 4.597 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
1ClickDownloader
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader 9.4.7
AiO_Scan
ALPS Touch Pad Driver
Apple Application Support
Apple Software Update
AVG Free 9.0
Bing Rewards Client Installer
Bonjour
Broadcom 440x 10/100 Integrated Controller
Business Contact Manager for Outlook 2007 SP2
ChiroTouch
Conexant D110 MDC V.92 Modem
Crystal Reports 2008 Runtime
Dell Wireless WLAN Card
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
Intel(R) Graphics Media Accelerator Driver for Mobile
InterActual Player
Java Auto Updater
Java(TM) 6 Update 20
LogMeIn
Media Player Codec Pack 3.9.6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft POS for .NET 1.11
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
OGA Notifier 2.0.0048.0
Peachtree Pro Accounting 2009
PeachTree Signature Ready Forms
QFolder
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit)
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
TanTrack v3.0.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Service
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Essentials Media Codec Pack 3.2
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
Windows Search 4.0
Windows XP Service Pack 3
Yontoo 1.10.02
.
==== Event Viewer Messages From Past Week ========
.
8/22/2012 2:49:14 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).
8/22/2012 2:49:14 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).
8/22/2012 2:49:14 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332).
8/19/2012 1:50:14 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
8/17/2012 9:02:51 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/16/2012 10:31:51 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Business Contact Manager SQL Server Startup Service service to connect.
8/16/2012 10:31:51 AM, error: Service Control Manager [7000] - The Business Contact Manager SQL Server Startup Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ========================

Thanks!!!
L.E.A.
sparticus2982's Avatar
sparticus2982 sparticus2982 is offline
Computer Specs
Member with 15 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Beginner
24-Aug-2012, 01:11 PM #2
I am sorry I didn't put this information down to begin with.
it's a trojan horse generic29.GJG well at least that's what AVG is calling it.
It's located here:
C:\\WINDOWS\system32\svchost.exe(1368)\memory_001a0000
C:\\WINDOWS\system32\svchost.exe(1368)
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,684 posts.
 
Join Date: Aug 2003
27-Aug-2012, 03:47 PM #3
Please go here and download the TDSSKiller.exe to your desktop.
  • Double-click to TDSSKiller.exe on your desktop to run it.
  • Click on Start Scan
  • As we don't want to fix anything yet, if any malicious objects are detected, do NOT select Cure but select Skip instead.
It will produce a log once it finishes in the root drive which should look like this example:

C:\TDSSKiller.<version_date_time>log.txt

Please copy and paste the contents of that log in your next reply.
__________________
Microsoft MVP - Consumer Security
sparticus2982's Avatar
sparticus2982 sparticus2982 is offline
Computer Specs
Member with 15 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Beginner
27-Aug-2012, 05:32 PM #4
17:29:40.0656 3940 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
17:29:41.0031 3940 ============================================================
17:29:41.0031 3940 Current date / time: 2012/08/27 17:29:41.0031
17:29:41.0031 3940 SystemInfo:
17:29:41.0031 3940
17:29:41.0031 3940 OS Version: 5.1.2600 ServicePack: 3.0
17:29:41.0031 3940 Product type: Workstation
17:29:41.0031 3940 ComputerName: TANTRACKSLAVE
17:29:41.0031 3940 UserName: Bret Wickstrom
17:29:41.0031 3940 Windows directory: C:\WINDOWS
17:29:41.0031 3940 System windows directory: C:\WINDOWS
17:29:41.0031 3940 Processor architecture: Intel x86
17:29:41.0031 3940 Number of processors: 1
17:29:41.0031 3940 Page size: 0x1000
17:29:41.0031 3940 Boot type: Normal boot
17:29:41.0031 3940 ============================================================
17:29:47.0718 3940 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:29:47.0718 3940 ============================================================
17:29:47.0718 3940 \Device\Harddisk0\DR0:
17:29:47.0718 3940 MBR partitions:
17:29:47.0718 3940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x4A69BB9
17:29:47.0718 3940 ============================================================
17:29:47.0734 3940 C: <-> \Device\Harddisk0\DR0\Partition1
17:29:47.0734 3940 ============================================================
17:29:47.0734 3940 Initialize success
17:29:47.0734 3940 ============================================================
17:29:55.0671 2928 ============================================================
17:29:55.0671 2928 Scan started
17:29:55.0671 2928 Mode: Manual;
17:29:55.0671 2928 ============================================================
17:29:58.0078 2928 ================ Scan system memory ========================
17:29:58.0078 2928 System memory - ok
17:29:58.0093 2928 ================ Scan services =============================
17:29:58.0281 2928 Abiosdsk - ok
17:29:58.0281 2928 abp480n5 - ok
17:29:58.0359 2928 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:29:58.0390 2928 ACPI - ok
17:29:58.0437 2928 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:29:58.0468 2928 ACPIEC - ok
17:29:58.0546 2928 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:29:58.0562 2928 AdobeFlashPlayerUpdateSvc - ok
17:29:58.0578 2928 adpu160m - ok
17:29:58.0593 2928 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:29:58.0609 2928 aec - ok
17:29:58.0656 2928 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:29:58.0687 2928 AFD - ok
17:29:58.0687 2928 Aha154x - ok
17:29:58.0703 2928 aic78u2 - ok
17:29:58.0718 2928 aic78xx - ok
17:29:58.0812 2928 [ 11F424D02AEA63A3A53445087072FDD0 ] aksfridge C:\WINDOWS\system32\DRIVERS\aksfridge.sys
17:29:58.0843 2928 aksfridge - ok
17:29:58.0921 2928 [ 64FC197D24A2B240598F29CE0A6660C0 ] akshasp C:\WINDOWS\system32\DRIVERS\akshasp.sys
17:29:58.0953 2928 akshasp - ok
17:29:59.0031 2928 [ 147B61B81BE1FFC38939EA47E5CFB51F ] akshhl C:\WINDOWS\system32\DRIVERS\akshhl.sys
17:29:59.0046 2928 akshhl - ok
17:29:59.0109 2928 [ CCE6C56F18D214DE8D66F3F2A774CD5B ] aksusb C:\WINDOWS\system32\DRIVERS\aksusb.sys
17:29:59.0140 2928 aksusb - ok
17:29:59.0203 2928 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:29:59.0218 2928 Alerter - ok
17:29:59.0265 2928 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:29:59.0281 2928 ALG - ok
17:29:59.0281 2928 AliIde - ok
17:29:59.0296 2928 amsint - ok
17:29:59.0343 2928 [ 090880E9BF20F928BC341F96D27C019E ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
17:29:59.0359 2928 ApfiltrService - ok
17:29:59.0390 2928 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:29:59.0421 2928 AppMgmt - ok
17:29:59.0484 2928 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:29:59.0515 2928 Arp1394 - ok
17:29:59.0515 2928 asc - ok
17:29:59.0531 2928 asc3350p - ok
17:29:59.0546 2928 asc3550 - ok
17:29:59.0750 2928 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:29:59.0765 2928 aspnet_state - ok
17:29:59.0796 2928 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:29:59.0812 2928 AsyncMac - ok
17:29:59.0843 2928 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:29:59.0843 2928 atapi - ok
17:29:59.0843 2928 Atdisk - ok
17:29:59.0890 2928 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:29:59.0921 2928 Atmarpc - ok
17:29:59.0953 2928 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:29:59.0953 2928 AudioSrv - ok
17:30:00.0000 2928 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:30:00.0015 2928 audstub - ok
17:30:00.0296 2928 [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
17:30:00.0312 2928 AVG Security Toolbar Service - ok
17:30:00.0375 2928 [ C4D15594DB5BE042D3346EA58DF87D89 ] avg9wd C:\Program Files\AVG\AVG9\avgwdsvc.exe
17:30:00.0375 2928 avg9wd - ok
17:30:00.0453 2928 [ B8C187439D27ABA430DD69FDCF1FA657 ] AvgLdx86 C:\WINDOWS\system32\Drivers\avgldx86.sys
17:30:00.0453 2928 AvgLdx86 - ok
17:30:00.0531 2928 [ 80FF2B1B7EEDA966394F0BAA895BBF4B ] AvgMfx86 C:\WINDOWS\system32\Drivers\avgmfx86.sys
17:30:00.0531 2928 AvgMfx86 - ok
17:30:00.0609 2928 [ 9A7A93388F503A34E7339AE7F9997449 ] AvgTdiX C:\WINDOWS\system32\Drivers\avgtdix.sys
17:30:00.0609 2928 AvgTdiX - ok
17:30:00.0718 2928 [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
17:30:00.0765 2928 BCM43XX - ok
17:30:00.0843 2928 [ 78123F44BE9E4768852A3A017E02D637 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
17:30:00.0859 2928 bcm4sbxp - ok
17:30:00.0968 2928 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
17:30:00.0968 2928 BcmSqlStartupSvc - ok
17:30:01.0031 2928 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:30:01.0046 2928 Beep - ok
17:30:01.0125 2928 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:30:01.0234 2928 BITS - ok
17:30:01.0359 2928 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:30:01.0390 2928 Bonjour Service - ok
17:30:01.0484 2928 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
17:30:01.0484 2928 Browser - ok
17:30:01.0531 2928 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:30:01.0546 2928 cbidf2k - ok
17:30:01.0562 2928 cd20xrnt - ok
17:30:01.0625 2928 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:30:01.0656 2928 Cdaudio - ok
17:30:01.0734 2928 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:30:01.0750 2928 Cdfs - ok
17:30:01.0828 2928 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:30:01.0843 2928 Cdrom - ok
17:30:01.0906 2928 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
17:30:01.0921 2928 cercsr6 - ok
17:30:01.0937 2928 Changer - ok
17:30:01.0968 2928 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:30:01.0984 2928 CiSvc - ok
17:30:02.0000 2928 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:30:02.0031 2928 ClipSrv - ok
17:30:02.0140 2928 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:30:02.0156 2928 clr_optimization_v2.0.50727_32 - ok
17:30:02.0218 2928 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:30:02.0296 2928 clr_optimization_v4.0.30319_32 - ok
17:30:02.0328 2928 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:30:02.0359 2928 CmBatt - ok
17:30:02.0359 2928 CmdIde - ok
17:30:02.0421 2928 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:30:02.0453 2928 Compbatt - ok
17:30:02.0453 2928 COMSysApp - ok
17:30:02.0500 2928 Cpqarray - ok
17:30:02.0546 2928 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:30:02.0546 2928 CryptSvc - ok
17:30:02.0562 2928 dac2w2k - ok
17:30:02.0578 2928 dac960nt - ok
17:30:02.0671 2928 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:30:02.0718 2928 DcomLaunch - ok
17:30:02.0796 2928 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:30:02.0796 2928 Dhcp - ok
17:30:02.0812 2928 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:30:02.0828 2928 Disk - ok
17:30:02.0843 2928 dmadmin - ok
17:30:02.0890 2928 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:30:02.0984 2928 dmboot - ok
17:30:03.0046 2928 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:30:03.0062 2928 dmio - ok
17:30:03.0093 2928 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:30:03.0109 2928 dmload - ok
17:30:03.0171 2928 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:30:03.0171 2928 dmserver - ok
17:30:03.0187 2928 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:30:03.0203 2928 DMusic - ok
17:30:03.0265 2928 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:30:03.0281 2928 Dnscache - ok
17:30:03.0343 2928 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:30:03.0359 2928 Dot3svc - ok
17:30:03.0375 2928 dpti2o - ok
17:30:03.0421 2928 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:30:03.0437 2928 drmkaud - ok
17:30:03.0468 2928 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:30:03.0500 2928 EapHost - ok
17:30:03.0531 2928 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:30:03.0546 2928 ERSvc - ok
17:30:03.0625 2928 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:30:03.0640 2928 Eventlog - ok
17:30:03.0718 2928 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
17:30:03.0765 2928 EventSystem - ok
17:30:03.0781 2928 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:30:03.0812 2928 Fastfat - ok
17:30:03.0890 2928 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:30:03.0906 2928 FastUserSwitchingCompatibility - ok
17:30:03.0984 2928 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
17:30:04.0015 2928 Fdc - ok
17:30:04.0031 2928 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:30:04.0046 2928 Fips - ok
17:30:04.0062 2928 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
17:30:04.0078 2928 Flpydisk - ok
17:30:04.0171 2928 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:30:04.0203 2928 FltMgr - ok
17:30:04.0281 2928 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:30:04.0296 2928 FontCache3.0.0.0 - ok
17:30:04.0328 2928 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:30:04.0343 2928 Fs_Rec - ok
17:30:04.0359 2928 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:30:04.0375 2928 Ftdisk - ok
17:30:04.0421 2928 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:30:04.0453 2928 Gpc - ok
17:30:04.0531 2928 [ 995178A443B07FA9EEAEA041D7B4B5CA ] hardlock C:\WINDOWS\system32\drivers\hardlock.sys
17:30:04.0750 2928 hardlock - ok
17:30:04.0750 2928 hasplms - ok
17:30:04.0890 2928 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:30:04.0890 2928 helpsvc - ok
17:30:04.0953 2928 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:30:04.0968 2928 HidServ - ok
17:30:05.0000 2928 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:30:05.0015 2928 hidusb - ok
17:30:05.0062 2928 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:30:05.0093 2928 hkmsvc - ok
17:30:05.0093 2928 hpn - ok
17:30:05.0156 2928 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:30:05.0171 2928 HPZid412 - ok
17:30:05.0203 2928 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:30:05.0218 2928 HPZipr12 - ok
17:30:05.0265 2928 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:30:05.0281 2928 HPZius12 - ok
17:30:05.0375 2928 [ A84BBBDD125D370593004F6429F8445C ] HSFHWICH C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
17:30:05.0406 2928 HSFHWICH - ok
17:30:05.0500 2928 [ B678FA91CF4A1C19B462D8DB04CD02AB ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
17:30:05.0625 2928 HSF_DPV - ok
17:30:05.0703 2928 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:30:05.0734 2928 HTTP - ok
17:30:05.0781 2928 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:30:05.0812 2928 HTTPFilter - ok
17:30:05.0812 2928 i2omgmt - ok
17:30:05.0828 2928 i2omp - ok
17:30:05.0875 2928 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:30:05.0890 2928 i8042prt - ok
17:30:06.0031 2928 [ D705558B6A678E894C5C67430EEF67A2 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:30:06.0218 2928 ialm - ok
17:30:06.0359 2928 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:30:06.0390 2928 IDriverT - ok
17:30:06.0468 2928 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:30:06.0500 2928 idsvc - ok
17:30:06.0546 2928 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:30:06.0562 2928 Imapi - ok
17:30:06.0625 2928 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:30:06.0656 2928 ImapiService - ok
17:30:06.0671 2928 ini910u - ok
17:30:06.0750 2928 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
17:30:06.0765 2928 IntelIde - ok
17:30:06.0828 2928 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:30:06.0859 2928 intelppm - ok
17:30:06.0906 2928 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:30:06.0937 2928 Ip6Fw - ok
17:30:06.0968 2928 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:30:06.0984 2928 IpFilterDriver - ok
17:30:07.0015 2928 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:30:07.0046 2928 IpInIp - ok
17:30:07.0093 2928 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:30:07.0125 2928 IpNat - ok
17:30:07.0187 2928 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:30:07.0203 2928 IPSec - ok
17:30:07.0265 2928 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:30:07.0296 2928 IRENUM - ok
17:30:07.0343 2928 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:30:07.0359 2928 isapnp - ok
17:30:07.0500 2928 [ 1834C96FB1F9280BCF6DDFA6DE8338BF ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
17:30:07.0515 2928 JavaQuickStarterService - ok
17:30:07.0546 2928 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:30:07.0562 2928 Kbdclass - ok
17:30:07.0578 2928 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:30:07.0593 2928 kbdhid - ok
17:30:07.0625 2928 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:30:07.0640 2928 kmixer - ok
17:30:07.0718 2928 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:30:07.0734 2928 KSecDD - ok
17:30:07.0812 2928 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:30:07.0843 2928 lanmanserver - ok
17:30:07.0921 2928 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:30:07.0953 2928 lanmanworkstation - ok
17:30:07.0953 2928 lbrtfdc - ok
17:30:08.0031 2928 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:30:08.0031 2928 LmHosts - ok
17:30:08.0171 2928 [ 63DAF163D1617DD611BD0AB8E41A43E8 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
17:30:08.0171 2928 LMIGuardianSvc - ok
17:30:08.0250 2928 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
17:30:08.0250 2928 LMIInfo - ok
17:30:08.0296 2928 [ 175F50F37EEAA1D4D744BCCCBB7CF68C ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
17:30:08.0296 2928 LMIMaint - ok
17:30:08.0359 2928 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
17:30:08.0359 2928 lmimirr - ok
17:30:08.0375 2928 LMIRfsClientNP - ok
17:30:08.0421 2928 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
17:30:08.0421 2928 LMIRfsDriver - ok
17:30:08.0500 2928 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
17:30:08.0500 2928 LogMeIn - ok
17:30:08.0578 2928 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:30:08.0609 2928 mdmxsdk - ok
17:30:08.0656 2928 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:30:08.0687 2928 Messenger - ok
17:30:08.0750 2928 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:30:08.0765 2928 mnmdd - ok
17:30:08.0843 2928 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:30:08.0859 2928 mnmsrvc - ok
17:30:08.0921 2928 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:30:08.0953 2928 Modem - ok
17:30:08.0968 2928 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:30:08.0984 2928 Mouclass - ok
17:30:09.0015 2928 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:30:09.0031 2928 mouhid - ok
17:30:09.0046 2928 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:30:09.0078 2928 MountMgr - ok
17:30:09.0078 2928 mraid35x - ok
17:30:09.0125 2928 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:30:09.0140 2928 MRxDAV - ok
17:30:09.0250 2928 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:30:09.0312 2928 MRxSmb - ok
17:30:09.0375 2928 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:30:09.0406 2928 MSDTC - ok
17:30:09.0437 2928 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:30:09.0453 2928 Msfs - ok
17:30:09.0468 2928 MSIServer - ok
17:30:09.0500 2928 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:30:09.0515 2928 MSKSSRV - ok
17:30:09.0546 2928 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:30:09.0562 2928 MSPCLOCK - ok
17:30:09.0578 2928 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:30:09.0609 2928 MSPQM - ok
17:30:09.0625 2928 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:30:09.0640 2928 mssmbios - ok
17:30:09.0765 2928 MSSQL$MSSMLBIZ - ok
17:30:09.0859 2928 [ C06EA83F6FC2959E897C117255B6B1D5 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:30:09.0859 2928 MSSQLServerADHelper - ok
17:30:09.0921 2928 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:30:09.0937 2928 Mup - ok
17:30:10.0031 2928 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:30:10.0078 2928 napagent - ok
17:30:10.0125 2928 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:30:10.0156 2928 NDIS - ok
17:30:10.0218 2928 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:30:10.0250 2928 NdisTapi - ok
17:30:10.0296 2928 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:30:10.0312 2928 Ndisuio - ok
17:30:10.0328 2928 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:30:10.0359 2928 NdisWan - ok
17:30:10.0437 2928 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:30:10.0468 2928 NDProxy - ok
17:30:10.0484 2928 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:30:10.0500 2928 NetBIOS - ok
17:30:10.0578 2928 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:30:10.0593 2928 NetBT - ok
17:30:10.0656 2928 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:30:10.0671 2928 NetDDE - ok
17:30:10.0687 2928 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:30:10.0687 2928 NetDDEdsdm - ok
17:30:10.0718 2928 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:30:10.0750 2928 Netlogon - ok
17:30:10.0812 2928 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:30:10.0828 2928 Netman - ok
17:30:10.0875 2928 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:30:10.0906 2928 NetTcpPortSharing - ok
17:30:10.0953 2928 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:30:10.0984 2928 NIC1394 - ok
17:30:11.0062 2928 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
17:30:11.0062 2928 Nla - ok
17:30:11.0078 2928 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:30:11.0093 2928 Npfs - ok
17:30:11.0203 2928 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:30:11.0265 2928 Ntfs - ok
17:30:11.0281 2928 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:30:11.0281 2928 NtLmSsp - ok
17:30:11.0328 2928 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:30:11.0437 2928 NtmsSvc - ok
17:30:11.0468 2928 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:30:11.0484 2928 Null - ok
17:30:11.0531 2928 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:30:11.0546 2928 NwlnkFlt - ok
17:30:11.0562 2928 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:30:11.0593 2928 NwlnkFwd - ok
17:30:11.0750 2928 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:30:11.0765 2928 odserv - ok
17:30:11.0812 2928 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:30:11.0843 2928 ohci1394 - ok
17:30:11.0921 2928 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:30:11.0921 2928 ose - ok
17:30:12.0000 2928 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
17:30:12.0015 2928 Parport - ok
17:30:12.0046 2928 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:30:12.0062 2928 PartMgr - ok
17:30:12.0109 2928 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:30:12.0109 2928 ParVdm - ok
17:30:12.0156 2928 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:30:12.0171 2928 PCI - ok
17:30:12.0187 2928 PCIDump - ok
17:30:12.0234 2928 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
17:30:12.0265 2928 PCIIde - ok
17:30:12.0328 2928 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:30:12.0343 2928 Pcmcia - ok
17:30:12.0359 2928 PDCOMP - ok
17:30:12.0375 2928 PDFRAME - ok
17:30:12.0375 2928 PDRELI - ok
17:30:12.0390 2928 PDRFRAME - ok
17:30:12.0406 2928 perc2 - ok
17:30:12.0421 2928 perc2hib - ok
17:30:12.0468 2928 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:30:12.0484 2928 PlugPlay - ok
17:30:12.0500 2928 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:30:12.0500 2928 PolicyAgent - ok
17:30:12.0562 2928 [ DE54FE2E4F635A2563631E13F04DCFB8 ] POSPerformanceCounters c:\Program Files\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe
17:30:12.0562 2928 POSPerformanceCounters - ok
17:30:12.0625 2928 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:30:12.0640 2928 PptpMiniport - ok
17:30:12.0656 2928 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:30:12.0656 2928 ProtectedStorage - ok
17:30:12.0671 2928 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:30:12.0687 2928 PSched - ok
17:30:12.0734 2928 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:30:12.0750 2928 Ptilink - ok
17:30:12.0796 2928 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:30:12.0796 2928 PxHelp20 - ok
17:30:12.0812 2928 ql1080 - ok
17:30:12.0812 2928 Ql10wnt - ok
17:30:12.0828 2928 ql12160 - ok
17:30:12.0843 2928 ql1240 - ok
17:30:12.0859 2928 ql1280 - ok
17:30:12.0921 2928 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:30:12.0937 2928 RasAcd - ok
17:30:12.0984 2928 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:30:13.0015 2928 RasAuto - ok
17:30:13.0062 2928 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:30:13.0093 2928 Rasl2tp - ok
17:30:13.0156 2928 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:30:13.0171 2928 RasMan - ok
17:30:13.0187 2928 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:30:13.0203 2928 RasPppoe - ok
17:30:13.0218 2928 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:30:13.0250 2928 Raspti - ok
17:30:13.0296 2928 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:30:13.0328 2928 Rdbss - ok
17:30:13.0390 2928 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:30:13.0406 2928 RDPCDD - ok
17:30:13.0484 2928 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:30:13.0500 2928 rdpdr - ok
17:30:13.0562 2928 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:30:13.0593 2928 RDPWD - ok
17:30:13.0625 2928 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:30:13.0671 2928 RDSessMgr - ok
17:30:13.0703 2928 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:30:13.0718 2928 redbook - ok
17:30:13.0781 2928 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:30:13.0812 2928 RemoteAccess - ok
17:30:13.0843 2928 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:30:13.0859 2928 RemoteRegistry - ok
17:30:13.0890 2928 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
17:30:13.0906 2928 RpcLocator - ok
17:30:13.0968 2928 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:30:13.0968 2928 RpcSs - ok
17:30:14.0031 2928 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:30:14.0062 2928 RSVP - ok
17:30:14.0093 2928 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:30:14.0093 2928 SamSs - ok
17:30:14.0140 2928 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:30:14.0156 2928 SCardSvr - ok
17:30:14.0218 2928 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:30:14.0218 2928 Schedule - ok
17:30:14.0328 2928 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:30:14.0343 2928 sdbus - ok
17:30:14.0406 2928 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:30:14.0421 2928 Secdrv - ok
17:30:14.0453 2928 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:30:14.0468 2928 seclogon - ok
17:30:14.0500 2928 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:30:14.0500 2928 SENS - ok
17:30:14.0578 2928 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
17:30:14.0593 2928 Serial - ok
17:30:14.0703 2928 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:30:14.0718 2928 Sfloppy - ok
17:30:14.0812 2928 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:30:14.0828 2928 SharedAccess - ok
17:30:14.0906 2928 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:30:14.0921 2928 ShellHWDetection - ok
17:30:14.0921 2928 Simbad - ok
17:30:14.0953 2928 Sparrow - ok
17:30:15.0000 2928 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:30:15.0015 2928 splitter - ok
17:30:15.0078 2928 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:30:15.0093 2928 Spooler - ok
17:30:15.0187 2928 [ B2EC3E1DEAC5F0A764BD3486D213A0AF ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:30:15.0187 2928 SQLBrowser - ok
17:30:15.0265 2928 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:30:15.0265 2928 SQLWriter - ok
17:30:15.0281 2928 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:30:15.0390 2928 sr - ok
17:30:15.0453 2928 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
17:30:15.0468 2928 srservice - ok
17:30:15.0562 2928 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:30:15.0609 2928 Srv - ok
17:30:15.0671 2928 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:30:15.0703 2928 SSDPSRV - ok
17:30:15.0781 2928 [ 305CC42945A713347F978D78566113F3 ] STAC97 C:\WINDOWS\system32\drivers\STAC97.sys
17:30:15.0828 2928 STAC97 - ok
17:30:15.0921 2928 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:30:15.0921 2928 stisvc - ok
17:30:15.0968 2928 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:30:15.0984 2928 swenum - ok
17:30:16.0031 2928 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:30:16.0046 2928 swmidi - ok
17:30:16.0062 2928 SwPrv - ok
17:30:16.0078 2928 symc810 - ok
17:30:16.0093 2928 symc8xx - ok
17:30:16.0109 2928 sym_hi - ok
17:30:16.0125 2928 sym_u3 - ok
17:30:16.0203 2928 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:30:16.0203 2928 sysaudio - ok
17:30:16.0265 2928 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:30:16.0312 2928 SysmonLog - ok
17:30:16.0390 2928 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:30:16.0406 2928 TapiSrv - ok
17:30:16.0500 2928 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:30:16.0531 2928 Tcpip - ok
17:30:16.0593 2928 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:30:16.0625 2928 TDPIPE - ok
17:30:16.0656 2928 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:30:16.0671 2928 TDTCP - ok
17:30:16.0687 2928 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:30:16.0718 2928 TermDD - ok
17:30:16.0781 2928 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:30:16.0812 2928 TermService - ok
17:30:16.0843 2928 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:30:16.0843 2928 Themes - ok
17:30:16.0906 2928 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:30:16.0921 2928 TlntSvr - ok
17:30:16.0937 2928 TosIde - ok
17:30:17.0000 2928 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:30:17.0000 2928 TrkWks - ok
17:30:17.0062 2928 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:30:17.0078 2928 Udfs - ok
17:30:17.0109 2928 ultra - ok
17:30:17.0187 2928 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:30:17.0250 2928 Update - ok
17:30:17.0312 2928 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:30:17.0343 2928 upnphost - ok
17:30:17.0375 2928 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:30:17.0406 2928 UPS - ok
17:30:17.0421 2928 USBAAPL - ok
17:30:17.0468 2928 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
17:30:17.0500 2928 usbaudio - ok
17:30:17.0531 2928 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:30:17.0562 2928 usbccgp - ok
17:30:17.0609 2928 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:30:17.0625 2928 usbehci - ok
17:30:17.0718 2928 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:30:17.0734 2928 usbhub - ok
17:30:17.0781 2928 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:30:17.0796 2928 usbprint - ok
17:30:17.0843 2928 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:30:17.0859 2928 usbscan - ok
17:30:17.0906 2928 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:30:17.0921 2928 usbstor - ok
17:30:17.0968 2928 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:30:17.0984 2928 usbuhci - ok
17:30:18.0000 2928 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:30:18.0031 2928 VgaSave - ok
17:30:18.0031 2928 ViaIde - ok
17:30:18.0062 2928 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:30:18.0078 2928 VolSnap - ok
17:30:18.0140 2928 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:30:18.0187 2928 VSS - ok
17:30:18.0437 2928 [ 8ED347BAD8D1FB7C40B593BFB01786D2 ] vToolbarUpdater11.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
17:30:18.0500 2928 vToolbarUpdater11.2.0 - ok
17:30:18.0609 2928 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
17:30:18.0625 2928 W32Time - ok
17:30:18.0640 2928 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:30:18.0656 2928 Wanarp - ok
17:30:18.0671 2928 WDICA - ok
17:30:18.0734 2928 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:30:18.0734 2928 wdmaud - ok
17:30:18.0796 2928 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:30:18.0812 2928 WebClient - ok
17:30:18.0890 2928 [ 0C5B9CF1BDF998750D9C5EEB5F8C55AC ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:30:19.0015 2928 winachsf - ok
17:30:19.0171 2928 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:30:19.0187 2928 winmgmt - ok
17:30:19.0218 2928 wltrysvc - ok
17:30:19.0265 2928 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:30:19.0296 2928 WmdmPmSN - ok
17:30:19.0390 2928 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:30:19.0437 2928 Wmi - ok
17:30:19.0500 2928 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:30:19.0562 2928 WmiApSrv - ok
17:30:19.0671 2928 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
17:30:19.0781 2928 WMPNetworkSvc - ok
17:30:19.0828 2928 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:30:19.0843 2928 WpdUsb - ok
17:30:19.0953 2928 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:30:19.0984 2928 WPFFontCache_v0400 - ok
17:30:20.0046 2928 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:30:20.0062 2928 WS2IFSL - ok
17:30:20.0140 2928 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:30:20.0156 2928 wscsvc - ok
17:30:20.0171 2928 WSearch - ok
17:30:20.0234 2928 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:30:20.0265 2928 wuauserv - ok
17:30:20.0328 2928 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:30:20.0375 2928 WudfPf - ok
17:30:20.0406 2928 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:30:20.0437 2928 WudfRd - ok
17:30:20.0484 2928 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:30:20.0500 2928 WudfSvc - ok
17:30:20.0609 2928 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:30:20.0640 2928 WZCSVC - ok
17:30:20.0703 2928 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:30:20.0734 2928 xmlprov - ok
17:30:20.0750 2928 ================ Scan global ===============================
17:30:20.0812 2928 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:30:20.0906 2928 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:30:20.0953 2928 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:30:20.0984 2928 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:30:20.0984 2928 [Global] - ok
17:30:21.0000 2928 ================ Scan MBR ==================================
17:30:21.0000 2928 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:30:21.0000 2928 Suspicious mbr (Forged): \Device\Harddisk0\DR0
17:30:21.0015 2928 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
17:30:21.0015 2928 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
17:30:21.0015 2928 ================ Scan VBR ==================================
17:30:21.0046 2928 [ 917ECA1E195380B51C71ADD227718634 ] \Device\Harddisk0\DR0\Partition1
17:30:21.0046 2928 \Device\Harddisk0\DR0\Partition1 - ok
17:30:21.0062 2928 ============================================================
17:30:21.0062 2928 Scan finished
17:30:21.0062 2928 ============================================================
17:30:21.0078 0124 Detected object count: 1
17:30:21.0078 0124 Actual detected object count: 1
17:30:31.0375 0124 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user
17:30:31.0375 0124 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip



THANK YOU so so much
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,684 posts.
 
Join Date: Aug 2003
27-Aug-2012, 06:10 PM #5
Run TDSSKiller again and this time allow it to cure what was found please and post the new log.
sparticus2982's Avatar
sparticus2982 sparticus2982 is offline
Computer Specs
Member with 15 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Beginner
27-Aug-2012, 07:25 PM #6
18:47:24.0390 1216 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:47:24.0718 1216 ============================================================
18:47:24.0718 1216 Current date / time: 2012/08/27 18:47:24.0718
18:47:24.0718 1216 SystemInfo:
18:47:24.0718 1216
18:47:24.0718 1216 OS Version: 5.1.2600 ServicePack: 3.0
18:47:24.0718 1216 Product type: Workstation
18:47:24.0718 1216 ComputerName: TANTRACKSLAVE
18:47:24.0718 1216 UserName: Bret Wickstrom
18:47:24.0718 1216 Windows directory: C:\WINDOWS
18:47:24.0718 1216 System windows directory: C:\WINDOWS
18:47:24.0718 1216 Processor architecture: Intel x86
18:47:24.0718 1216 Number of processors: 1
18:47:24.0718 1216 Page size: 0x1000
18:47:24.0718 1216 Boot type: Normal boot
18:47:24.0718 1216 ============================================================
18:47:32.0671 1216 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:47:32.0671 1216 ============================================================
18:47:32.0671 1216 \Device\Harddisk0\DR0:
18:47:32.0671 1216 MBR partitions:
18:47:32.0671 1216 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x4A69BB9
18:47:32.0671 1216 ============================================================
18:47:32.0734 1216 C: <-> \Device\Harddisk0\DR0\Partition1
18:47:32.0734 1216 ============================================================
18:47:32.0734 1216 Initialize success
18:47:32.0734 1216 ============================================================
18:47:35.0453 0260 ============================================================
18:47:35.0453 0260 Scan started
18:47:35.0453 0260 Mode: Manual;
18:47:35.0453 0260 ============================================================
18:47:37.0015 0260 ================ Scan system memory ========================
18:47:37.0015 0260 System memory - ok
18:47:37.0015 0260 ================ Scan services =============================
18:47:37.0171 0260 Abiosdsk - ok
18:47:37.0187 0260 abp480n5 - ok
18:47:37.0265 0260 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:47:37.0265 0260 ACPI - ok
18:47:37.0328 0260 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:47:37.0328 0260 ACPIEC - ok
18:47:37.0421 0260 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:47:37.0421 0260 AdobeFlashPlayerUpdateSvc - ok
18:47:37.0437 0260 adpu160m - ok
18:47:37.0500 0260 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:47:37.0500 0260 aec - ok
18:47:37.0562 0260 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:47:37.0562 0260 AFD - ok
18:47:37.0578 0260 Aha154x - ok
18:47:37.0578 0260 aic78u2 - ok
18:47:37.0593 0260 aic78xx - ok
18:47:37.0687 0260 [ 11F424D02AEA63A3A53445087072FDD0 ] aksfridge C:\WINDOWS\system32\DRIVERS\aksfridge.sys
18:47:37.0687 0260 aksfridge - ok
18:47:37.0781 0260 [ 64FC197D24A2B240598F29CE0A6660C0 ] akshasp C:\WINDOWS\system32\DRIVERS\akshasp.sys
18:47:37.0781 0260 akshasp - ok
18:47:37.0843 0260 [ 147B61B81BE1FFC38939EA47E5CFB51F ] akshhl C:\WINDOWS\system32\DRIVERS\akshhl.sys
18:47:37.0843 0260 akshhl - ok
18:47:37.0921 0260 [ CCE6C56F18D214DE8D66F3F2A774CD5B ] aksusb C:\WINDOWS\system32\DRIVERS\aksusb.sys
18:47:37.0921 0260 aksusb - ok
18:47:37.0984 0260 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:47:37.0984 0260 Alerter - ok
18:47:38.0031 0260 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
18:47:38.0031 0260 ALG - ok
18:47:38.0031 0260 AliIde - ok
18:47:38.0046 0260 amsint - ok
18:47:38.0125 0260 [ 090880E9BF20F928BC341F96D27C019E ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
18:47:38.0125 0260 ApfiltrService - ok
18:47:38.0171 0260 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:47:38.0171 0260 AppMgmt - ok
18:47:38.0234 0260 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:47:38.0234 0260 Arp1394 - ok
18:47:38.0250 0260 asc - ok
18:47:38.0265 0260 asc3350p - ok
18:47:38.0281 0260 asc3550 - ok
18:47:38.0468 0260 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:47:38.0468 0260 aspnet_state - ok
18:47:38.0515 0260 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:47:38.0515 0260 AsyncMac - ok
18:47:38.0531 0260 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:47:38.0546 0260 atapi - ok
18:47:38.0546 0260 Atdisk - ok
18:47:38.0593 0260 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:47:38.0593 0260 Atmarpc - ok
18:47:38.0625 0260 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:47:38.0625 0260 AudioSrv - ok
18:47:38.0671 0260 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:47:38.0671 0260 audstub - ok
18:47:38.0906 0260 [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
18:47:38.0906 0260 AVG Security Toolbar Service - ok
18:47:38.0968 0260 [ C4D15594DB5BE042D3346EA58DF87D89 ] avg9wd C:\Program Files\AVG\AVG9\avgwdsvc.exe
18:47:38.0968 0260 avg9wd - ok
18:47:39.0046 0260 [ B8C187439D27ABA430DD69FDCF1FA657 ] AvgLdx86 C:\WINDOWS\system32\Drivers\avgldx86.sys
18:47:39.0062 0260 AvgLdx86 - ok
18:47:39.0125 0260 [ 80FF2B1B7EEDA966394F0BAA895BBF4B ] AvgMfx86 C:\WINDOWS\system32\Drivers\avgmfx86.sys
18:47:39.0125 0260 AvgMfx86 - ok
18:47:39.0218 0260 [ 9A7A93388F503A34E7339AE7F9997449 ] AvgTdiX C:\WINDOWS\system32\Drivers\avgtdix.sys
18:47:39.0218 0260 AvgTdiX - ok
18:47:39.0328 0260 [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
18:47:39.0343 0260 BCM43XX - ok
18:47:39.0406 0260 [ 78123F44BE9E4768852A3A017E02D637 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
18:47:39.0406 0260 bcm4sbxp - ok
18:47:39.0500 0260 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
18:47:39.0500 0260 BcmSqlStartupSvc - ok
18:47:39.0562 0260 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:47:39.0562 0260 Beep - ok
18:47:39.0656 0260 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
18:47:39.0656 0260 BITS - ok
18:47:39.0781 0260 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:47:39.0796 0260 Bonjour Service - ok
18:47:39.0875 0260 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
18:47:39.0875 0260 Browser - ok
18:47:39.0921 0260 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:47:39.0921 0260 cbidf2k - ok
18:47:39.0921 0260 cd20xrnt - ok
18:47:40.0000 0260 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:47:40.0000 0260 Cdaudio - ok
18:47:40.0078 0260 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:47:40.0078 0260 Cdfs - ok
18:47:40.0140 0260 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:47:40.0156 0260 Cdrom - ok
18:47:40.0203 0260 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
18:47:40.0203 0260 cercsr6 - ok
18:47:40.0218 0260 Changer - ok
18:47:40.0250 0260 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:47:40.0250 0260 CiSvc - ok
18:47:40.0281 0260 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:47:40.0281 0260 ClipSrv - ok
18:47:40.0390 0260 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:47:40.0406 0260 clr_optimization_v2.0.50727_32 - ok
18:47:40.0453 0260 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:47:40.0453 0260 clr_optimization_v4.0.30319_32 - ok
18:47:40.0515 0260 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:47:40.0515 0260 CmBatt - ok
18:47:40.0531 0260 CmdIde - ok
18:47:40.0562 0260 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:47:40.0562 0260 Compbatt - ok
18:47:40.0578 0260 COMSysApp - ok
18:47:40.0593 0260 Cpqarray - ok
18:47:40.0671 0260 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:47:40.0671 0260 CryptSvc - ok
18:47:40.0687 0260 dac2w2k - ok
18:47:40.0703 0260 dac960nt - ok
18:47:40.0796 0260 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:47:40.0796 0260 DcomLaunch - ok
18:47:40.0890 0260 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:47:40.0890 0260 Dhcp - ok
18:47:40.0906 0260 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:47:40.0906 0260 Disk - ok
18:47:40.0921 0260 dmadmin - ok
18:47:41.0031 0260 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:47:41.0046 0260 dmboot - ok
18:47:41.0093 0260 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:47:41.0093 0260 dmio - ok
18:47:41.0140 0260 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:47:41.0140 0260 dmload - ok
18:47:41.0203 0260 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:47:41.0203 0260 dmserver - ok
18:47:41.0234 0260 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:47:41.0234 0260 DMusic - ok
18:47:41.0296 0260 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:47:41.0296 0260 Dnscache - ok
18:47:41.0359 0260 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:47:41.0359 0260 Dot3svc - ok
18:47:41.0359 0260 dpti2o - ok
18:47:41.0421 0260 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:47:41.0421 0260 drmkaud - ok
18:47:41.0468 0260 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:47:41.0484 0260 EapHost - ok
18:47:41.0531 0260 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:47:41.0531 0260 ERSvc - ok
18:47:41.0609 0260 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
18:47:41.0609 0260 Eventlog - ok
18:47:41.0687 0260 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
18:47:41.0687 0260 EventSystem - ok
18:47:41.0703 0260 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:47:41.0703 0260 Fastfat - ok
18:47:41.0796 0260 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:47:41.0796 0260 FastUserSwitchingCompatibility - ok
18:47:41.0828 0260 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
18:47:41.0828 0260 Fdc - ok
18:47:41.0843 0260 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:47:41.0843 0260 Fips - ok
18:47:41.0906 0260 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
18:47:41.0906 0260 Flpydisk - ok
18:47:41.0984 0260 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:47:41.0984 0260 FltMgr - ok
18:47:42.0078 0260 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:47:42.0078 0260 FontCache3.0.0.0 - ok
18:47:42.0125 0260 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:47:42.0125 0260 Fs_Rec - ok
18:47:42.0140 0260 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:47:42.0156 0260 Ftdisk - ok
18:47:42.0156 0260 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:47:42.0171 0260 Gpc - ok
18:47:42.0250 0260 [ 995178A443B07FA9EEAEA041D7B4B5CA ] hardlock C:\WINDOWS\system32\drivers\hardlock.sys
18:47:42.0265 0260 hardlock - ok
18:47:42.0281 0260 hasplms - ok
18:47:42.0421 0260 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:47:42.0421 0260 helpsvc - ok
18:47:42.0468 0260 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
18:47:42.0468 0260 HidServ - ok
18:47:42.0515 0260 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:47:42.0515 0260 hidusb - ok
18:47:42.0562 0260 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:47:42.0562 0260 hkmsvc - ok
18:47:42.0578 0260 hpn - ok
18:47:42.0640 0260 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:47:42.0640 0260 HPZid412 - ok
18:47:42.0671 0260 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:47:42.0671 0260 HPZipr12 - ok
18:47:42.0703 0260 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:47:42.0703 0260 HPZius12 - ok
18:47:42.0765 0260 [ A84BBBDD125D370593004F6429F8445C ] HSFHWICH C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
18:47:42.0765 0260 HSFHWICH - ok
18:47:42.0859 0260 [ B678FA91CF4A1C19B462D8DB04CD02AB ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
18:47:42.0875 0260 HSF_DPV - ok
18:47:42.0953 0260 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:47:42.0953 0260 HTTP - ok
18:47:43.0015 0260 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:47:43.0015 0260 HTTPFilter - ok
18:47:43.0015 0260 i2omgmt - ok
18:47:43.0031 0260 i2omp - ok
18:47:43.0093 0260 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:47:43.0109 0260 i8042prt - ok
18:47:43.0234 0260 [ D705558B6A678E894C5C67430EEF67A2 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
18:47:43.0250 0260 ialm - ok
18:47:43.0343 0260 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:47:43.0343 0260 IDriverT - ok
18:47:43.0437 0260 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:47:43.0453 0260 idsvc - ok
18:47:43.0500 0260 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:47:43.0500 0260 Imapi - ok
18:47:43.0562 0260 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:47:43.0578 0260 ImapiService - ok
18:47:43.0593 0260 ini910u - ok
18:47:43.0687 0260 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
18:47:43.0687 0260 IntelIde - ok
18:47:43.0750 0260 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:47:43.0750 0260 intelppm - ok
18:47:43.0796 0260 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:47:43.0796 0260 Ip6Fw - ok
18:47:43.0843 0260 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:47:43.0843 0260 IpFilterDriver - ok
18:47:43.0859 0260 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:47:43.0859 0260 IpInIp - ok
18:47:43.0906 0260 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:47:43.0921 0260 IpNat - ok
18:47:43.0953 0260 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:47:43.0953 0260 IPSec - ok
18:47:44.0000 0260 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:47:44.0000 0260 IRENUM - ok
18:47:44.0046 0260 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:47:44.0046 0260 isapnp - ok
18:47:44.0187 0260 [ 1834C96FB1F9280BCF6DDFA6DE8338BF ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
18:47:44.0187 0260 JavaQuickStarterService - ok
18:47:44.0218 0260 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:47:44.0218 0260 Kbdclass - ok
18:47:44.0265 0260 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:47:44.0265 0260 kbdhid - ok
18:47:44.0312 0260 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:47:44.0312 0260 kmixer - ok
18:47:44.0390 0260 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:47:44.0390 0260 KSecDD - ok
18:47:44.0453 0260 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:47:44.0453 0260 lanmanserver - ok
18:47:44.0531 0260 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:47:44.0531 0260 lanmanworkstation - ok
18:47:44.0546 0260 lbrtfdc - ok
18:47:44.0625 0260 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:47:44.0625 0260 LmHosts - ok
18:47:44.0750 0260 [ 63DAF163D1617DD611BD0AB8E41A43E8 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
18:47:44.0750 0260 LMIGuardianSvc - ok
18:47:44.0828 0260 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
18:47:44.0828 0260 LMIInfo - ok
18:47:44.0859 0260 [ 175F50F37EEAA1D4D744BCCCBB7CF68C ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
18:47:44.0859 0260 LMIMaint - ok
18:47:44.0937 0260 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
18:47:44.0937 0260 lmimirr - ok
18:47:44.0937 0260 LMIRfsClientNP - ok
18:47:44.0984 0260 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
18:47:44.0984 0260 LMIRfsDriver - ok
18:47:45.0062 0260 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
18:47:45.0062 0260 LogMeIn - ok
18:47:45.0140 0260 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:47:45.0140 0260 mdmxsdk - ok
18:47:45.0203 0260 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:47:45.0203 0260 Messenger - ok
18:47:45.0265 0260 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:47:45.0265 0260 mnmdd - ok
18:47:45.0312 0260 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:47:45.0328 0260 mnmsrvc - ok
18:47:45.0375 0260 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:47:45.0375 0260 Modem - ok
18:47:45.0468 0260 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:47:45.0468 0260 Mouclass - ok
18:47:45.0500 0260 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:47:45.0500 0260 mouhid - ok
18:47:45.0562 0260 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:47:45.0562 0260 MountMgr - ok
18:47:45.0578 0260 mraid35x - ok
18:47:45.0593 0260 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:47:45.0593 0260 MRxDAV - ok
18:47:45.0703 0260 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:47:45.0703 0260 MRxSmb - ok
18:47:45.0781 0260 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:47:45.0781 0260 MSDTC - ok
18:47:45.0812 0260 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:47:45.0812 0260 Msfs - ok
18:47:45.0828 0260 MSIServer - ok
18:47:45.0859 0260 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:47:45.0859 0260 MSKSSRV - ok
18:47:45.0875 0260 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:47:45.0875 0260 MSPCLOCK - ok
18:47:45.0921 0260 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:47:45.0921 0260 MSPQM - ok
18:47:45.0937 0260 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:47:45.0937 0260 mssmbios - ok
18:47:46.0078 0260 MSSQL$MSSMLBIZ - ok
18:47:46.0171 0260 [ C06EA83F6FC2959E897C117255B6B1D5 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:47:46.0171 0260 MSSQLServerADHelper - ok
18:47:46.0234 0260 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:47:46.0234 0260 Mup - ok
18:47:46.0296 0260 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:47:46.0296 0260 napagent - ok
18:47:46.0328 0260 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:47:46.0328 0260 NDIS - ok
18:47:46.0375 0260 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:47:46.0375 0260 NdisTapi - ok
18:47:46.0437 0260 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:47:46.0437 0260 Ndisuio - ok
18:47:46.0468 0260 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:47:46.0468 0260 NdisWan - ok
18:47:46.0500 0260 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:47:46.0500 0260 NDProxy - ok
18:47:46.0531 0260 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:47:46.0531 0260 NetBIOS - ok
18:47:46.0609 0260 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:47:46.0609 0260 NetBT - ok
18:47:46.0656 0260 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
18:47:46.0656 0260 NetDDE - ok
18:47:46.0671 0260 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:47:46.0671 0260 NetDDEdsdm - ok
18:47:46.0703 0260 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:47:46.0703 0260 Netlogon - ok
18:47:46.0765 0260 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
18:47:46.0765 0260 Netman - ok
18:47:46.0812 0260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:47:46.0828 0260 NetTcpPortSharing - ok
18:47:46.0859 0260 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:47:46.0859 0260 NIC1394 - ok
18:47:46.0968 0260 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
18:47:46.0968 0260 Nla - ok
18:47:46.0984 0260 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:47:46.0984 0260 Npfs - ok
18:47:47.0078 0260 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:47:47.0093 0260 Ntfs - ok
18:47:47.0109 0260 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:47:47.0109 0260 NtLmSsp - ok
18:47:47.0171 0260 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:47:47.0187 0260 NtmsSvc - ok
18:47:47.0218 0260 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:47:47.0218 0260 Null - ok
18:47:47.0281 0260 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:47:47.0281 0260 NwlnkFlt - ok
18:47:47.0296 0260 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:47:47.0296 0260 NwlnkFwd - ok
18:47:47.0453 0260 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:47:47.0453 0260 odserv - ok
18:47:47.0500 0260 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:47:47.0500 0260 ohci1394 - ok
18:47:47.0578 0260 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:47:47.0578 0260 ose - ok
18:47:47.0656 0260 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
18:47:47.0656 0260 Parport - ok
18:47:47.0671 0260 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:47:47.0687 0260 PartMgr - ok
18:47:47.0718 0260 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:47:47.0718 0260 ParVdm - ok
18:47:47.0765 0260 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:47:47.0765 0260 PCI - ok
18:47:47.0781 0260 PCIDump - ok
18:47:47.0796 0260 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
18:47:47.0796 0260 PCIIde - ok
18:47:47.0843 0260 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:47:47.0843 0260 Pcmcia - ok
18:47:47.0859 0260 PDCOMP - ok
18:47:47.0875 0260 PDFRAME - ok
18:47:47.0875 0260 PDRELI - ok
18:47:47.0890 0260 PDRFRAME - ok
18:47:47.0906 0260 perc2 - ok
18:47:47.0921 0260 perc2hib - ok
18:47:47.0984 0260 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
18:47:47.0984 0260 PlugPlay - ok
18:47:48.0000 0260 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:47:48.0015 0260 PolicyAgent - ok
18:47:48.0078 0260 [ DE54FE2E4F635A2563631E13F04DCFB8 ] POSPerformanceCounters c:\Program Files\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe
18:47:48.0078 0260 POSPerformanceCounters - ok
18:47:48.0125 0260 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:47:48.0125 0260 PptpMiniport - ok
18:47:48.0156 0260 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:47:48.0156 0260 ProtectedStorage - ok
18:47:48.0187 0260 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:47:48.0187 0260 PSched - ok
18:47:48.0203 0260 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:47:48.0203 0260 Ptilink - ok
18:47:48.0234 0260 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:47:48.0250 0260 PxHelp20 - ok
18:47:48.0250 0260 ql1080 - ok
18:47:48.0265 0260 Ql10wnt - ok
18:47:48.0281 0260 ql12160 - ok
18:47:48.0281 0260 ql1240 - ok
18:47:48.0296 0260 ql1280 - ok
18:47:48.0359 0260 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:47:48.0375 0260 RasAcd - ok
18:47:48.0453 0260 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:47:48.0453 0260 RasAuto - ok
18:47:48.0500 0260 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:47:48.0500 0260 Rasl2tp - ok
18:47:48.0562 0260 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:47:48.0578 0260 RasMan - ok
18:47:48.0593 0260 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:47:48.0593 0260 RasPppoe - ok
18:47:48.0609 0260 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:47:48.0609 0260 Raspti - ok
18:47:48.0640 0260 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:47:48.0640 0260 Rdbss - ok
18:47:48.0671 0260 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:47:48.0671 0260 RDPCDD - ok
18:47:48.0750 0260 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:47:48.0750 0260 rdpdr - ok
18:47:48.0812 0260 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:47:48.0812 0260 RDPWD - ok
18:47:48.0843 0260 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:47:48.0859 0260 RDSessMgr - ok
18:47:48.0906 0260 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:47:48.0906 0260 redbook - ok
18:47:48.0968 0260 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:47:48.0968 0260 RemoteAccess - ok
18:47:49.0015 0260 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:47:49.0015 0260 RemoteRegistry - ok
18:47:49.0046 0260 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
18:47:49.0046 0260 RpcLocator - ok
18:47:49.0125 0260 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
18:47:49.0125 0260 RpcSs - ok
18:47:49.0171 0260 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:47:49.0187 0260 RSVP - ok
18:47:49.0218 0260 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
18:47:49.0234 0260 SamSs - ok
18:47:49.0281 0260 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:47:49.0281 0260 SCardSvr - ok
18:47:49.0343 0260 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:47:49.0343 0260 Schedule - ok
18:47:49.0437 0260 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
18:47:49.0437 0260 sdbus - ok
18:47:49.0484 0260 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:47:49.0484 0260 Secdrv - ok
18:47:49.0531 0260 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:47:49.0531 0260 seclogon - ok
18:47:49.0562 0260 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
18:47:49.0562 0260 SENS - ok
18:47:49.0640 0260 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
18:47:49.0656 0260 Serial - ok
18:47:49.0765 0260 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:47:49.0765 0260 Sfloppy - ok
18:47:49.0859 0260 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:47:49.0859 0260 SharedAccess - ok
18:47:49.0890 0260 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:47:49.0890 0260 ShellHWDetection - ok
18:47:49.0906 0260 Simbad - ok
18:47:49.0921 0260 Sparrow - ok
18:47:49.0984 0260 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:47:49.0984 0260 splitter - ok
18:47:50.0046 0260 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:47:50.0062 0260 Spooler - ok
18:47:50.0140 0260 [ B2EC3E1DEAC5F0A764BD3486D213A0AF ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:47:50.0140 0260 SQLBrowser - ok
18:47:50.0218 0260 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:47:50.0218 0260 SQLWriter - ok
18:47:50.0250 0260 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:47:50.0250 0260 sr - ok
18:47:50.0281 0260 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
18:47:50.0281 0260 srservice - ok
18:47:50.0375 0260 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:47:50.0375 0260 Srv - ok
18:47:50.0468 0260 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:47:50.0468 0260 SSDPSRV - ok
18:47:50.0546 0260 [ 305CC42945A713347F978D78566113F3 ] STAC97 C:\WINDOWS\system32\drivers\STAC97.sys
18:47:50.0546 0260 STAC97 - ok
18:47:50.0640 0260 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:47:50.0640 0260 stisvc - ok
18:47:50.0671 0260 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:47:50.0671 0260 swenum - ok
18:47:50.0718 0260 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:47:50.0718 0260 swmidi - ok
18:47:50.0734 0260 SwPrv - ok
18:47:50.0750 0260 symc810 - ok
18:47:50.0750 0260 symc8xx - ok
18:47:50.0765 0260 sym_hi - ok
18:47:50.0781 0260 sym_u3 - ok
18:47:50.0843 0260 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:47:50.0859 0260 sysaudio - ok
18:47:50.0890 0260 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:47:50.0906 0260 SysmonLog - ok
18:47:50.0968 0260 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:47:50.0968 0260 TapiSrv - ok
18:47:51.0062 0260 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:47:51.0062 0260 Tcpip - ok
18:47:51.0109 0260 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:47:51.0109 0260 TDPIPE - ok
18:47:51.0125 0260 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:47:51.0140 0260 TDTCP - ok
18:47:51.0156 0260 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:47:51.0156 0260 TermDD - ok
18:47:51.0234 0260 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
18:47:51.0234 0260 TermService - ok
18:47:51.0265 0260 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
18:47:51.0265 0260 Themes - ok
18:47:51.0312 0260 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
18:47:51.0312 0260 TlntSvr - ok
18:47:51.0328 0260 TosIde - ok
18:47:51.0375 0260 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:47:51.0375 0260 TrkWks - ok
18:47:51.0437 0260 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:47:51.0437 0260 Udfs - ok
18:47:51.0468 0260 ultra - ok
18:47:51.0546 0260 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:47:51.0562 0260 Update - ok
18:47:51.0609 0260 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:47:51.0609 0260 upnphost - ok
18:47:51.0625 0260 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
18:47:51.0640 0260 UPS - ok
18:47:51.0656 0260 USBAAPL - ok
18:47:51.0703 0260 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
18:47:51.0703 0260 usbaudio - ok
18:47:51.0765 0260 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:47:51.0765 0260 usbccgp - ok
18:47:51.0812 0260 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:47:51.0812 0260 usbehci - ok
18:47:51.0890 0260 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:47:51.0906 0260 usbhub - ok
18:47:51.0953 0260 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:47:51.0953 0260 usbprint - ok
18:47:51.0984 0260 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:47:51.0984 0260 usbscan - ok
18:47:52.0015 0260 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:47:52.0015 0260 usbstor - ok
18:47:52.0062 0260 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:47:52.0062 0260 usbuhci - ok
18:47:52.0125 0260 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:47:52.0125 0260 VgaSave - ok
18:47:52.0140 0260 ViaIde - ok
18:47:52.0218 0260 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:47:52.0218 0260 VolSnap - ok
18:47:52.0281 0260 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
18:47:52.0296 0260 VSS - ok
18:47:52.0515 0260 [ 8ED347BAD8D1FB7C40B593BFB01786D2 ] vToolbarUpdater11.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
18:47:52.0531 0260 vToolbarUpdater11.2.0 - ok
18:47:52.0609 0260 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
18:47:52.0609 0260 W32Time - ok
18:47:52.0640 0260 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:47:52.0656 0260 Wanarp - ok
18:47:52.0656 0260 WDICA - ok
18:47:52.0734 0260 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:47:52.0734 0260 wdmaud - ok
18:47:52.0812 0260 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:47:52.0812 0260 WebClient - ok
18:47:52.0921 0260 [ 0C5B9CF1BDF998750D9C5EEB5F8C55AC ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:47:52.0937 0260 winachsf - ok
18:47:53.0156 0260 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:47:53.0156 0260 winmgmt - ok
18:47:53.0187 0260 wltrysvc - ok
18:47:53.0234 0260 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:47:53.0234 0260 WmdmPmSN - ok
18:47:53.0312 0260 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:47:53.0312 0260 Wmi - ok
18:47:53.0375 0260 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:47:53.0375 0260 WmiApSrv - ok
18:47:53.0468 0260 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
18:47:53.0468 0260 WMPNetworkSvc - ok
18:47:53.0515 0260 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:47:53.0515 0260 WpdUsb - ok
18:47:53.0625 0260 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:47:53.0640 0260 WPFFontCache_v0400 - ok
18:47:53.0687 0260 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:47:53.0687 0260 WS2IFSL - ok
18:47:53.0765 0260 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:47:53.0765 0260 wscsvc - ok
18:47:53.0781 0260 WSearch - ok
18:47:53.0937 0260 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:47:53.0937 0260 wuauserv - ok
18:47:54.0015 0260 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:47:54.0015 0260 WudfPf - ok
18:47:54.0062 0260 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:47:54.0062 0260 WudfRd - ok
18:47:54.0093 0260 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
18:47:54.0109 0260 WudfSvc - ok
18:47:54.0218 0260 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:47:54.0218 0260 WZCSVC - ok
18:47:54.0281 0260 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:47:54.0281 0260 xmlprov - ok
18:47:54.0312 0260 ================ Scan global ===============================
18:47:54.0343 0260 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:47:54.0468 0260 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:47:54.0515 0260 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:47:54.0546 0260 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:47:54.0546 0260 [Global] - ok
18:47:54.0546 0260 ================ Scan MBR ==================================
18:47:54.0578 0260 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:47:54.0578 0260 Suspicious mbr (Forged): \Device\Harddisk0\DR0
18:47:54.0609 0260 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
18:47:54.0609 0260 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
18:47:54.0609 0260 ================ Scan VBR ==================================
18:47:54.0656 0260 [ 917ECA1E195380B51C71ADD227718634 ] \Device\Harddisk0\DR0\Partition1
18:47:54.0656 0260 \Device\Harddisk0\DR0\Partition1 - ok
18:47:54.0656 0260 ============================================================
18:47:54.0656 0260 Scan finished
18:47:54.0656 0260 ============================================================
18:47:54.0671 3540 Detected object count: 1
18:47:54.0671 3540 Actual detected object count: 1
18:50:16.0515 3540 \Device\Harddisk0\DR0\# - copied to quarantine
18:50:16.0515 3540 \Device\Harddisk0\DR0 - copied to quarantine
18:50:16.0546 3540 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
18:50:16.0593 3540 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
18:50:16.0593 3540 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
18:50:16.0593 3540 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
18:50:16.0609 3540 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
18:50:16.0609 3540 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
18:50:16.0625 3540 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
18:50:16.0625 3540 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
18:50:16.0625 3540 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
18:50:16.0625 3540 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
18:50:16.0625 3540 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
18:50:16.0625 3540 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
18:50:16.0640 3540 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
18:50:16.0640 3540 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
18:50:16.0640 3540 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:50:16.0656 3540 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:50:16.0656 3540 \Device\Harddisk0\DR0 - ok
18:50:16.0656 3540 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
18:50:26.0859 3484 Deinitialize success
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,684 posts.
 
Join Date: Aug 2003
27-Aug-2012, 07:27 PM #7
Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2


--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your anti-Virus and anti-spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.



  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.



  • At the next prompt, click 'Yes' to run the full ComboFix scan.
  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.
sparticus2982's Avatar
sparticus2982 sparticus2982 is offline
Computer Specs
Member with 15 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Beginner
27-Aug-2012, 08:03 PM #8
Quote:
Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.
I must be an ignoramous because I have no idea what I'm doing here. It takes me to this page http://www.microsoft.com/en-us/download/default.aspx
or to this page http://www.microsoft.com/en-us/downl...s.aspx?id=8030
also this would probably be a good time to tell you have no idea whether my computer has the SP1 OR SP2 OR IS ORIGINAL. I have the 'thundercats' logo downloaded to my desktop so we can check that one off. I appologize if I am making this harder than it is. Thanks!
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,684 posts.
 
Join Date: Aug 2003
27-Aug-2012, 08:47 PM #9
Yours is XP Pro SP3 so you would use the SP2 package.
sparticus2982's Avatar
sparticus2982 sparticus2982 is offline
Computer Specs
Member with 15 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Beginner
29-Aug-2012, 11:51 AM #10
ComboFix 12-08-28.03 - Bret Wickstrom 08/29/2012 11:19:30.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1382 [GMT -4:00]
Running from: c:\documents and settings\Bret Wickstrom\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bret Wickstrom\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Bret Wickstrom\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Bret Wickstrom\g2mdlhlpx.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\052266efe9c8ec31.fb
c:\windows\system32\Cache\14b43e2ce3217222.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\47b9ac6f890cb950.fb
c:\windows\system32\Cache\586b0eed4f80effc.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\ba7366b172ef5c70.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-29 )))))))))))))))))))))))))))))))
.
.
2012-08-27 22:50 . 2012-08-27 22:50 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 21:22 . 2012-05-18 13:18 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 21:22 . 2011-05-15 16:41 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 19:15 . 2010-04-28 17:28 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-12 19:15 . 2010-04-28 17:28 52128 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-07-12 19:15 . 2010-04-28 17:28 30624 ----a-w- c:\windows\system32\LMIport.dll
2012-07-12 19:15 . 2010-04-28 17:27 87456 ----a-w- c:\windows\system32\LMIinit.dll
2012-07-06 13:58 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2010-04-28 14:40 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2004-08-04 10:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 10:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 10:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2009-08-06 23:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2010-04-28 14:43 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2010-04-28 14:43 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2010-04-28 14:43 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2009-08-06 23:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2010-04-28 14:43 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2010-04-28 14:43 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2009-08-06 23:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2009-08-06 23:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2004-08-04 10:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-08-06 23:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2010-04-28 14:43 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2010-04-28 14:43 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2010-06-17 12:44 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2010-06-17 12:44 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2010-06-17 12:44 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 18:01 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-11-04 597792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-30 21:08 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-07-12 19:15 87456 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2005-10-07 18:13 176128 ----a-r- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2012-01-26 18:12 2077536 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2006-11-01 16:48 1392640 -c--a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-06-06 21:06 77824 -c--a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-06-06 21:10 118784 -c--a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-06-06 21:09 94208 -c--a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-08-11 16:41 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"4100:TCP"= 4100:TCP:tcp4100
"4100:UDP"= 4100:UDP:udp4100
"1583:TCP"= 1583:TCP:Pervasive DBEngine
"3351:TCP"= 3351:TCP:Pervasive DBEngine
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/30/2010 5:08 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/30/2010 5:08 PM 243152]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/30/2010 5:06 PM 308136]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [10/5/2010 7:05 PM 374184]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [7/9/2012 2:01 PM 935008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/18/2012 9:18 AM 250056]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2/22/2011 10:14 AM 167264]
S4 POSPerformanceCounters;Point Of Service Performance Counters;c:\program files\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe [2/1/2007 11:14 PM 42352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 21:22]
.
2012-08-20 c:\windows\Tasks\TanTrack v3.0.0 Updates.job
- c:\windows\Installer\TanTrack v3.0.0 Updates for All Users.lnk [2010-04-28 19:35]
.
2012-08-29 c:\windows\Tasks\Windows Codec Update Service.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2011-02-21 15:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\iavlsp.dll
TCP: DhcpNameServer = 192.168.2.1 192.168.1.99
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-AdobeBridge - (no file)
SafeBoot-19744890.sys
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
AddRemove-1ClickDownload - c:\program files\1ClickDownload\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-29 11:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\LMIinit.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(944)
c:\windows\system32\iavlsp.dll
.
Completion time: 2012-08-29 11:36:53
ComboFix-quarantined-files.txt 2012-08-29 15:36
.
Pre-Run: 4,561,707,008 bytes free
Post-Run: 8,460,840,960 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - BF1A428E20FD5B0DF91AFADF4001C926
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,684 posts.
 
Join Date: Aug 2003
29-Aug-2012, 04:38 PM #11
Download OTL to your Desktop.
  • Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under Custom Scans/Fixes type in Netsvcs
  • Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long.
  • When the scan completes, it will open two Notepad windows called OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy and paste the contents of both of these files here in your next reply.
sparticus2982's Avatar
sparticus2982 sparticus2982 is offline
Computer Specs
Member with 15 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Beginner
29-Aug-2012, 08:43 PM #12
OTL logfile created on: 8/29/2012 8:39:01 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Bret Wickstrom\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.86% Memory free
3.84 Gb Paging File | 3.26 Gb Available in Paging File | 84.81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 7.87 Gb Free Space | 21.15% Space Free | Partition Type: NTFS

Computer Name: TANTRACKSLAVE | User Name: Bret Wickstrom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/29 20:33:21 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bret Wickstrom\Desktop\OTL.exe
PRC - [2012/07/12 15:16:13 | 000,136,616 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/07/12 15:15:35 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/07/09 14:01:25 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/09 14:01:18 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/04/13 14:55:00 | 000,529,408 | ---- | M] () -- C:\Program Files\PSChiro\Ips.ChiroTouch.Launcher.exe
PRC - [2011/02/21 11:52:18 | 000,258,048 | ---- | M] (MediaCodec.Org) -- C:\Program Files\Essentials Codec Pack\WECPUpdate.exe
PRC - [2010/12/18 22:19:13 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/11/24 14:37:55 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/27 17:42:18 | 004,180,576 | ---- | M] (SafeNet Inc.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2010/09/25 10:18:05 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/30 17:07:32 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/30 17:07:30 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/30 17:06:37 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/11/04 19:20:14 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/10/07 14:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/06/28 23:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/09 14:01:26 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/09 14:01:25 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
MOD - [2012/07/09 14:01:18 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/06/14 10:14:42 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69 eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
MOD - [2012/06/14 10:14:06 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3 e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/14 10:00:08 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbad afaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 09:55:41 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4 cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/14 09:41:34 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Dat a.dll
MOD - [2012/06/14 09:41:09 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\Sy stem.Transactions.dll
MOD - [2012/05/11 09:54:08 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce01 13d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
MOD - [2012/05/11 09:54:06 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd 0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
MOD - [2012/05/11 09:53:57 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b736 8bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/11 09:53:50 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3 d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/11 09:47:21 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be2 38b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/11 09:46:23 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9b ddf847d3b2821c03\System.Data.ni.dll
MOD - [2012/05/11 09:46:12 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d9 4fd14f42e779f625\System.Core.ni.dll
MOD - [2012/05/11 09:21:53 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f93 22f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 09:21:07 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d72 37aa70e935900\mscorlib.ni.dll
MOD - [2011/04/30 09:35:57 | 000,826,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Ips.ChiroTouch.Business\5.0.0.0__48230c0c5c540 7f3\Ips.ChiroTouch.Business.dll
MOD - [2011/04/30 09:35:57 | 000,241,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.1__8e0a83e5f57fa584\log4net.dll
MOD - [2011/04/30 09:35:56 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Ips.ChiroTouch.Common\5.0.0.0__48230c0c5c5407f 3\Ips.ChiroTouch.Common.dll
MOD - [2011/04/30 09:35:56 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Interop.MSDASC\1.0.0.0__48230c0c5c5407f3\Inter op.MSDASC.dll
MOD - [2011/04/30 09:35:56 | 000,011,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Ips.ChiroTouch.DB\5.0.0.0__96d554bb238cdda9\Ip s.ChiroTouch.DB.dll
MOD - [2011/04/30 09:35:54 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll
MOD - [2011/04/13 14:55:00 | 000,529,408 | ---- | M] () -- C:\Program Files\PSChiro\Ips.ChiroTouch.Launcher.exe
MOD - [2011/04/13 14:53:48 | 000,040,960 | ---- | M] () -- C:\Program Files\PSChiro\ShellBasics.dll
MOD - [2010/05/19 16:55:36 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll
MOD - [2009/01/10 18:15:44 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006/11/01 12:48:02 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll


========== Services (SafeList) ==========

SRV - [2012/08/14 17:22:46 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/12 15:16:13 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/07/12 15:15:35 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/07/09 14:01:25 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2011/11/10 09:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/12/18 22:19:13 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/09/27 17:42:18 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\WINDOWS\system32\hasplms.exe -- (hasplms)
SRV - [2010/06/30 17:06:37 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/02/01 23:14:52 | 000,042,352 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe -- (POSPerformanceCounters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\BRETWI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/07/12 15:15:36 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/09/13 12:07:46 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/06 09:06:17 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/09/27 17:42:24 | 000,356,864 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2010/09/27 17:42:16 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2010/09/27 17:42:14 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2010/09/27 17:42:14 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2010/09/27 17:42:12 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\akshhl.sys -- (akshhl)
DRV - [2010/06/30 17:08:18 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2006/10/12 15:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/28 20:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 15:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/05/26 15:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?...eferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\..\SearchScopes,DefaultScope = {15F066C5-5C93-4E35-BF21-A0EF084830F6}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=OCYT...c=IE-SearchBox
IE - HKCU\..\SearchScopes\{15F066C5-5C93-4E35-BF21-A0EF084830F6}: "URL" = http://www.google.com/search?q={sear...age={startPage}
IE - HKCU\..\SearchScopes\{1BC5A244-44D0-4B83-A1BF-F6EC2E9442D1}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{5EF5F520-A678-488F-AEB1-089BB472975C}: "URL" = http://rover.ebay.com/rover/1/711-43...e={searchTerms}
IE - HKCU\..\SearchScopes\{62F70CDB-4C2D-4EAD-84A1-ED73C5B82A41}: "URL" = http://www.weather.com/search/enhanc...e={searchTerms}
IE - HKCU\..\SearchScopes\{6D43B2A5-B987-4D3E-8FCE-D3665D365360}: "URL" = http://cnet.search.com/search?chkpt=...erms}&tag=srch
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={5...r&d=2011-12-12 11:28:00&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{C17431DA-1264-42D6-9EC8-65AA14D1AD83}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{D4795853-94C4-40CC-AC6F-B38BDF86D08E}: "URL" = http://search.yahoo.com/search?p={se...-8&fr=chr-yie8
IE - HKCU\..\SearchScopes\{DB14C3FF-4D69-4BCF-AA9C-E5EE58581C1B}: "URL" = http://www.amazon.com/gp/search?ie=U...s={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/05/15 12:41:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.1.0.12\ [2012/07/09 14:01:40 | 000,000,000 | ---D | M]

[2012/07/09 08:22:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bret Wickstrom\Application Data\Mozilla\Firefox\Profiles\extensions
[2012/07/09 08:22:58 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Documents and Settings\Bret Wickstrom\Application Data\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload. com
[2010/09/18 11:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/08/29 11:33:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://compulink-softwaretraining.w...ex/ieatgpc.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.1.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{677F8159-25D3-4341-8624-79D99EC859BC}: DhcpNameServer = 192.168.2.1 192.168.1.99
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Bret Wickstrom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bret Wickstrom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/28 10:46:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/08/29 20:33:13 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bret Wickstrom\Desktop\OTL.exe
[2012/08/29 11:14:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/08/29 11:12:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/08/29 11:12:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/08/29 11:12:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/08/29 11:12:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/08/29 11:08:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/29 11:06:44 | 004,608,744 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Bret Wickstrom\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2012/08/27 19:47:35 | 004,739,810 | R--- | C] (Swearware) -- C:\Documents and Settings\Bret Wickstrom\Desktop\ComboFix.exe
[2012/08/27 19:36:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/08/27 18:50:15 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/22 15:10:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/08/11 10:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/08/11 10:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/08/10 18:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/29 20:33:21 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bret Wickstrom\Desktop\OTL.exe
[2012/08/29 20:22:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/29 19:17:20 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job
[2012/08/29 18:06:51 | 105,318,233 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012/08/29 11:33:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/29 11:14:41 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/08/29 11:07:55 | 004,739,810 | R--- | M] (Swearware) -- C:\Documents and Settings\Bret Wickstrom\Desktop\ComboFix.exe
[2012/08/29 11:06:51 | 004,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Bret Wickstrom\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2012/08/29 09:03:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/29 09:03:01 | 003,590,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/29 09:00:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/29 09:00:47 | 2138,505,216 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/28 20:43:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/27 18:45:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/22 13:05:46 | 002,259,784 | ---- | M] () -- C:\Documents and Settings\Bret Wickstrom\Desktop\rmdndup.exe
[2012/08/20 10:00:04 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\TanTrack v3.0.0 Updates.job
[2012/08/14 17:22:45 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/14 17:22:45 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/01 18:13:04 | 000,022,448 | ---- | M] () -- C:\Documents and Settings\Bret Wickstrom\Application Data\Comma Separated Values (Windows).ADR
[2012/08/01 18:01:49 | 000,028,123 | ---- | M] () -- C:\Documents and Settings\Bret Wickstrom\My Documents\email.csv
[2012/08/01 18:01:41 | 000,017,229 | ---- | M] () -- C:\Documents and Settings\Bret Wickstrom\My Documents\email4.csv
[2012/08/01 18:01:05 | 000,027,892 | ---- | M] () -- C:\Documents and Settings\Bret Wickstrom\My Documents\email3.csv
[2012/08/01 18:00:36 | 000,027,822 | ---- | M] () -- C:\Documents and Settings\Bret Wickstrom\My Documents\email2.csv
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/29 11:14:41 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/08/29 11:14:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/08/29 11:12:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/08/29 11:12:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/08/29 11:12:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/29 11:12:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/29 11:12:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/22 13:05:18 | 002,259,784 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\Desktop\rmdndup.exe
[2012/04/30 20:51:48 | 000,038,475 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\Application Data\Microsoft Excel 97-2003.ADR
[2012/04/30 20:50:09 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/02/15 18:49:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/16 20:11:38 | 000,022,448 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\Application Data\Comma Separated Values (Windows).ADR
[2011/03/25 21:02:06 | 000,408,446 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/03/18 19:47:11 | 000,004,113 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\Garris, David.PDF
[2011/02/18 15:12:05 | 000,003,953 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\Woolard, Neal Superbill 2-18-11.PDF
[2011/01/21 20:51:32 | 000,023,265 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\Eckard, Duane Jan 21.PDF
[2011/01/19 12:37:50 | 000,103,535 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2011/01/19 12:37:50 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2011/01/09 22:51:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2010/12/31 10:54:29 | 000,005,751 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\lovelace superbill 2010.PDF
[2010/12/29 12:20:50 | 000,008,025 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\Michele Simko.PDF
[2010/12/10 12:31:33 | 000,004,094 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\david lovelace.PDF
[2010/12/03 19:00:21 | 000,006,181 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\Deandra Keys Superbill Oct to Nov.PDF
[2010/12/01 13:33:45 | 000,003,878 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\David Lovelace Super Bill Nov18 Dec1.PDF
[2010/11/26 15:29:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/18 11:54:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/24 13:56:19 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\Application Data\Adobe BMP Format CS5 Prefs
[2010/04/28 11:20:49 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
< End of report >

OTL Extras logfile created on: 8/29/2012 8:39:01 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Bret Wickstrom\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.86% Memory free
3.84 Gb Paging File | 3.26 Gb Available in Paging File | 84.81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 7.87 Gb Free Space | 21.15% Space Free | Partition Type: NTFS

Computer Name: TANTRACKSLAVE | User Name: Bret Wickstrom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil e]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf ile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1947:TCP" = 1947:TCP:*:Enabled:HASP SRM
"1947:UDP" = 1947:UDP:*:Enabled:HASP SRM
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"4100:TCP" = 4100:TCP:*:Enabled:tcp4100
"4100:UDP" = 4100:UDP:*:Enabled:udp4100
"1583:TCP" = 1583:TCP:*:Enabled:Pervasive DBEngine
"3351:TCP" = 3351:TCP:*:Enabled:Pervasive DBEngine

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06924979-89C7-47A9-B4ED-9D2EE9A9941C}" = Update Service
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C432DEB-FBF2-A5E0-FDB7-4B39F7FAF0D4}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{343DFB2E-136D-4A7C-90BB-4DDB5AE3F9F0}" = TanTrack v3.0.0
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8BCB844B-0814-4354-A413-1063DB4618E9}" = PeachTree Signature Ready Forms
"{8D6181F3-CACB-4B48-8B08-981F3A7F318B}" = SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Reports 2008 Runtime
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E9C01388-48D0-4042-B7F4-C362D5055ADC}" = Microsoft POS for .NET 1.11
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG9Uninstall" = AVG Free 9.0
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ChiroTouch" = ChiroTouch
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HP Photo & Imaging" = HP Image Zone 4.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InterActual Player" = InterActual Player
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.6
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Peachtree Pro Accounting" = Peachtree Pro Accounting 2009
"PROR" = Microsoft Office Professional 2007
"TanTrack v3.0.0" = TanTrack v3.0.0
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 3.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/28/2012 8:33:23 PM | Computer Name = TANTRACKSLAVE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 8/28/2012 8:33:24 PM | Computer Name = TANTRACKSLAVE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.

Error - 8/28/2012 8:33:25 PM | Computer Name = TANTRACKSLAVE | Source = NativeWrapper | ID = 5000
Description =

Error - 8/28/2012 8:36:25 PM | Computer Name = TANTRACKSLAVE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 8/28/2012 8:36:27 PM | Computer Name = TANTRACKSLAVE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{0213C6AF-5562-4D09-884C-2ADCFC8C2F35}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656353-X86\NDP1.1sp1-KB2656353-X86-msi.0.log.

Error - 8/28/2012 8:36:27 PM | Computer Name = TANTRACKSLAVE | Source = NativeWrapper | ID = 5000
Description =

Error - 8/28/2012 8:39:50 PM | Computer Name = TANTRACKSLAVE | Source = MSSQL$MSSMLBIZ | ID = 5118
Description = The file "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf"
is compressed but does not reside in a read-only database or filegroup. The file
must be decompressed.

Error - 8/28/2012 8:39:50 PM | Computer Name = TANTRACKSLAVE | Source = MSSQL$MSSMLBIZ | ID = 5118
Description = The file "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf"
is compressed but does not reside in a read-only database or filegroup. The file
must be decompressed.

Error - 8/28/2012 8:39:52 PM | Computer Name = TANTRACKSLAVE | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft SQL Server 2005 Express Edition -- Error 29503.
The SQL Server service failed to start. For more information, see the SQL Server
Books Online topics, "How to: View SQL Server 2005 Setup Log Files" and "Starting
SQL Server Manually." The error is (3417) .

Error - 8/29/2012 8:38:47 PM | Computer Name = TANTRACKSLAVE | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.59.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 10/3/2011 1:13:13 PM | Computer Name = TANTRACKSLAVE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1540
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/24/2012 3:07:53 PM | Computer Name = TANTRACKSLAVE | Source = Service Control Manager | ID = 7034
Description = The Telephony service terminated unexpectedly. It has done this 7
time(s).

Error - 8/24/2012 3:07:53 PM | Computer Name = TANTRACKSLAVE | Source = Service Control Manager | ID = 7031
Description = The Windows Time service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 8/24/2012 3:07:53 PM | Computer Name = TANTRACKSLAVE | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 7 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 8/27/2012 6:53:26 PM | Computer Name = TANTRACKSLAVE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde

Error - 8/27/2012 7:33:08 PM | Computer Name = TANTRACKSLAVE | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 8/28/2012 8:33:25 PM | Computer Name = TANTRACKSLAVE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).

Error - 8/28/2012 8:36:28 PM | Computer Name = TANTRACKSLAVE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).

Error - 8/28/2012 8:39:50 PM | Computer Name = TANTRACKSLAVE | Source = Service Control Manager | ID = 7024
Description = The SQL Server (MSSMLBIZ) service terminated with service-specific
error 3417 (0xD59).

Error - 8/28/2012 8:40:17 PM | Computer Name = TANTRACKSLAVE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4
(KB2463332).

Error - 8/29/2012 11:19:09 AM | Computer Name = TANTRACKSLAVE | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,684 posts.
 
Join Date: Aug 2003
30-Aug-2012, 06:11 PM #13
Please run OTL again. Under the Custom Scans/Fixes box at the bottom paste in the following:

Code:
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://compulink-softwaretraining.w...ex/ieatgpc.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
sparticus2982's Avatar
sparticus2982 sparticus2982 is offline
Computer Specs
Member with 15 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Beginner
31-Aug-2012, 11:04 AM #14
OTL logfile created on: 8/31/2012 10:53:21 AM - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Bret Wickstrom\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 55.15% Memory free
3.84 Gb Paging File | 3.08 Gb Available in Paging File | 80.15% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 7.85 Gb Free Space | 21.09% Space Free | Partition Type: NTFS

Computer Name: TANTRACKSLAVE | User Name: Bret Wickstrom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/29 20:33:21 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bret Wickstrom\Desktop\OTL.exe
PRC - [2012/07/12 15:16:13 | 000,136,616 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/07/12 15:15:35 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/07/09 14:01:25 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/09 14:01:18 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2010/12/18 22:19:13 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/11/24 14:37:55 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/27 17:42:18 | 004,180,576 | ---- | M] (SafeNet Inc.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2010/09/25 10:18:05 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/30 17:07:32 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/30 17:07:30 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/30 17:06:37 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/11/04 19:20:14 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/10/07 14:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/07/27 16:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/06/28 23:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/09 14:01:26 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/09 14:01:25 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
MOD - [2012/07/09 14:01:18 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/07/09 14:01:15 | 002,074,208 | ---- | M] () -- C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006/11/01 12:48:02 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll


========== Services (SafeList) ==========

SRV - [2012/08/14 17:22:46 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/12 15:16:13 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/07/12 15:15:35 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/07/09 14:01:25 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2011/11/10 09:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/12/18 22:19:13 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/09/27 17:42:18 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\WINDOWS\system32\hasplms.exe -- (hasplms)
SRV - [2010/06/30 17:06:37 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/02/01 23:14:52 | 000,042,352 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe -- (POSPerformanceCounters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\BRETWI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/07/12 15:15:36 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/09/13 12:07:46 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/06 09:06:17 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/09/27 17:42:24 | 000,356,864 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2010/09/27 17:42:16 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2010/09/27 17:42:14 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2010/09/27 17:42:14 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2010/09/27 17:42:12 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\akshhl.sys -- (akshhl)
DRV - [2010/06/30 17:08:18 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2006/10/12 15:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/28 20:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 15:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/05/26 15:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?...eferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\..\SearchScopes,DefaultScope = {15F066C5-5C93-4E35-BF21-A0EF084830F6}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=OCYT...c=IE-SearchBox
IE - HKCU\..\SearchScopes\{15F066C5-5C93-4E35-BF21-A0EF084830F6}: "URL" = http://www.google.com/search?q={sear...age={startPage}
IE - HKCU\..\SearchScopes\{1BC5A244-44D0-4B83-A1BF-F6EC2E9442D1}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{5EF5F520-A678-488F-AEB1-089BB472975C}: "URL" = http://rover.ebay.com/rover/1/711-43...e={searchTerms}
IE - HKCU\..\SearchScopes\{62F70CDB-4C2D-4EAD-84A1-ED73C5B82A41}: "URL" = http://www.weather.com/search/enhanc...e={searchTerms}
IE - HKCU\..\SearchScopes\{6D43B2A5-B987-4D3E-8FCE-D3665D365360}: "URL" = http://cnet.search.com/search?chkpt=...erms}&tag=srch
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={5...r&d=2011-12-12 11:28:00&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{C17431DA-1264-42D6-9EC8-65AA14D1AD83}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{D4795853-94C4-40CC-AC6F-B38BDF86D08E}: "URL" = http://search.yahoo.com/search?p={se...-8&fr=chr-yie8
IE - HKCU\..\SearchScopes\{DB14C3FF-4D69-4BCF-AA9C-E5EE58581C1B}: "URL" = http://www.amazon.com/gp/search?ie=U...s={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/05/15 12:41:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.1.0.12\ [2012/07/09 14:01:40 | 000,000,000 | ---D | M]

[2012/07/09 08:22:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bret Wickstrom\Application Data\Mozilla\Firefox\Profiles\extensions
[2012/07/09 08:22:58 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Documents and Settings\Bret Wickstrom\Application Data\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload. com
[2010/09/18 11:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/08/29 11:33:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.1.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{677F8159-25D3-4341-8624-79D99EC859BC}: DhcpNameServer = 192.168.2.1 192.168.1.99
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Bret Wickstrom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bret Wickstrom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/28 10:46:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/31 10:37:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/29 20:33:13 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bret Wickstrom\Desktop\OTL.exe
[2012/08/29 11:14:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/08/29 11:12:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/08/29 11:12:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/08/29 11:12:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/08/29 11:12:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/08/29 11:08:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/27 19:47:35 | 004,739,810 | R--- | C] (Swearware) -- C:\Documents and Settings\Bret Wickstrom\Desktop\ComboFix.exe
[2012/08/27 19:36:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/08/27 18:50:15 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/22 15:10:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/08/11 10:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/08/11 10:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/08/10 18:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/31 10:40:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/31 10:40:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/31 10:40:00 | 2138,505,216 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/31 10:22:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/31 09:36:16 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job
[2012/08/31 09:09:25 | 105,406,534 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012/08/29 20:33:21 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bret Wickstrom\Desktop\OTL.exe
[2012/08/29 11:33:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/29 11:14:41 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/08/29 11:07:55 | 004,739,810 | R--- | M] (Swearware) -- C:\Documents and Settings\Bret Wickstrom\Desktop\ComboFix.exe
[2012/08/29 09:03:01 | 003,590,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/28 20:43:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/27 18:45:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/22 13:05:46 | 002,259,784 | ---- | M] () -- C:\Documents and Settings\Bret Wickstrom\Desktop\rmdndup.exe
[2012/08/20 10:00:04 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\TanTrack v3.0.0 Updates.job
[2012/08/01 18:13:04 | 000,022,448 | ---- | M] () -- C:\Documents and Settings\Bret Wickstrom\Application Data\Comma Separated Values (Windows).ADR
[2012/08/01 18:01:49 | 000,028,123 | ---- | M] () -- C:\Documents and Settings\Bret Wickstrom\My Documents\email.csv
[2012/08/01 18:01:41 | 000,017,229 | ---- | M] () -- C:\Documents and Settings\Bret Wickstrom\My Documents\email4.csv
[2012/08/01 18:01:05 | 000,027,892 | ---- | M] () -- C:\Documents and Settings\Bret Wickstrom\My Documents\email3.csv
[2012/08/01 18:00:36 | 000,027,822 | ---- | M] () -- C:\Documents and Settings\Bret Wickstrom\My Documents\email2.csv
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/29 11:14:41 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/08/29 11:14:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/08/29 11:12:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/08/29 11:12:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/08/29 11:12:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/29 11:12:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/29 11:12:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/22 13:05:18 | 002,259,784 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\Desktop\rmdndup.exe
[2012/04/30 20:51:48 | 000,038,475 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\Application Data\Microsoft Excel 97-2003.ADR
[2012/04/30 20:50:09 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/02/15 18:49:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/16 20:11:38 | 000,022,448 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\Application Data\Comma Separated Values (Windows).ADR
[2011/03/25 21:02:06 | 000,408,446 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/03/18 19:47:11 | 000,004,113 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\Garris, David.PDF
[2011/02/18 15:12:05 | 000,003,953 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\Woolard, Neal Superbill 2-18-11.PDF
[2011/01/21 20:51:32 | 000,023,265 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\Eckard, Duane Jan 21.PDF
[2011/01/19 12:37:50 | 000,103,535 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2011/01/19 12:37:50 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2011/01/09 22:51:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2010/12/31 10:54:29 | 000,005,751 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\lovelace superbill 2010.PDF
[2010/12/29 12:20:50 | 000,008,025 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\Michele Simko.PDF
[2010/12/10 12:31:33 | 000,004,094 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\david lovelace.PDF
[2010/12/03 19:00:21 | 000,006,181 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\Deandra Keys Superbill Oct to Nov.PDF
[2010/12/01 13:33:45 | 000,003,878 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\David Lovelace Super Bill Nov18 Dec1.PDF
[2010/11/26 15:29:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/18 11:54:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/24 13:56:19 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\Application Data\Adobe BMP Format CS5 Prefs
[2010/04/28 11:20:49 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Bret Wickstrom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2011/05/06 16:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aatrix Software
[2012/07/09 14:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/02/21 13:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2012/07/21 09:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/15 09:36:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/25 09:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Integrated Practice Solutions
[2011/02/07 02:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/08/31 09:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/05/06 16:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pervasive Software
[2010/08/21 22:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/07/21 10:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/06/14 18:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/08/20 10:00:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C6C39E3F-7F7C-440A-93C0-203CC6D43D76}
[2012/01/17 10:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bret Wickstrom\Application Data\AVG Secure Search
[2010/08/21 23:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bret Wickstrom\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/20 16:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bret Wickstrom\Application Data\GetRightToGo
[2010/04/29 09:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bret Wickstrom\Application Data\iolo
[2010/12/16 23:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bret Wickstrom\Application Data\OpenCandy
[2011/05/06 16:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bret Wickstrom\Application Data\Peachtree
[2010/08/21 22:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bret Wickstrom\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/08/09 12:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bret Wickstrom\Application Data\SwordSearcher
[2012/07/20 20:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bret Wickstrom\Application Data\TestApp
[2010/05/25 16:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bret Wickstrom\Application Data\webex
[2010/04/28 15:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bret Wickstrom\Application Data\Windows Desktop Search
[2010/04/28 16:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bret Wickstrom\Application Data\Windows Search
[2012/08/20 10:00:04 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\TanTrack v3.0.0 Updates.job
[2012/08/31 09:36:16 | 000,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\Windows Codec Update Service.job

========== Purity Check ==========


< End of report >
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,684 posts.
 
Join Date: Aug 2003
31-Aug-2012, 04:36 PM #15
Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑