1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Virus attack on second computer

Discussion in 'Virus & Other Malware Removal' started by genubi, Jan 29, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. genubi

    genubi Thread Starter

    Joined:
    Oct 12, 2000
    Messages:
    81
    I am being helped on my primary computer. But both got this nasty bug. It was from an email that I opened and clicked to download. Avira cleaned much of it up, but I am afraid it is still compromised. I saw that I had the JS/redirect and the Lamar.QJ.4 bugs.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
    Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz, x86 Family 6 Model 15 Stepping 6
    Processor Count: 2
    RAM: 2038 Mb
    Graphics Card: Mobile Intel(R) 945GM Express Chipset Family, 224 Mb
    Hard Drives: C: Total - 76316 MB, Free - 26383 MB;
    Motherboard: Dell Inc., 0TD761
    Antivirus: AntiVir Desktop, Updated: Yes, On-Demand Scanner: Enabled

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:38:23 PM, on 1/28/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Location Finder\LocationFinder.exe
    C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Microsoft Office\Office10\1033\MSOHELP.EXE
    C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\calc.exe
    C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [WinCalendar] "C:\Program Files\Sapro Systems WinCalendar\WinCalendar_SysTray.exe /q /c"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1342925172468
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1342893085875
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} (SetupLauncher Class) - https://briowebprod.syr.edu/InsightInstaller/setup.cab
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 8514 bytes

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.11.2
    Run by Mariah at 20:40:22 on 2013-01-28
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.864 [GMT -5:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Location Finder\LocationFinder.exe
    C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Microsoft Office\Office10\1033\MSOHELP.EXE
    C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\calc.exe
    C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Mariah\My Documents\Downloads\SysInfo.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k bthsvcs
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.yahoo.com
    mDefault_Page_URL = hxxp://www.yahoo.com
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
    EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\mariah\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [WinCalendar] "c:\program files\sapro systems wincalendar\WinCalendar_SysTray.exe /q /c"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Microsoft Location Finder] "c:\program files\microsoft location finder\LocationFinder.exe"
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342925172468
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342893085875
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} - hxxps://briowebprod.syr.edu/InsightInstaller/setup.cab
    TCP: NameServer = 192.168.17.1
    TCP: Interfaces\{02B0796D-5CC4-4081-ABCD-1C6FF1643C56} : DHCPNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{57830461-A526-416A-94B1-B5BC1DF3E6BB} : DHCPNameServer = 192.168.17.1
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-2-22 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-2-22 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-2-22 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-22 66616]
    S0 cerc6;cerc6; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2008-5-27 51072]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2013-01-27 15:45:06 -------- d-----w- c:\program files\Trend Micro
    2013-01-27 15:41:00 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2013-01-27 15:40:56 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    .
    ==================== Find3M ====================
    .
    2013-01-27 15:40:41 859552 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-01-27 15:40:40 780192 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-09 01:40:06 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-09 01:40:06 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll
    2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
    .
    ============= FINISH: 20:40:54.10 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/22/2010 6:22:40 PM
    System Uptime: 1/28/2013 5:16:37 AM (15 hours ago)
    .
    Motherboard: Dell Inc. | | 0TD761
    Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 1657/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 75 GiB total, 25.761 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Photosmart C4700 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart C4700 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Officejet 4620 series
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer: HP
    Name: Officejet 4620 series
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:
    .
    ==== System Restore Points ===================
    .
    RP468: 10/31/2012 7:28:43 PM - System Checkpoint
    RP469: 11/1/2012 8:38:17 PM - System Checkpoint
    RP470: 11/2/2012 10:55:03 PM - System Checkpoint
    RP471: 11/4/2012 7:41:23 PM - System Checkpoint
    RP472: 11/5/2012 8:03:54 PM - System Checkpoint
    RP473: 11/6/2012 8:32:02 PM - System Checkpoint
    RP474: 11/8/2012 9:41:44 AM - System Checkpoint
    RP475: 11/9/2012 8:54:31 PM - System Checkpoint
    RP476: 11/11/2012 12:00:51 PM - System Checkpoint
    RP477: 11/13/2012 5:59:13 PM - System Checkpoint
    RP478: 11/14/2012 10:46:26 PM - System Checkpoint
    RP479: 11/15/2012 9:02:35 AM - Software Distribution Service 3.0
    RP480: 11/16/2012 8:18:38 PM - System Checkpoint
    RP481: 11/18/2012 1:30:19 PM - System Checkpoint
    RP482: 12/1/2012 8:23:24 AM - System Checkpoint
    RP483: 12/2/2012 11:19:23 AM - System Checkpoint
    RP484: 12/3/2012 7:42:07 PM - System Checkpoint
    RP485: 12/5/2012 6:43:37 PM - System Checkpoint
    RP486: 12/8/2012 10:09:04 AM - System Checkpoint
    RP487: 12/9/2012 12:28:28 PM - System Checkpoint
    RP488: 12/10/2012 9:40:42 PM - System Checkpoint
    RP489: 12/12/2012 8:33:57 AM - Software Distribution Service 3.0
    RP490: 12/15/2012 8:18:30 PM - System Checkpoint
    RP491: 12/16/2012 8:40:20 PM - System Checkpoint
    RP492: 12/19/2012 6:17:46 PM - System Checkpoint
    RP493: 12/20/2012 10:51:24 PM - System Checkpoint
    RP494: 12/21/2012 12:18:13 PM - Software Distribution Service 3.0
    RP495: 12/22/2012 1:43:26 PM - System Checkpoint
    RP496: 12/23/2012 4:04:14 PM - System Checkpoint
    RP497: 12/24/2012 10:21:15 PM - System Checkpoint
    RP498: 12/26/2012 9:17:48 AM - System Checkpoint
    RP499: 12/27/2012 1:05:15 PM - System Checkpoint
    RP500: 12/28/2012 10:47:37 PM - System Checkpoint
    RP501: 12/29/2012 11:44:11 PM - System Checkpoint
    RP502: 12/31/2012 11:41:57 AM - System Checkpoint
    RP503: 1/1/2013 12:00:39 PM - System Checkpoint
    RP504: 1/2/2013 3:42:18 PM - System Checkpoint
    RP505: 1/3/2013 6:20:29 PM - System Checkpoint
    RP506: 1/3/2013 10:23:49 PM - Software Distribution Service 3.0
    RP507: 1/5/2013 10:10:52 AM - System Checkpoint
    RP508: 1/6/2013 11:35:29 AM - System Checkpoint
    RP509: 1/7/2013 8:46:14 PM - System Checkpoint
    RP510: 1/8/2013 10:15:46 PM - Software Distribution Service 3.0
    RP511: 1/10/2013 7:04:33 PM - System Checkpoint
    RP512: 1/11/2013 10:19:44 PM - System Checkpoint
    RP513: 1/12/2013 11:52:08 PM - System Checkpoint
    RP514: 1/14/2013 10:47:04 PM - System Checkpoint
    RP515: 1/15/2013 10:36:05 AM - Software Distribution Service 3.0
    RP516: 1/17/2013 6:51:33 PM - System Checkpoint
    RP517: 1/20/2013 12:06:09 PM - System Checkpoint
    RP518: 1/20/2013 1:22:01 PM - Removed Microsoft Office Professional Edition 2003
    RP519: 1/20/2013 10:11:43 PM - Software Distribution Service 3.0
    RP520: 1/22/2013 12:27:48 PM - System Checkpoint
    RP521: 1/23/2013 5:31:35 PM - System Checkpoint
    RP522: 1/25/2013 1:20:09 PM - System Checkpoint
    RP523: 1/26/2013 2:31:34 PM - System Checkpoint
    RP524: 1/27/2013 10:35:28 AM - Removed Java(TM) 6 Update 33
    RP525: 1/27/2013 10:40:33 AM - Installed Java 7 Update 11
    RP526: 1/28/2013 5:14:58 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.01)
    Adobe Shockwave Player 11.5
    ALPS Touch Pad Driver
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Software Suite
    Auslogics Disk Defrag
    Avira AntiVir Personal - Free Antivirus
    Bonjour
    Broadcom Gigabit Integrated Controller
    CCleaner
    Compatibility Pack for the 2007 Office system
    Conexant HDA D110 MDC V.92 Modem
    Dell Driver Download Manager
    Dell ResourceCD
    Digital Voice Editor 3
    Documents To Go
    DW WLAN Card Utility
    Google Chrome
    Google Earth
    Google Talk Plugin
    Google Update Helper
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java 7 Update 11
    Java Auto Updater
    LUMIX Simple Viewer
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Location Finder
    Microsoft Office File Validation Add-In
    Microsoft Silverlight
    Microsoft Streets & Trips 2006
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Network
    Palm
    Pdf995
    PE Builder v3.1.3
    PHOTOfunSTUDIO -viewer-
    Picasa 3
    PowerDVD 5.7
    PS_AIO_06_C4700_SW_Min
    QuickTime
    Roxio DLA
    Roxio Express Labeler
    Roxio RecordNow Audio
    Roxio RecordNow Copy
    Roxio RecordNow Data
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SigmaTel Audio
    Toolbox
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB978207)
    VideoLAN VLC media player 0.8.6f
    WebFldrs XP
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/28/2013 3:47:28 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0016CFAB2718 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    1/27/2013 10:36:19 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    .
    ==== End Of File ===========================
    GMER 2.0.18454 - http://www.gmer.net
    Rootkit scan 2013-01-29 05:18:17
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS722080K9A300 rev.DCBOC54P 74.53GB
    Running: wcq04ney.exe; Driver: C:\DOCUME~1\Mariah\LOCALS~1\Temp\uglcqfoc.sys


    ---- System - GMER 2.0 ----

    SSDT BA7AA6DC ZwClose
    SSDT BA7AA696 ZwCreateKey
    SSDT BA7AA6E6 ZwCreateSection
    SSDT BA7AA68C ZwCreateThread
    SSDT BA7AA69B ZwDeleteKey
    SSDT BA7AA6A5 ZwDeleteValueKey
    SSDT BA7AA6D7 ZwDuplicateObject
    SSDT BA7AA6AA ZwLoadKey
    SSDT BA7AA678 ZwOpenProcess
    SSDT BA7AA67D ZwOpenThread
    SSDT BA7AA6B4 ZwReplaceKey
    SSDT BA7AA6AF ZwRestoreKey
    SSDT BA7AA6EB ZwSetContextThread
    SSDT BA7AA6A0 ZwSetValueKey
    SSDT BA7AA687 ZwTerminateProcess

    ---- Kernel code sections - GMER 2.0 ----

    ? C:\DOCUME~1\Mariah\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 2.0 ----

    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 2C, 56, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 2F, 56, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 2C, 56, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 2D, 56, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912C46
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 2E, 56, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 2D, 56, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 2E, 56, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912CB7
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 2C, 56, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912DE5
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 2D, 56, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 2E, 56, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 2F, 56, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A4, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, A7, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A4, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A5, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912BBE
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, A6, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A5, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, A6, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912C2F
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A4, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912D5D
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A5, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, A6, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, A7, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 24, 25, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 27, 25, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 24, 25, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 25, 25, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90FB3E
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 26, 25, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 25, 25, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 26, 25, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90FBAF
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 24, 25, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90FCDD
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 25, 25, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 26, 25, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 27, 25, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 2C, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 2F, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 2C, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 2D, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912B46
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 2E, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 2D, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 2E, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912BB7
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 2C, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912CE5
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 2D, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 2E, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 2F, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2144] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2144] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E75C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, BC, D7, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, BF, D7, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, BC, D7, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, BD, D7, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91ADD6
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, BE, D7, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, BD, D7, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, BE, D7, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91AE47
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, BC, D7, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91AF75
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, BD, D7, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, BE, D7, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, BF, D7, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 3E, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 3E, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 3E, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 3E, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91141A
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 3E, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 3E, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 3E, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91148B
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 3E, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9115B9
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 3E, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 3E, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 3E, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A8, 94, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, AB, 94, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A8, 94, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A9, 94, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B916AC2
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, AA, 94, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A9, 94, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, AA, 94, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B916B33
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A8, 94, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916C61
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A9, 94, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, AA, 94, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, AB, 94, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, D4, D8, 00] {SUB AH, DL; FADD DWORD [EAX]}
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, D7, D8, 00] {SUB BH, DL; FADD DWORD [EAX]}
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, D4, D8, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, D5, D8, 00] {TEST AL, 0xd5; FADD DWORD [EAX]}
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91AEEE
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, D6, D8, 00] {TEST AL, 0xd6; FADD DWORD [EAX]}
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, D5, D8, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, D6, D8, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91AF5F
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, D4, D8, 00] {TEST AL, 0xd4; FADD DWORD [EAX]}
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91B08D
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, D5, D8, 00] {SUB CH, DL; FADD DWORD [EAX]}
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, D6, D8, 00] {SUB DH, DL; FADD DWORD [EAX]}
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, D7, D8, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C8, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, CB, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C8, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C9, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912BE2
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, CA, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C9, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, CA, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912C53
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C8, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912D81
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C9, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, CA, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, CB, 55, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 70, 7E, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 73, 7E, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 70, 7E, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 71, 7E, 00] {TEST AL, 0x71; JLE 0x4}
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91548A
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 72, 7E, 00] {TEST AL, 0x72; JLE 0x4}
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 71, 7E, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 72, 7E, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9154FB
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 70, 7E, 00] {TEST AL, 0x70; JLE 0x4}
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B915629
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 71, 7E, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 72, 7E, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 73, 7E, 00]
    .text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

    ---- Registry - GMER 2.0 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641a2e441
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001641a2e441 (not active ControlSet)

    ---- EOF - GMER 2.0 ----
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    wait until the helper has cleaned your first computer and tell her about this one
    I will close this thread until that has been done to prevent confusion. It always causes immense confusion and major problems when you different helpers working on multiple computers in the same household or with same poster
     
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,984
    I've reopened this thread to start working on this second computer.

    Please go here and download the TDSSKiller.exe to your desktop.
    • Double-click to TDSSKiller.exe on your desktop to run it.
    • Click on Start Scan
    • As we don't want to fix anything yet, if any malicious objects are detected, do NOT select Cure but select Skip instead.
    It will produce a log once it finishes in the root drive which should look like this example:

    C:\TDSSKiller.<version_date_time>log.txt

    Please copy and paste the contents of that log in your next reply.
     
  4. genubi

    genubi Thread Starter

    Joined:
    Oct 12, 2000
    Messages:
    81
    12:34:25.0703 2888 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    12:34:26.0156 2888 ============================================================
    12:34:26.0156 2888 Current date / time: 2013/02/02 12:34:26.0156
    12:34:26.0156 2888 SystemInfo:
    12:34:26.0156 2888
    12:34:26.0156 2888 OS Version: 5.1.2600 ServicePack: 3.0
    12:34:26.0156 2888 Product type: Workstation
    12:34:26.0156 2888 ComputerName: PROMETHEUS
    12:34:26.0156 2888 UserName: Mariah
    12:34:26.0156 2888 Windows directory: C:\WINDOWS
    12:34:26.0156 2888 System windows directory: C:\WINDOWS
    12:34:26.0156 2888 Processor architecture: Intel x86
    12:34:26.0156 2888 Number of processors: 2
    12:34:26.0156 2888 Page size: 0x1000
    12:34:26.0156 2888 Boot type: Normal boot
    12:34:26.0156 2888 ============================================================
    12:34:28.0265 2888 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    12:34:28.0281 2888 Drive \Device\Harddisk1\DR2 - Size: 0xF600000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    12:34:28.0281 2888 ============================================================
    12:34:28.0281 2888 \Device\Harddisk0\DR0:
    12:34:28.0281 2888 MBR partitions:
    12:34:28.0281 2888 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
    12:34:28.0281 2888 \Device\Harddisk1\DR2:
    12:34:28.0281 2888 MBR partitions:
    12:34:28.0281 2888 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x7ADE0
    12:34:28.0281 2888 ============================================================
    12:34:28.0312 2888 C: <-> \Device\Harddisk0\DR0\Partition1
    12:34:28.0312 2888 ============================================================
    12:34:28.0312 2888 Initialize success
    12:34:28.0312 2888 ============================================================
    12:34:34.0187 4084 ============================================================
    12:34:34.0187 4084 Scan started
    12:34:34.0187 4084 Mode: Manual;
    12:34:34.0187 4084 ============================================================
    12:34:34.0515 4084 ================ Scan system memory ========================
    12:34:34.0515 4084 System memory - ok
    12:34:34.0515 4084 ================ Scan services =============================
    12:34:34.0593 4084 Abiosdsk - ok
    12:34:34.0593 4084 abp480n5 - ok
    12:34:34.0640 4084 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    12:34:34.0687 4084 ACPI - ok
    12:34:34.0718 4084 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    12:34:34.0734 4084 ACPIEC - ok
    12:34:34.0812 4084 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    12:34:34.0843 4084 AdobeFlashPlayerUpdateSvc - ok
    12:34:34.0843 4084 adpu160m - ok
    12:34:34.0906 4084 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    12:34:34.0937 4084 aec - ok
    12:34:34.0968 4084 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys
    12:34:35.0015 4084 Afc - ok
    12:34:35.0046 4084 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    12:34:35.0093 4084 AFD - ok
    12:34:35.0093 4084 Aha154x - ok
    12:34:35.0093 4084 aic78u2 - ok
    12:34:35.0109 4084 aic78xx - ok
    12:34:35.0125 4084 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    12:34:35.0156 4084 Alerter - ok
    12:34:35.0187 4084 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    12:34:35.0218 4084 ALG - ok
    12:34:35.0218 4084 AliIde - ok
    12:34:35.0234 4084 amsint - ok
    12:34:35.0312 4084 [ B4837FE56D76B2E9EA90E5365CF6A2BE ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
    12:34:35.0359 4084 AntiVirSchedulerService - ok
    12:34:35.0390 4084 [ DF5A3016052755C910A206058B4A1729 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    12:34:35.0406 4084 AntiVirService - ok
    12:34:35.0453 4084 [ 090880E9BF20F928BC341F96D27C019E ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    12:34:35.0484 4084 ApfiltrService - ok
    12:34:35.0531 4084 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    12:34:35.0578 4084 Apple Mobile Device - ok
    12:34:35.0578 4084 AppMgmt - ok
    12:34:35.0578 4084 asc - ok
    12:34:35.0593 4084 asc3350p - ok
    12:34:35.0593 4084 asc3550 - ok
    12:34:35.0687 4084 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    12:34:35.0703 4084 aspnet_state - ok
    12:34:35.0750 4084 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    12:34:35.0765 4084 AsyncMac - ok
    12:34:35.0796 4084 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    12:34:35.0796 4084 atapi - ok
    12:34:35.0796 4084 Atdisk - ok
    12:34:35.0828 4084 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    12:34:35.0859 4084 Atmarpc - ok
    12:34:35.0906 4084 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    12:34:35.0937 4084 AudioSrv - ok
    12:34:35.0953 4084 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    12:34:35.0984 4084 audstub - ok
    12:34:36.0015 4084 [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    12:34:36.0046 4084 avgio - ok
    12:34:36.0062 4084 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    12:34:36.0093 4084 avgntflt - ok
    12:34:36.0125 4084 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
    12:34:36.0156 4084 avipbb - ok
    12:34:36.0203 4084 [ C0ACD392ECE55784884CC208AAFA06CE ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    12:34:36.0218 4084 b57w2k - ok
    12:34:36.0359 4084 [ 345D38F298368DD6B0DF5C4F37457A22 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    12:34:36.0453 4084 BCM43XX - ok
    12:34:36.0500 4084 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    12:34:36.0500 4084 Beep - ok
    12:34:36.0562 4084 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    12:34:36.0703 4084 BITS - ok
    12:34:36.0781 4084 [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    12:34:36.0812 4084 Bonjour Service - ok
    12:34:36.0859 4084 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    12:34:36.0890 4084 Browser - ok
    12:34:36.0921 4084 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    12:34:36.0937 4084 BthEnum - ok
    12:34:36.0953 4084 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
    12:34:36.0984 4084 BthPan - ok
    12:34:37.0015 4084 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
    12:34:37.0062 4084 BTHPORT - ok
    12:34:37.0078 4084 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
    12:34:37.0109 4084 BthServ - ok
    12:34:37.0125 4084 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
    12:34:37.0156 4084 BTHUSB - ok
    12:34:37.0187 4084 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    12:34:37.0203 4084 cbidf2k - ok
    12:34:37.0203 4084 cd20xrnt - ok
    12:34:37.0234 4084 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    12:34:37.0265 4084 Cdaudio - ok
    12:34:37.0296 4084 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    12:34:37.0328 4084 Cdfs - ok
    12:34:37.0359 4084 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    12:34:37.0390 4084 Cdrom - ok
    12:34:37.0390 4084 cerc6 - ok
    12:34:37.0406 4084 Changer - ok
    12:34:37.0421 4084 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    12:34:37.0437 4084 CiSvc - ok
    12:34:37.0453 4084 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    12:34:37.0468 4084 ClipSrv - ok
    12:34:37.0515 4084 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    12:34:37.0531 4084 clr_optimization_v2.0.50727_32 - ok
    12:34:37.0625 4084 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    12:34:37.0656 4084 clr_optimization_v4.0.30319_32 - ok
    12:34:37.0703 4084 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    12:34:37.0718 4084 CmBatt - ok
    12:34:37.0734 4084 CmdIde - ok
    12:34:37.0734 4084 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
    12:34:37.0750 4084 Compbatt - ok
    12:34:37.0750 4084 COMSysApp - ok
    12:34:37.0765 4084 Cpqarray - ok
    12:34:37.0796 4084 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    12:34:37.0906 4084 CryptSvc - ok
    12:34:37.0906 4084 dac2w2k - ok
    12:34:37.0921 4084 dac960nt - ok
    12:34:38.0015 4084 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    12:34:38.0031 4084 DcomLaunch - ok
    12:34:38.0062 4084 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    12:34:38.0093 4084 Dhcp - ok
    12:34:38.0125 4084 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    12:34:38.0156 4084 Disk - ok
    12:34:38.0203 4084 [ E2D0DE31442390C35E3163C87CB6A9EB ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    12:34:38.0234 4084 DLABOIOM - ok
    12:34:38.0234 4084 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    12:34:38.0265 4084 DLACDBHM - ok
    12:34:38.0281 4084 [ 83545593E297F50A8E2524B4C071A153 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
    12:34:38.0312 4084 DLADResN - ok
    12:34:38.0328 4084 [ 96E01D901CDC98C7817155CC057001BF ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    12:34:38.0375 4084 DLAIFS_M - ok
    12:34:38.0375 4084 [ 0A60A39CC5E767980A31CA5D7238DFA9 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    12:34:38.0406 4084 DLAOPIOM - ok
    12:34:38.0406 4084 [ 9FE2B72558FC808357F427FD83314375 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    12:34:38.0437 4084 DLAPoolM - ok
    12:34:38.0437 4084 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
    12:34:38.0468 4084 DLARTL_N - ok
    12:34:38.0468 4084 [ F08E1DAFAC457893399E03430A6A1397 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    12:34:38.0500 4084 DLAUDFAM - ok
    12:34:38.0500 4084 [ E7D105ED1E694449D444A9933DF8E060 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    12:34:38.0531 4084 DLAUDF_M - ok
    12:34:38.0531 4084 dmadmin - ok
    12:34:38.0578 4084 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    12:34:38.0625 4084 dmboot - ok
    12:34:38.0656 4084 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    12:34:38.0671 4084 dmio - ok
    12:34:38.0703 4084 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    12:34:38.0718 4084 dmload - ok
    12:34:38.0750 4084 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    12:34:38.0765 4084 dmserver - ok
    12:34:38.0812 4084 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    12:34:38.0843 4084 DMusic - ok
    12:34:38.0875 4084 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    12:34:38.0921 4084 Dnscache - ok
    12:34:38.0937 4084 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    12:34:38.0968 4084 Dot3svc - ok
    12:34:38.0968 4084 dpti2o - ok
    12:34:38.0984 4084 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    12:34:39.0015 4084 drmkaud - ok
    12:34:39.0046 4084 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    12:34:39.0062 4084 DRVMCDB - ok
    12:34:39.0078 4084 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    12:34:39.0109 4084 DRVNDDM - ok
    12:34:39.0140 4084 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    12:34:39.0156 4084 EapHost - ok
    12:34:39.0187 4084 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    12:34:39.0218 4084 ERSvc - ok
    12:34:39.0250 4084 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    12:34:39.0296 4084 Eventlog - ok
    12:34:39.0343 4084 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    12:34:39.0375 4084 EventSystem - ok
    12:34:39.0406 4084 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    12:34:39.0453 4084 Fastfat - ok
    12:34:39.0484 4084 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    12:34:39.0531 4084 FastUserSwitchingCompatibility - ok
    12:34:39.0546 4084 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    12:34:39.0578 4084 Fdc - ok
    12:34:39.0609 4084 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    12:34:39.0640 4084 Fips - ok
    12:34:39.0640 4084 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    12:34:39.0671 4084 Flpydisk - ok
    12:34:39.0718 4084 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    12:34:39.0750 4084 FltMgr - ok
    12:34:39.0781 4084 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    12:34:39.0828 4084 FontCache3.0.0.0 - ok
    12:34:39.0828 4084 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    12:34:39.0843 4084 Fs_Rec - ok
    12:34:39.0890 4084 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    12:34:39.0921 4084 Ftdisk - ok
    12:34:39.0968 4084 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    12:34:39.0984 4084 GEARAspiWDM - ok
    12:34:40.0031 4084 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    12:34:40.0046 4084 Gpc - ok
    12:34:40.0125 4084 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    12:34:40.0156 4084 gupdate - ok
    12:34:40.0156 4084 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    12:34:40.0171 4084 gupdatem - ok
    12:34:40.0203 4084 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    12:34:40.0234 4084 gusvc - ok
    12:34:40.0281 4084 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    12:34:40.0312 4084 HDAudBus - ok
    12:34:40.0390 4084 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    12:34:40.0390 4084 helpsvc - ok
    12:34:40.0406 4084 HidServ - ok
    12:34:40.0437 4084 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    12:34:40.0453 4084 HidUsb - ok
    12:34:40.0484 4084 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    12:34:40.0515 4084 hkmsvc - ok
    12:34:40.0515 4084 hpn - ok
    12:34:40.0625 4084 [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
    12:34:40.0640 4084 HPSLPSVC - ok
    12:34:40.0687 4084 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    12:34:40.0703 4084 HPZid412 - ok
    12:34:40.0718 4084 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    12:34:40.0734 4084 HPZipr12 - ok
    12:34:40.0750 4084 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    12:34:40.0765 4084 HPZius12 - ok
    12:34:40.0828 4084 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
    12:34:40.0890 4084 HSF_DPV - ok
    12:34:40.0921 4084 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
    12:34:40.0953 4084 HSXHWAZL - ok
    12:34:41.0000 4084 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    12:34:41.0046 4084 HTTP - ok
    12:34:41.0062 4084 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    12:34:41.0109 4084 HTTPFilter - ok
    12:34:41.0109 4084 i2omgmt - ok
    12:34:41.0109 4084 i2omp - ok
    12:34:41.0140 4084 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    12:34:41.0171 4084 i8042prt - ok
    12:34:41.0406 4084 [ E8C7CC369C2FB657E0792AF70DF529E6 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    12:34:41.0703 4084 ialm - ok
    12:34:41.0734 4084 [ 17C3EC352DFABE0670E5A3AFD750891B ] ICDSPTSV C:\WINDOWS\system32\IcdSptSv.exe
    12:34:41.0890 4084 ICDSPTSV - ok
    12:34:41.0937 4084 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    12:34:41.0968 4084 IDriverT - ok
    12:34:42.0046 4084 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    12:34:42.0140 4084 idsvc - ok
    12:34:42.0156 4084 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    12:34:42.0171 4084 Imapi - ok
    12:34:42.0218 4084 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    12:34:42.0265 4084 ImapiService - ok
    12:34:42.0265 4084 ini910u - ok
    12:34:42.0281 4084 IntelIde - ok
    12:34:42.0312 4084 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    12:34:42.0343 4084 intelppm - ok
    12:34:42.0375 4084 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    12:34:42.0375 4084 Ip6Fw - ok
    12:34:42.0390 4084 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    12:34:42.0421 4084 IpFilterDriver - ok
    12:34:42.0437 4084 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    12:34:42.0453 4084 IpInIp - ok
    12:34:42.0484 4084 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    12:34:42.0531 4084 IpNat - ok
    12:34:42.0593 4084 [ 3A6D4D8ABACF64292D060C9E06D2050D ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    12:34:42.0656 4084 iPod Service - ok
    12:34:42.0687 4084 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    12:34:42.0718 4084 IPSec - ok
    12:34:42.0734 4084 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    12:34:42.0750 4084 IRENUM - ok
    12:34:42.0796 4084 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    12:34:42.0828 4084 isapnp - ok
    12:34:42.0906 4084 [ 7FBFEEE245821925129C9F86470BF33C ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    12:34:42.0937 4084 JavaQuickStarterService - ok
    12:34:42.0984 4084 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    12:34:43.0015 4084 Kbdclass - ok
    12:34:43.0046 4084 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    12:34:43.0062 4084 kmixer - ok
    12:34:43.0093 4084 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    12:34:43.0125 4084 KSecDD - ok
    12:34:43.0171 4084 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
    12:34:43.0203 4084 LanmanServer - ok
    12:34:43.0250 4084 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    12:34:43.0265 4084 lanmanworkstation - ok
    12:34:43.0265 4084 lbrtfdc - ok
    12:34:43.0312 4084 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    12:34:43.0328 4084 LmHosts - ok
    12:34:43.0406 4084 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    12:34:43.0437 4084 MDM - ok
    12:34:43.0453 4084 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    12:34:43.0468 4084 mdmxsdk - ok
    12:34:43.0500 4084 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    12:34:43.0515 4084 Messenger - ok
    12:34:43.0546 4084 [ 8143E6203E5765ED9F7E6DAE57CEC8D3 ] MHIKEY10 C:\WINDOWS\system32\Drivers\MHIKEY10.sys
    12:34:43.0578 4084 MHIKEY10 - ok
    12:34:43.0625 4084 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    12:34:43.0640 4084 mnmdd - ok
    12:34:43.0671 4084 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    12:34:43.0703 4084 mnmsrvc - ok
    12:34:43.0734 4084 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    12:34:43.0750 4084 Modem - ok
    12:34:43.0781 4084 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    12:34:43.0812 4084 Mouclass - ok
    12:34:43.0843 4084 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    12:34:43.0859 4084 mouhid - ok
    12:34:43.0890 4084 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    12:34:43.0906 4084 MountMgr - ok
    12:34:43.0921 4084 mraid35x - ok
    12:34:43.0937 4084 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    12:34:43.0968 4084 MRxDAV - ok
    12:34:44.0031 4084 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    12:34:44.0078 4084 MRxSmb - ok
    12:34:44.0109 4084 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    12:34:44.0140 4084 MSDTC - ok
    12:34:44.0171 4084 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    12:34:44.0203 4084 Msfs - ok
    12:34:44.0203 4084 MSIServer - ok
    12:34:44.0218 4084 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    12:34:44.0250 4084 MSKSSRV - ok
    12:34:44.0265 4084 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    12:34:44.0296 4084 MSPCLOCK - ok
    12:34:44.0312 4084 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    12:34:44.0343 4084 MSPQM - ok
    12:34:44.0375 4084 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    12:34:44.0390 4084 mssmbios - ok
    12:34:44.0406 4084 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    12:34:44.0437 4084 Mup - ok
    12:34:44.0468 4084 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    12:34:44.0500 4084 napagent - ok
    12:34:44.0531 4084 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    12:34:44.0562 4084 NDIS - ok
    12:34:44.0593 4084 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    12:34:44.0625 4084 NdisTapi - ok
    12:34:44.0656 4084 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    12:34:44.0687 4084 Ndisuio - ok
    12:34:44.0703 4084 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    12:34:44.0718 4084 NdisWan - ok
    12:34:44.0718 4084 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    12:34:44.0750 4084 NDProxy - ok
    12:34:44.0781 4084 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
    12:34:44.0812 4084 Net Driver HPZ12 - ok
    12:34:44.0843 4084 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    12:34:44.0859 4084 NetBIOS - ok
    12:34:44.0890 4084 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    12:34:44.0937 4084 NetBT - ok
    12:34:44.0953 4084 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    12:34:44.0984 4084 NetDDE - ok
    12:34:44.0984 4084 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    12:34:44.0984 4084 NetDDEdsdm - ok
    12:34:45.0015 4084 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    12:34:45.0046 4084 Netlogon - ok
    12:34:45.0062 4084 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    12:34:45.0093 4084 Netman - ok
    12:34:45.0109 4084 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    12:34:45.0156 4084 NetTcpPortSharing - ok
    12:34:45.0203 4084 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    12:34:45.0203 4084 Nla - ok
    12:34:45.0250 4084 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    12:34:45.0265 4084 Npfs - ok
    12:34:45.0343 4084 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    12:34:45.0375 4084 Ntfs - ok
    12:34:45.0375 4084 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    12:34:45.0375 4084 NtLmSsp - ok
    12:34:45.0421 4084 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    12:34:45.0453 4084 NtmsSvc - ok
    12:34:45.0468 4084 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    12:34:45.0500 4084 Null - ok
    12:34:45.0515 4084 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    12:34:45.0531 4084 NwlnkFlt - ok
    12:34:45.0562 4084 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    12:34:45.0578 4084 NwlnkFwd - ok
    12:34:45.0609 4084 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
    12:34:45.0640 4084 OMCI - ok
    12:34:45.0656 4084 [ 240C0D4049A833B16B63B636ACF01672 ] PalmUSBD C:\WINDOWS\system32\drivers\PalmUSBD.sys
    12:34:45.0687 4084 PalmUSBD - ok
    12:34:45.0703 4084 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    12:34:45.0734 4084 Parport - ok
    12:34:45.0734 4084 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    12:34:45.0750 4084 PartMgr - ok
    12:34:45.0781 4084 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    12:34:45.0796 4084 ParVdm - ok
    12:34:45.0828 4084 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    12:34:45.0859 4084 PCI - ok
    12:34:45.0875 4084 PCIDump - ok
    12:34:45.0875 4084 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    12:34:45.0875 4084 PCIIde - ok
    12:34:45.0906 4084 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    12:34:45.0921 4084 Pcmcia - ok
    12:34:45.0921 4084 PDCOMP - ok
    12:34:45.0937 4084 PDFRAME - ok
    12:34:45.0937 4084 PDRELI - ok
    12:34:45.0937 4084 PDRFRAME - ok
    12:34:45.0953 4084 perc2 - ok
    12:34:45.0953 4084 perc2hib - ok
    12:34:46.0000 4084 [ 6C1618A07B49E3873582B6449E744088 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
    12:34:46.0015 4084 pfc - ok
    12:34:46.0046 4084 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    12:34:46.0046 4084 PlugPlay - ok
    12:34:46.0062 4084 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
    12:34:46.0093 4084 Pml Driver HPZ12 - ok
    12:34:46.0109 4084 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    12:34:46.0109 4084 PolicyAgent - ok
    12:34:46.0125 4084 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    12:34:46.0156 4084 PptpMiniport - ok
    12:34:46.0156 4084 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    12:34:46.0171 4084 ProtectedStorage - ok
    12:34:46.0171 4084 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    12:34:46.0203 4084 PSched - ok
    12:34:46.0203 4084 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    12:34:46.0218 4084 Ptilink - ok
    12:34:46.0234 4084 [ 5491E4E7D93804F43ABE8CE3C39F5A86 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    12:34:46.0250 4084 PxHelp20 - ok
    12:34:46.0265 4084 ql1080 - ok
    12:34:46.0265 4084 Ql10wnt - ok
    12:34:46.0265 4084 ql12160 - ok
    12:34:46.0265 4084 ql1240 - ok
    12:34:46.0281 4084 ql1280 - ok
    12:34:46.0296 4084 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    12:34:46.0312 4084 RasAcd - ok
    12:34:46.0343 4084 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    12:34:46.0375 4084 RasAuto - ok
    12:34:46.0390 4084 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    12:34:46.0421 4084 Rasl2tp - ok
    12:34:46.0453 4084 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    12:34:46.0484 4084 RasMan - ok
    12:34:46.0484 4084 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    12:34:46.0515 4084 RasPppoe - ok
    12:34:46.0515 4084 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    12:34:46.0531 4084 Raspti - ok
    12:34:46.0562 4084 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    12:34:46.0578 4084 Rdbss - ok
    12:34:46.0578 4084 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    12:34:46.0609 4084 RDPCDD - ok
    12:34:46.0640 4084 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    12:34:46.0671 4084 RDPWD - ok
    12:34:46.0703 4084 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    12:34:46.0734 4084 RDSessMgr - ok
    12:34:46.0765 4084 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    12:34:46.0796 4084 redbook - ok
    12:34:46.0812 4084 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    12:34:46.0828 4084 RemoteAccess - ok
    12:34:46.0843 4084 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    12:34:46.0875 4084 RFCOMM - ok
    12:34:46.0890 4084 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    12:34:46.0921 4084 RpcLocator - ok
    12:34:46.0953 4084 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
    12:34:46.0968 4084 RpcSs - ok
    12:34:47.0000 4084 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    12:34:47.0015 4084 RSVP - ok
    12:34:47.0031 4084 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    12:34:47.0046 4084 SamSs - ok
    12:34:47.0078 4084 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    12:34:47.0125 4084 SCardSvr - ok
    12:34:47.0187 4084 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    12:34:47.0234 4084 Schedule - ok
    12:34:47.0250 4084 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    12:34:47.0265 4084 Secdrv - ok
    12:34:47.0312 4084 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    12:34:47.0328 4084 seclogon - ok
    12:34:47.0343 4084 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    12:34:47.0343 4084 SENS - ok
    12:34:47.0375 4084 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    12:34:47.0406 4084 serenum - ok
    12:34:47.0406 4084 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    12:34:47.0437 4084 Serial - ok
    12:34:47.0484 4084 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    12:34:47.0500 4084 Sfloppy - ok
    12:34:47.0531 4084 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    12:34:47.0578 4084 SharedAccess - ok
    12:34:47.0593 4084 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    12:34:47.0609 4084 ShellHWDetection - ok
    12:34:47.0609 4084 Simbad - ok
    12:34:47.0625 4084 Sparrow - ok
    12:34:47.0656 4084 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    12:34:47.0671 4084 splitter - ok
    12:34:47.0687 4084 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    12:34:47.0718 4084 Spooler - ok
    12:34:47.0765 4084 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    12:34:47.0781 4084 sr - ok
    12:34:47.0812 4084 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    12:34:47.0859 4084 srservice - ok
    12:34:47.0906 4084 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    12:34:47.0968 4084 Srv - ok
    12:34:48.0015 4084 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    12:34:48.0046 4084 SSDPSRV - ok
    12:34:48.0093 4084 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    12:34:48.0109 4084 ssmdrv - ok
    12:34:48.0187 4084 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
    12:34:48.0234 4084 STHDA - ok
    12:34:48.0281 4084 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
    12:34:48.0312 4084 StillCam - ok
    12:34:48.0375 4084 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    12:34:48.0421 4084 stisvc - ok
    12:34:48.0437 4084 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    12:34:48.0453 4084 swenum - ok
    12:34:48.0500 4084 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    12:34:48.0515 4084 swmidi - ok
    12:34:48.0531 4084 SwPrv - ok
    12:34:48.0531 4084 symc810 - ok
    12:34:48.0531 4084 symc8xx - ok
    12:34:48.0546 4084 sym_hi - ok
    12:34:48.0546 4084 sym_u3 - ok
    12:34:48.0578 4084 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    12:34:48.0609 4084 sysaudio - ok
    12:34:48.0625 4084 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    12:34:48.0656 4084 SysmonLog - ok
    12:34:48.0687 4084 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    12:34:48.0718 4084 TapiSrv - ok
    12:34:48.0765 4084 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    12:34:48.0812 4084 Tcpip - ok
    12:34:48.0843 4084 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    12:34:48.0859 4084 TDPIPE - ok
    12:34:48.0875 4084 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    12:34:48.0890 4084 TDTCP - ok
    12:34:48.0937 4084 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    12:34:48.0968 4084 TermDD - ok
    12:34:49.0000 4084 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    12:34:49.0046 4084 TermService - ok
    12:34:49.0078 4084 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    12:34:49.0078 4084 Themes - ok
    12:34:49.0093 4084 TosIde - ok
    12:34:49.0109 4084 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    12:34:49.0140 4084 TrkWks - ok
    12:34:49.0187 4084 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    12:34:49.0218 4084 Udfs - ok
    12:34:49.0218 4084 UIUSys - ok
    12:34:49.0218 4084 ultra - ok
    12:34:49.0265 4084 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    12:34:49.0312 4084 Update - ok
    12:34:49.0343 4084 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    12:34:49.0375 4084 upnphost - ok
    12:34:49.0375 4084 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    12:34:49.0406 4084 UPS - ok
    12:34:49.0437 4084 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
    12:34:49.0453 4084 USBAAPL - ok
    12:34:49.0484 4084 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    12:34:49.0500 4084 usbccgp - ok
    12:34:49.0546 4084 [ 6B5E4D5E6E5ECD6ACD14AED59768CE5C ] USBCCID C:\WINDOWS\system32\DRIVERS\usbccid.sys
    12:34:49.0562 4084 USBCCID - ok
    12:34:49.0593 4084 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    12:34:49.0625 4084 usbehci - ok
    12:34:49.0656 4084 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    12:34:49.0687 4084 usbhub - ok
    12:34:49.0703 4084 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    12:34:49.0718 4084 usbprint - ok
    12:34:49.0734 4084 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    12:34:49.0750 4084 usbscan - ok
    12:34:49.0781 4084 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    12:34:49.0812 4084 USBSTOR - ok
    12:34:49.0828 4084 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    12:34:49.0859 4084 usbuhci - ok
    12:34:49.0859 4084 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    12:34:49.0875 4084 VgaSave - ok
    12:34:49.0875 4084 ViaIde - ok
    12:34:49.0906 4084 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    12:34:49.0921 4084 VolSnap - ok
    12:34:49.0968 4084 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    12:34:50.0015 4084 VSS - ok
    12:34:50.0046 4084 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    12:34:50.0078 4084 W32Time - ok
    12:34:50.0109 4084 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    12:34:50.0140 4084 Wanarp - ok
    12:34:50.0140 4084 WDICA - ok
    12:34:50.0171 4084 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    12:34:50.0203 4084 wdmaud - ok
    12:34:50.0234 4084 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    12:34:50.0265 4084 WebClient - ok
    12:34:50.0312 4084 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
    12:34:50.0375 4084 winachsf - ok
    12:34:50.0453 4084 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    12:34:50.0484 4084 winmgmt - ok
    12:34:50.0500 4084 wltrysvc - ok
    12:34:50.0531 4084 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    12:34:50.0546 4084 WmdmPmSN - ok
    12:34:50.0578 4084 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    12:34:50.0593 4084 WmiAcpi - ok
    12:34:50.0609 4084 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    12:34:50.0640 4084 WmiApSrv - ok
    12:34:50.0734 4084 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    12:34:50.0812 4084 WMPNetworkSvc - ok
    12:34:50.0828 4084 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    12:34:50.0843 4084 WpdUsb - ok
    12:34:50.0921 4084 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    12:34:51.0000 4084 WPFFontCache_v0400 - ok
    12:34:51.0015 4084 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    12:34:51.0046 4084 WS2IFSL - ok
    12:34:51.0078 4084 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    12:34:51.0109 4084 wscsvc - ok
    12:34:51.0140 4084 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    12:34:51.0171 4084 wuauserv - ok
    12:34:51.0218 4084 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    12:34:51.0250 4084 WudfPf - ok
    12:34:51.0265 4084 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    12:34:51.0281 4084 WudfRd - ok
    12:34:51.0296 4084 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    12:34:51.0343 4084 WudfSvc - ok
    12:34:51.0375 4084 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    12:34:51.0421 4084 WZCSVC - ok
    12:34:51.0453 4084 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    12:34:51.0468 4084 xmlprov - ok
    12:34:51.0484 4084 ================ Scan global ===============================
    12:34:51.0515 4084 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    12:34:51.0562 4084 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    12:34:51.0625 4084 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    12:34:51.0656 4084 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    12:34:51.0656 4084 [Global] - ok
    12:34:51.0656 4084 ================ Scan MBR ==================================
    12:34:51.0687 4084 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    12:34:51.0921 4084 \Device\Harddisk0\DR0 - ok
    12:34:51.0921 4084 ================ Scan VBR ==================================
    12:34:51.0921 4084 [ 3CBFE20E03CDAA1FBEF8F955B5DAFE10 ] \Device\Harddisk0\DR0\Partition1
    12:34:51.0921 4084 \Device\Harddisk0\DR0\Partition1 - ok
    12:34:51.0937 4084 ============================================================
    12:34:51.0937 4084 Scan finished
    12:34:51.0937 4084 ============================================================
    12:34:51.0937 3940 Detected object count: 0
    12:34:51.0937 3940 Actual detected object count: 0
     
  5. genubi

    genubi Thread Starter

    Joined:
    Oct 12, 2000
    Messages:
    81
    Heading to the gym for a work out. Back at it when I get back. The second computer is coming up clean. If that one was not infected I think my other devices are good. But, it wont hurt to run some "quick" diagnostics. I have the Nook and a third laptop that all share the wireless internet here at home.
    Also, did you answer my question regarding the router and the modem? Can a virus or worm get into those devices?
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,984
    Please visit Combofix Guide & Instructions for instructions for installing the Recovery Console and downloading and running ComboFix.

    The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

    Post the log from ComboFix when you've accomplished that.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
     
  7. genubi

    genubi Thread Starter

    Joined:
    Oct 12, 2000
    Messages:
    81
    ComboFix 13-02-02.05 - Mariah 02/02/2013 17:23:12.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1311 [GMT -5:00]
    Running from: c:\documents and settings\Mariah\Desktop\puppy.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Mariah\My Documents\~WRL0222.tmp
    c:\documents and settings\Mariah\My Documents\~WRL0273.tmp
    c:\documents and settings\Mariah\My Documents\~WRL0453.tmp
    c:\documents and settings\Mariah\My Documents\~WRL1066.tmp
    c:\documents and settings\Mariah\My Documents\~WRL1111.tmp
    c:\documents and settings\Mariah\My Documents\~WRL1230.tmp
    c:\documents and settings\Mariah\My Documents\~WRL1713.tmp
    c:\documents and settings\Mariah\My Documents\~WRL1724.tmp
    c:\documents and settings\Mariah\My Documents\~WRL2164.tmp
    c:\documents and settings\Mariah\My Documents\~WRL2482.tmp
    c:\documents and settings\Mariah\My Documents\~WRL2677.tmp
    c:\documents and settings\Mariah\My Documents\~WRL2695.tmp
    c:\documents and settings\Mariah\My Documents\~WRL3679.tmp
    c:\windows\Downloaded Program Files\setup.dll
    c:\windows\system32\SETA1.tmp
    c:\windows\system32\SETA5.tmp
    c:\windows\system32\SETA6.tmp
    c:\windows\system32\SETAD.tmp
    c:\windows\wininit.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-02 to 2013-02-02 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-01 18:50 . 2013-02-01 18:50 -------- d-----w- c:\documents and settings\Mariah\Local Settings\Application Data\Sun
    2013-01-30 00:47 . 2013-01-30 00:47 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\Sun
    2013-01-27 15:45 . 2013-01-27 15:45 -------- d-----w- c:\program files\Trend Micro
    2013-01-27 15:41 . 2013-01-27 15:41 -------- d-----w- c:\program files\Common Files\Java
    2013-01-27 15:41 . 2013-01-27 15:40 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2013-01-27 15:40 . 2013-01-27 15:40 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-01-27 15:40 . 2013-01-27 15:40 -------- d-----w- c:\program files\Java
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-27 15:40 . 2012-07-21 17:47 859552 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-01-27 15:40 . 2012-03-02 19:26 780192 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-09 01:40 . 2012-08-23 13:41 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-09 01:40 . 2011-05-14 13:52 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-16 12:23 . 2008-04-13 23:00 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 21:49 . 2011-10-22 19:06 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-13 01:25 . 2008-04-13 23:00 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-06 02:01 . 2008-04-13 23:00 1371648 ----a-w- c:\windows\system32\msxml6.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Microsoft Location Finder"="c:\program files\Microsoft Location Finder\LocationFinder.exe" [2005-08-24 101080]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-04-29 5248312]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
    backup=c:\windows\pss\DataViz Inc Messenger.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
    backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
    backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
    2010-10-29 15:14 2498560 ----a-w- c:\windows\system32\WLTRAY.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
    2005-09-08 09:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2005-12-10 01:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-02-23 02:50 135664 ----atw- c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-07-19 22:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2007-03-31 00:59 138008 ----a-w- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/22/2010 8:25 PM 136360]
    S0 cerc6;cerc6; [x]
    S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [5/27/2008 2:52 AM 51072]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 81591274
    *Deregistered* - 81591274
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 01:40]
    .
    2013-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
    .
    2013-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 02:57]
    .
    2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 02:57]
    .
    2013-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1004Core.job
    - c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-23 02:50]
    .
    2013-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1004UA.job
    - c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-23 02:50]
    .
    2013-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1005Core.job
    - c:\documents and settings\Mariah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 20:30]
    .
    2013-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1005UA.job
    - c:\documents and settings\Mariah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 20:30]
    .
    2010-04-09 c:\windows\Tasks\Install.job
    - c:\windows\system32\Macromed\Shockwave 10\nssstub.exe [2010-04-07 23:58]
    .
    2013-02-02 c:\windows\Tasks\User_Feed_Synchronization-{12D6261B-6524-4ED6-888E-47F687F15403}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.17.1
    DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} - hxxps://briowebprod.syr.edu/InsightInstaller/setup.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-WinCalendar - c:\program files\Sapro Systems WinCalendar\WinCalendar_SysTray.exe
    HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-02-02 17:27
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(804)
    c:\windows\System32\BCMLogon.dll
    c:\windows\system32\igfxdev.dll
    .
    Completion time: 2013-02-02 17:28:49
    ComboFix-quarantined-files.txt 2013-02-02 22:28
    .
    Pre-Run: 27,412,455,424 bytes free
    Post-Run: 28,061,732,864 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 75F5698BA2CE3393975C6EED4653C9BB
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,984
    Download OTS.exe to your Desktop.
    1. Close any open browsers.
    2. If your Real protection or Antivirus interferes with OTS, allow it to run.
    3. Double-click on OTS.exe to start the program.
    4. At the top put a check mark in the box beside "Scan All Users".
    5. Under the Additional Scans section put a check in the box next to Disabled MS Config Items, NetSvcs and EventViewer logs (Last 10 errors)
    6. Now click the Run Scan button on the toolbar.
    7. Let it run unhindered until it finishes.
    8. When the scan is complete Notepad will open with the report file loaded in it.
    9. Save that notepad file.
    Use the Reply button, scroll down to the attachments section and attach the notepad file here.
     
  9. genubi

    genubi Thread Starter

    Joined:
    Oct 12, 2000
    Messages:
    81
    Code:
    OTS logfile created on: 2/2/2013 6:42:15 PM - Run 1
    OTS by OldTimer - Version 3.1.47.2     Folder = C:\Documents and Settings\Mariah\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.53 Gb Total Space | 26.16 Gb Free Space | 35.10% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    Drive F: | 59.83 Mb Total Space | 11.30 Mb Free Space | 18.88% Space Free | Partition Type: FAT
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: PROMETHEUS
    Current User Name: Mariah
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
     
    [Processes - Safe List]
    ots.exe -> C:\Documents and Settings\Mariah\Desktop\OTS.exe -> [2013/02/02 18:40:48 | 000,646,656 | ---- | M] (OldTimer Tools)
    jqs.exe -> C:\Program Files\Java\jre7\bin\jqs.exe -> [2013/01/27 10:40:42 | 000,170,912 | ---- | M] (Oracle Corporation)
    avcenter.exe -> C:\Program Files\Avira\AntiVir Desktop\avcenter.exe -> [2011/06/28 08:27:48 | 000,400,040 | ---- | M] (Avira GmbH)
    avguard.exe -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2011/06/28 08:27:48 | 000,269,480 | ---- | M] (Avira GmbH)
    avshadow.exe -> C:\Program Files\Avira\AntiVir Desktop\avshadow.exe -> [2011/03/28 15:15:53 | 000,076,968 | ---- | M] (Avira GmbH)
    sched.exe -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2011/03/28 15:15:40 | 000,136,360 | ---- | M] (Avira GmbH)
    avgnt.exe -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe -> [2011/03/28 15:15:29 | 000,281,768 | ---- | M] (Avira GmbH)
    explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 18:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)
    apoint.exe -> C:\Program Files\Apoint\Apoint.exe -> [2005/10/07 14:13:38 | 000,176,128 | ---- | M] (Alps Electric Co., Ltd.)
    locationfinder.exe -> C:\Program Files\Microsoft Location Finder\LocationFinder.exe -> [2005/08/24 17:25:00 | 000,101,080 | ---- | M] (Microsoft Corporation)
    hidfind.exe -> C:\Program Files\Apoint\hidfind.exe -> [2004/06/28 23:56:12 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.)
     
    [Modules - No Company Name]
    bcm1xsup.dll -> C:\WINDOWS\system32\bcm1xsup.dll -> [2010/10/29 10:14:12 | 000,761,856 | ---- | M] ()
    pdfmon.dll -> C:\WINDOWS\system32\pdfmon.dll -> [2010/05/20 05:50:54 | 000,040,292 | ---- | M] ()
    yui.dll -> C:\Program Files\Yahoo!\Messenger\yui.dll -> [2010/04/29 15:59:12 | 000,929,792 | ---- | M] ()
    sqlite3.dll -> C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll -> [2010/04/05 19:18:48 | 000,355,688 | ---- | M] ()
     
    [Win32 Services - Safe List]
    (HidServ) Human Interface Device Access [Disabled | Stopped] ->  -> File not found
    (AppMgmt) Application Management [On_Demand | Stopped] ->  -> File not found
    (JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files\Java\jre7\bin\jqs.exe -> [2013/01/27 10:40:42 | 000,170,912 | ---- | M] (Oracle Corporation)
    (AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [On_Demand | Stopped] -> C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -> [2013/01/08 20:40:06 | 000,251,400 | ---- | M] (Adobe Systems Incorporated)
    (AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2011/06/28 08:27:48 | 000,269,480 | ---- | M] (Avira GmbH)
    (AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2011/03/28 15:15:40 | 000,136,360 | ---- | M] (Avira GmbH)
    (ICDSPTSV) Sony SPTI Service for DVE [On_Demand | Stopped] -> C:\WINDOWS\system32\IcdSptSv.exe -> [2009/10/14 18:59:54 | 000,099,688 | R--- | M] (Sony Corporation)
     
    [Driver Services - Safe List]
    (avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2011/06/28 08:27:49 | 000,138,192 | ---- | M] (Avira GmbH)
    (avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\avgntflt.sys -> [2011/06/28 08:27:49 | 000,066,616 | ---- | M] (Avira GmbH)
    (BCM43XX) DW WLAN Card Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\BCMWL5.SYS -> [2010/10/29 10:14:44 | 002,649,216 | ---- | M] (Broadcom Corporation)
    (ssmdrv) ssmdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH)
    (avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH)
    (PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\PalmUSBD.sys -> [2010/03/14 12:15:41 | 000,016,694 | ---- | M] (PalmSource, Inc.)
    (MHIKEY10) MHIKEY10 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\MHIKEY10.sys -> [2008/05/27 02:52:18 | 000,051,072 | ---- | M] (Generic USB smartcard reader)
    (STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sthda.sys -> [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.)
    (b57w2k) Broadcom NetXtreme Gigabit Ethernet [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\b57xp32.sys -> [2005/10/26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation)
    (ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Apfiltr.sys -> [2005/09/28 19:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.)
    (DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -> [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions)
    (DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -> [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions)
    (DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -> [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions)
    (DLABOIOM) DLABOIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLABOIOM.SYS -> [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions)
    (DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -> [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions)
    (DLAPoolM) DLAPoolM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAPoolM.SYS -> [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions)
    (DLADResN) DLADResN [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLADResN.SYS -> [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions)
    (DLACDBHM) DLACDBHM [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLACDBHM.SYS -> [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions)
    (DLARTL_N) DLARTL_N [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLARTL_N.SYS -> [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions)
    (USBCCID) USB Smart Card reader [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\usbccid.sys -> [2005/05/13 17:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation)
    (Afc) PPdus ASPI Shell [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\afc.sys -> [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.)
    (pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pfc.sys -> [2003/09/20 08:45:48 | 000,021,248 | ---- | M] (Padus, Inc.)
    (OMCI) OMCI [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -> [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation)
     
    [Registry - Safe List]
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
    HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.yahoo.com -> 
    < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
    HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
    HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
    HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\] > -> -> 
    HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\: Main\\"Start Page" -> http://www.google.com/ -> 
    HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-us -> 
    HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> DC 03 D0 C8 EF BB CA 01  [binary data] -> 
    HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\: "ProxyEnable" -> 0 -> 
    HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\: "ProxyOverride" -> *.local -> 
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    HKLM\software\mozilla\Firefox\Extensions ->  -> 
    < FireFox Extensions [User Folders] > -> 
    < HOSTS File > ([2013/02/02 17:27:37 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
    Reset Hosts
    127.0.0.1       localhost
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
    {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    {5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> [2005/09/08 04:20:00 | 000,110,652 | ---- | M] (Sonic Solutions)
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre7\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2013/01/27 10:40:43 | 000,461,216 | ---- | M] (Oracle Corporation)
    {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2013/01/27 10:40:42 | 000,170,912 | ---- | M] (Oracle Corporation)
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "Apoint" -> C:\Program Files\Apoint\Apoint.exe [C:\Program Files\Apoint\Apoint.exe] -> [2005/10/07 14:13:38 | 000,176,128 | ---- | M] (Alps Electric Co., Ltd.)
    "avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2011/03/28 15:15:29 | 000,281,768 | ---- | M] (Avira GmbH)
    "BluetoothAuthenticationAgent" -> C:\WINDOWS\System32\bthprops.cpl [rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent] -> [2008/04/13 18:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation)
    "SigmatelSysTrayApp" -> C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe] -> [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.)
    < Run [HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\] > -> HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "Messenger (Yahoo!)" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe ["C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2010/04/29 15:59:14 | 005,248,312 | ---- | M] (Yahoo! Inc.)
    "Microsoft Location Finder" -> C:\Program Files\Microsoft Location Finder\LocationFinder.exe ["C:\Program Files\Microsoft Location Finder\LocationFinder.exe"] -> [2005/08/24 17:25:00 | 000,101,080 | ---- | M] (Microsoft Corporation)
    < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
    < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
    < Mariah Startup Folder > -> C:\Documents and Settings\Mariah\Start Menu\Programs\Startup -> 
    < Michael Startup Folder > -> C:\Documents and Settings\Michael\Start Menu\Programs\Startup -> 
    < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
    < Software Policy Settings [HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005] > -> HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
    < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"HonorAutoRunSetting" ->  [1] -> File not found
    \\"NoCDBurning" ->  [0] -> File not found
    \\"NoDriveAutoRun" ->  [67108863] -> File not found
    \\"NoDriveTypeAutoRun" ->  [323] -> File not found
    \\"NoDrives" ->  [0] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [323] -> File not found
    \\"NoDriveAutoRun" ->  [67108863] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [323] -> File not found
    \\"NoDriveAutoRun" ->  [67108863] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [145] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [145] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005] > -> HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [323] -> File not found
    \\"NoDriveAutoRun" ->  [67108863] -> File not found
    \\"NoDrives" ->  [0] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005] > -> HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> 
    E&xport to Microsoft Excel ->  [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> File not found
    < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> 
    E&xport to Microsoft Excel ->  [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> File not found
    < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ -> 
    Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2012/03/22 14:12:12 | 004,435,968 | ---- | M] (Google Inc.)
    < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ -> 
    Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2012/03/22 14:12:12 | 004,435,968 | ---- | M] (Google Inc.)
    < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\] > -> HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\Software\Microsoft\Internet Explorer\MenuExt\ -> 
    Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2012/03/22 14:12:12 | 004,435,968 | ---- | M] (Google Inc.)
    E&xport to Microsoft Excel ->  [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> File not found
    Google Sidewiki... ->  [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html] -> File not found
    < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\] > -> HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\] > -> HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
    {6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342925172468 [WUWebControl Class] -> 
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342893085875 [MUWebControl Class] -> 
    {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
    {F79364C6-8DF2-4060-BF77-35239AC7BCB1} [HKLM] -> https://briowebprod.syr.edu/InsightInstaller/setup.cab [SetupLauncher Class] -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
    DhcpNameServer -> 192.168.17.1 -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
    {02B0796D-5CC4-4081-ABCD-1C6FF1643C56}\\DhcpNameServer -> 209.18.47.61 209.18.47.62   (Dell Wireless 1490 Dual Band WLAN Mini-Card) -> 
    {57830461-A526-416A-94B1-B5BC1DF3E6BB}\\DhcpNameServer -> 192.168.17.1   (Dell Wireless 1390 WLAN Mini-Card) -> 
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
    Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 18:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
    C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/13 18:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
    "C:\Documents and Settings\Mariah\Local Settings\Temp\7zS0369\setup\hpznui01.exe" ->  [C:\Documents and Settings\Mariah\Local Settings\Temp\7zS0369\setup\hpznui01.exe:*:Enabled:hpznui01.exe] -> File not found
    "C:\Documents and Settings\Mariah\Local Settings\Temp\7zS07DA\setup\hpznui01.exe" ->  [C:\Documents and Settings\Mariah\Local Settings\Temp\7zS07DA\setup\hpznui01.exe:*:Enabled:hpznui01.exe] -> File not found
    "C:\Documents and Settings\Mariah\Local Settings\Temp\7zS3E5F\setup\hpznui01.exe" ->  [C:\Documents and Settings\Mariah\Local Settings\Temp\7zS3E5F\setup\hpznui01.exe:*:Enabled:hpznui01.exe] -> File not found
    "C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" ->  [C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe] -> [2010/01/30 00:13:02 | 000,021,632 | ---- | M] (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2010/01/30 00:13:04 | 001,767,552 | ---- | M] (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" ->  [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe] -> File not found
    "C:\Program Files\HP\HP Software Update\HPWUCli.exe" ->  [C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe] -> File not found
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
    "C:\Program Files\Google\Google Earth\client\googleearth.exe" -> C:\Program Files\Google\Google Earth\client\googleearth.exe [C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth] -> [2011/10/17 13:03:16 | 000,071,680 | ---- | M] (Google)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe] -> [2010/01/30 00:13:02 | 000,021,632 | ---- | M] (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2010/01/30 00:13:04 | 001,767,552 | ---- | M] (Hewlett-Packard Co.)
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2010/04/29 15:59:14 | 005,248,312 | ---- | M] (Yahoo! Inc.)
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 -> 
    "DisplayName" -> CD-ROM Driver -> 
    "ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
    < Drives with AutoRun files > ->  -> 
    C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2010/02/22 18:20:35 | 000,000,000 | ---- | M] ()
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
    comfile [open] -> "%1" %* -> 
    exefile [open] -> "%1" %* -> 
    < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
    .com [@ = ComFile] -> "%1" %* -> 
    .exe [@ = exefile] -> "%1" %* -> 
     
    [Registry - Additional Scans - Safe List]
    < Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
    C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk -> C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe -> [2010/03/14 12:44:01 | 000,028,672 | ---- | M] (DataViz, Inc.)
    C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk -> C:\Program Files\Palm\Hotsync.exe -> [2004/06/09 13:27:34 | 000,471,040 | ---- | M] (PalmSource, Inc)
    C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk -> C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe -> [2006/09/29 11:55:14 | 000,057,344 | ---- | M] (Matsushita Electric Industrial Co., Ltd.)
    < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
    Adobe ARM hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe -> [2012/12/03 02:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated)
    Broadcom Wireless Manager UI hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
    DLA hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
    DVDLauncher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe -> [2005/12/09 20:29:52 | 000,049,152 | ---- | M] (CyberLink Corp.)
    Google Update hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> [2010/02/22 21:50:55 | 000,135,664 | ---- | M] (Google Inc.)
    iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\iTunes\iTunesHelper.exe -> [2011/07/19 17:29:00 | 000,421,736 | ---- | M] (Apple Inc.)
    KernelFaultCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
    Persistence hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
    QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\QuickTime\qttask.exe -> [2010/11/29 16:38:18 | 000,421,888 | ---- | M] (Apple Inc.)
    SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Java\Java Update\jusched.exe -> [2012/07/03 09:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.)
    < Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
    "bootini" -> 0 -> 
    "services" -> 0 -> 
    "startup" -> 2 -> 
    "system.ini" -> 0 -> 
    "win.ini" -> 0 -> 
    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
    *netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
    6to4 ->  -> File not found
    AppMgmt ->  -> File not found
    HidServ ->  -> File not found
    Ias ->  -> File not found
    Iprip ->  -> File not found
    NWCWorkstation ->  -> File not found
    Nwsapagent ->  -> File not found
    WmdmPmSp ->  -> File not found
    *MultiFile Done* -> -> 
    < EventViewer Logs - Last 10 Errors > -> Event Information -> Description
    Application [ Error ] 1/20/2013 9:20:45 PM Computer Name = PROMETHEUS | Source = Application Hang | ID = 1002 -> Description = Hanging application SETUP.EXE, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
    Application [ Error ] 1/20/2013 9:20:46 PM Computer Name = PROMETHEUS | Source = Application Hang | ID = 1001 -> Description = Fault bucket 01973502.
    Application [ Error ] 1/20/2013 9:20:56 PM Computer Name = PROMETHEUS | Source = Application Hang | ID = 1002 -> Description = Hanging application SETUP.EXE, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
    Application [ Error ] 1/20/2013 9:20:58 PM Computer Name = PROMETHEUS | Source = Application Hang | ID = 1001 -> Description = Fault bucket 01973502.
    Application [ Error ] 1/20/2013 10:17:25 PM Computer Name = PROMETHEUS | Source = Application Hang | ID = 1002 -> Description = Hanging application SETUP.EXE, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
    Application [ Error ] 1/20/2013 10:17:44 PM Computer Name = PROMETHEUS | Source = Application Hang | ID = 1002 -> Description = Hanging application SETUP.EXE, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
    Application [ Error ] 1/20/2013 10:17:59 PM Computer Name = PROMETHEUS | Source = Application Hang | ID = 1002 -> Description = Hanging application SETUP.EXE, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
    Application [ Error ] 1/20/2013 11:11:08 PM Computer Name = PROMETHEUS | Source = Application Hang | ID = 1002 -> Description = Hanging application SETUP.EXE, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
    Application [ Error ] 1/25/2013 9:05:15 PM Computer Name = PROMETHEUS | Source = Chrome | ID = 1 -> Description = 
    Application [ Error ] 1/31/2013 9:56:35 PM Computer Name = PROMETHEUS | Source = Application Error | ID = 1000 -> Description = Faulting application wordpad.exe, version 5.1.2600.6010, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
    System [ Error ] 1/27/2013 11:36:29 AM Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error:   %%126
    System [ Error ] 1/27/2013 11:36:29 AM Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error:   %%126
    System [ Error ] 1/27/2013 11:36:29 AM Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error:   %%126
    System [ Error ] 1/27/2013 11:36:29 AM Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error:   %%126
    System [ Error ] 1/27/2013 11:36:29 AM Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error:   %%126
    System [ Error ] 1/27/2013 11:36:29 AM Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error:   %%126
    System [ Error ] 1/28/2013 4:47:28 PM Computer Name = PROMETHEUS | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.1.101 for the Network Card with network address 0016CFAB2718 has been  denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    System [ Error ] 1/28/2013 7:21:41 PM Computer Name = PROMETHEUS | Source = DCOM | ID = 10010 -> Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register with DCOM within the required timeout.
    System [ Error ] 1/29/2013 8:53:38 PM Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7011 -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
    System [ Error ] 2/2/2013 6:23:03 PM Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7034 -> Description = The DW WLAN Tray Service service terminated unexpectedly.  It has done this 1 time(s).
     
    [Files/Folders - Created Within 30 Days]
     OTS.exe -> C:\Documents and Settings\Mariah\Desktop\OTS.exe -> [2013/02/02 18:40:45 | 000,646,656 | ---- | C] (OldTimer Tools)
     cmdcons -> C:\cmdcons -> [2013/02/02 17:22:08 | 000,000,000 | RHSD | C]
     SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2013/02/02 17:20:11 | 000,518,144 | ---- | C] (SteelWerX)
     SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2013/02/02 17:20:11 | 000,406,528 | ---- | C] (SteelWerX)
     SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2013/02/02 17:20:11 | 000,212,480 | ---- | C] (SteelWerX)
     NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2013/02/02 17:20:11 | 000,060,416 | ---- | C] (NirSoft)
     Qoobox -> C:\Qoobox -> [2013/02/02 17:19:30 | 000,000,000 | ---D | C]
     erdnt -> C:\WINDOWS\erdnt -> [2013/02/02 17:19:14 | 000,000,000 | ---D | C]
     puppy.exe -> C:\Documents and Settings\Mariah\Desktop\puppy.exe -> [2013/02/02 17:16:45 | 005,029,149 | R--- | C] (Swearware)
     MC -> C:\Documents and Settings\Mariah\Desktop\MC -> [2013/02/02 12:54:37 | 000,000,000 | ---D | C]
     tdsskiller.exe -> C:\Documents and Settings\Mariah\Desktop\tdsskiller.exe -> [2013/02/02 12:34:17 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO)
     Sun -> C:\Documents and Settings\Mariah\Local Settings\Application Data\Sun -> [2013/02/01 13:50:18 | 000,000,000 | ---D | C]
     Administrative Tools -> C:\Documents and Settings\Mariah\Start Menu\Programs\Administrative Tools -> [2013/01/28 20:40:22 | 000,000,000 | R--D | C]
     Trend Micro -> C:\Program Files\Trend Micro -> [2013/01/27 10:45:06 | 000,000,000 | ---D | C]
     HijackThis -> C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis -> [2013/01/27 10:45:06 | 000,000,000 | ---D | C]
     Java -> C:\Program Files\Common Files\Java -> [2013/01/27 10:41:08 | 000,000,000 | ---D | C]
     javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2013/01/27 10:41:00 | 000,261,024 | ---- | C] (Oracle Corporation)
     javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2013/01/27 10:41:00 | 000,143,872 | ---- | C] (Oracle Corporation)
     javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2013/01/27 10:40:56 | 000,174,496 | ---- | C] (Oracle Corporation)
     java.exe -> C:\WINDOWS\System32\java.exe -> [2013/01/27 10:40:56 | 000,174,496 | ---- | C] (Oracle Corporation)
     WindowsAccessBridge.dll -> C:\WINDOWS\System32\WindowsAccessBridge.dll -> [2013/01/27 10:40:56 | 000,094,112 | ---- | C] (Oracle Corporation)
     Java -> C:\Program Files\Java -> [2013/01/27 10:40:34 | 000,000,000 | ---D | C]
     Old Favorites -> C:\Documents and Settings\Mariah\Desktop\Old Favorites -> [2013/01/27 05:30:40 | 000,000,000 | ---D | C]
     7 C:\Documents and Settings\Mariah\Desktop\*.tmp files -> C:\Documents and Settings\Mariah\Desktop\*.tmp -> 
     3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
     1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
     
    [Files/Folders - Modified Within 30 Days]
     User_Feed_Synchronization-{12D6261B-6524-4ED6-888E-47F687F15403}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{12D6261B-6524-4ED6-888E-47F687F15403}.job -> [2013/02/02 18:42:00 | 000,000,426 | -H-- | M] ()
     OTS.exe -> C:\Documents and Settings\Mariah\Desktop\OTS.exe -> [2013/02/02 18:40:48 | 000,646,656 | ---- | M] (OldTimer Tools)
     GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1005UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1005UA.job -> [2013/02/02 18:39:00 | 000,000,982 | ---- | M] ()
     Adobe Flash Player Updater.job -> C:\WINDOWS\tasks\Adobe Flash Player Updater.job -> [2013/02/02 18:39:00 | 000,000,830 | ---- | M] ()
     GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2013/02/02 18:35:01 | 000,000,888 | ---- | M] ()
     GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1004UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1004UA.job -> [2013/02/02 18:34:00 | 000,000,986 | ---- | M] ()
     hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2013/02/02 17:27:37 | 000,000,027 | ---- | M] ()
     boot.ini -> C:\boot.ini -> [2013/02/02 17:22:12 | 000,000,327 | RHS- | M] ()
     puppy.exe -> C:\Documents and Settings\Mariah\Desktop\puppy.exe -> [2013/02/02 17:16:55 | 005,029,149 | R--- | M] (Swearware)
     IRONMAN.jpg -> C:\Documents and Settings\Mariah\Desktop\IRONMAN.jpg -> [2013/02/01 20:35:07 | 000,021,509 | ---- | M] ()
     perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2013/02/01 13:49:30 | 000,510,766 | ---- | M] ()
     perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2013/02/01 13:49:30 | 000,091,344 | ---- | M] ()
     GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2013/02/01 13:45:25 | 000,000,884 | ---- | M] ()
     pdf995.ini -> C:\WINDOWS\pdf995.ini -> [2013/02/01 13:45:14 | 000,000,254 | ---- | M] ()
     bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2013/02/01 13:45:08 | 000,002,048 | --S- | M] ()
     Google Chrome.lnk -> C:\Documents and Settings\Mariah\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> [2013/01/31 21:07:45 | 000,002,311 | ---- | M] ()
     Google Chrome.lnk -> C:\Documents and Settings\Mariah\Desktop\Google Chrome.lnk -> [2013/01/31 21:07:45 | 000,002,293 | ---- | M] ()
     spider.sav -> C:\Documents and Settings\Mariah\My Documents\spider.sav -> [2013/01/31 20:52:32 | 000,000,412 | ---- | M] ()
     wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2013/01/31 20:20:31 | 000,002,206 | ---- | M] ()
     tdsskiller.exe -> C:\Documents and Settings\Mariah\Desktop\tdsskiller.exe -> [2013/01/29 05:21:48 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO)
     GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1005Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1005Core.job -> [2013/01/27 11:39:00 | 000,000,930 | ---- | M] ()
     GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1004Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1004Core.job -> [2013/01/27 11:34:00 | 000,000,934 | ---- | M] ()
     HijackThis.lnk -> C:\Documents and Settings\Mariah\Desktop\HijackThis.lnk -> [2013/01/27 10:45:06 | 000,001,734 | ---- | M] ()
     WindowsAccessBridge.dll -> C:\WINDOWS\System32\WindowsAccessBridge.dll -> [2013/01/27 10:40:43 | 000,094,112 | ---- | M] (Oracle Corporation)
     npdeployJava1.dll -> C:\WINDOWS\System32\npdeployJava1.dll -> [2013/01/27 10:40:41 | 000,859,552 | ---- | M] (Oracle Corporation)
     javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2013/01/27 10:40:41 | 000,261,024 | ---- | M] (Oracle Corporation)
     javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2013/01/27 10:40:41 | 000,174,496 | ---- | M] (Oracle Corporation)
     java.exe -> C:\WINDOWS\System32\java.exe -> [2013/01/27 10:40:41 | 000,174,496 | ---- | M] (Oracle Corporation)
     javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2013/01/27 10:40:41 | 000,143,872 | ---- | M] (Oracle Corporation)
     deployJava1.dll -> C:\WINDOWS\System32\deployJava1.dll -> [2013/01/27 10:40:40 | 000,780,192 | ---- | M] (Oracle Corporation)
     Before posting a log - Free Antivirus Forum.url -> C:\Documents and Settings\Mariah\Desktop\Before posting a log - Free Antivirus Forum.url -> [2013/01/27 10:28:15 | 000,000,093 | ---- | M] ()
     Malwarebytes Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk -> [2013/01/27 05:44:12 | 000,000,784 | ---- | M] ()
     Lincoln.png -> C:\Documents and Settings\Mariah\Desktop\Lincoln.png -> [2013/01/23 20:13:43 | 000,076,392 | ---- | M] ()
     AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2013/01/22 16:37:00 | 000,000,284 | ---- | M] ()
     My Computer.lnk -> C:\Documents and Settings\Mariah\Desktop\My Computer.lnk -> [2013/01/20 22:50:49 | 000,000,104 | ---- | M] ()
     My Documents.lnk -> C:\Documents and Settings\Mariah\Desktop\My Documents.lnk -> [2013/01/20 22:50:43 | 000,000,340 | ---- | M] ()
     FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2013/01/20 13:26:05 | 000,259,840 | ---- | M] ()
     01172012.wav -> C:\Documents and Settings\Mariah\My Documents\01172012.wav -> [2013/01/17 20:32:41 | 000,099,825 | ---- | M] ()
     imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2013/01/08 22:18:03 | 000,001,355 | ---- | M] ()
     FlashPlayerApp.exe -> C:\WINDOWS\System32\FlashPlayerApp.exe -> [2013/01/08 20:40:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated)
     FlashPlayerCPLApp.cpl -> C:\WINDOWS\System32\FlashPlayerCPLApp.cpl -> [2013/01/08 20:40:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated)
     mshtml.dll -> C:\WINDOWS\System32\dllcache\mshtml.dll -> [2013/01/06 00:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation)
     Pandora One -.url -> C:\Documents and Settings\Mariah\Desktop\Pandora One -.url -> [2013/01/03 20:51:46 | 000,000,049 | ---- | M] ()
     7 C:\Documents and Settings\Mariah\Desktop\*.tmp files -> C:\Documents and Settings\Mariah\Desktop\*.tmp -> 
     3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
     1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
     
    [Files - No Company Name]
     Boot.bak -> C:\Boot.bak -> [2013/02/02 17:22:12 | 000,000,211 | ---- | C] ()
     cmldr -> C:\cmldr -> [2013/02/02 17:22:10 | 000,260,272 | RHS- | C] ()
     PEV.exe -> C:\WINDOWS\PEV.exe -> [2013/02/02 17:20:11 | 000,256,000 | ---- | C] ()
     MBR.exe -> C:\WINDOWS\MBR.exe -> [2013/02/02 17:20:11 | 000,208,896 | ---- | C] ()
     sed.exe -> C:\WINDOWS\sed.exe -> [2013/02/02 17:20:11 | 000,098,816 | ---- | C] ()
     grep.exe -> C:\WINDOWS\grep.exe -> [2013/02/02 17:20:11 | 000,080,412 | ---- | C] ()
     zip.exe -> C:\WINDOWS\zip.exe -> [2013/02/02 17:20:11 | 000,068,096 | ---- | C] ()
     IRONMAN.jpg -> C:\Documents and Settings\Mariah\Desktop\IRONMAN.jpg -> [2013/02/01 20:35:06 | 000,021,509 | ---- | C] ()
     HijackThis.lnk -> C:\Documents and Settings\Mariah\Desktop\HijackThis.lnk -> [2013/01/27 10:45:06 | 000,001,734 | ---- | C] ()
     Before posting a log - Free Antivirus Forum.url -> C:\Documents and Settings\Mariah\Desktop\Before posting a log - Free Antivirus Forum.url -> [2013/01/27 10:28:15 | 000,000,093 | ---- | C] ()
     Malwarebytes Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk -> [2013/01/27 05:44:12 | 000,000,784 | ---- | C] ()
     Lincoln.png -> C:\Documents and Settings\Mariah\Desktop\Lincoln.png -> [2013/01/23 20:13:42 | 000,076,392 | ---- | C] ()
     My Computer.lnk -> C:\Documents and Settings\Mariah\Desktop\My Computer.lnk -> [2013/01/20 22:50:49 | 000,000,104 | ---- | C] ()
     My Documents.lnk -> C:\Documents and Settings\Mariah\Desktop\My Documents.lnk -> [2013/01/20 22:50:43 | 000,000,340 | ---- | C] ()
     01172012.wav -> C:\Documents and Settings\Mariah\My Documents\01172012.wav -> [2013/01/17 20:32:40 | 000,099,825 | ---- | C] ()
     imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2013/01/08 22:18:02 | 000,001,355 | ---- | C] ()
     Pandora One -.url -> C:\Documents and Settings\Mariah\Desktop\Pandora One -.url -> [2013/01/03 20:51:46 | 000,000,049 | ---- | C] ()
     bqformat.ini -> C:\WINDOWS\bqformat.ini -> [2012/03/02 14:08:08 | 000,032,389 | ---- | C] ()
     iacenc.dll -> C:\WINDOWS\System32\iacenc.dll -> [2012/02/14 19:13:47 | 000,003,072 | ---- | C] ()
     EPPICPrinterDB.dat -> C:\WINDOWS\System32\EPPICPrinterDB.dat -> [2012/01/22 13:08:42 | 000,111,932 | ---- | C] ()
     EPPICPattern131.dat -> C:\WINDOWS\System32\EPPICPattern131.dat -> [2012/01/22 13:08:42 | 000,031,053 | ---- | C] ()
     EPPICPattern121.dat -> C:\WINDOWS\System32\EPPICPattern121.dat -> [2012/01/22 13:08:42 | 000,027,417 | ---- | C] ()
     EPPICPattern1.dat -> C:\WINDOWS\System32\EPPICPattern1.dat -> [2012/01/22 13:08:42 | 000,026,154 | ---- | C] ()
     EPPICPattern3.dat -> C:\WINDOWS\System32\EPPICPattern3.dat -> [2012/01/22 13:08:42 | 000,024,903 | ---- | C] ()
     EPPICPattern5.dat -> C:\WINDOWS\System32\EPPICPattern5.dat -> [2012/01/22 13:08:42 | 000,021,390 | ---- | C] ()
     EPPICPattern2.dat -> C:\WINDOWS\System32\EPPICPattern2.dat -> [2012/01/22 13:08:42 | 000,020,148 | ---- | C] ()
     EPPICPattern4.dat -> C:\WINDOWS\System32\EPPICPattern4.dat -> [2012/01/22 13:08:42 | 000,011,811 | ---- | C] ()
     EPPICPattern6.dat -> C:\WINDOWS\System32\EPPICPattern6.dat -> [2012/01/22 13:08:42 | 000,004,943 | ---- | C] ()
     EPPICPresetData_DU.dat -> C:\WINDOWS\System32\EPPICPresetData_DU.dat -> [2012/01/22 13:08:42 | 000,001,146 | ---- | C] ()
     EPPICPresetData_PT.dat -> C:\WINDOWS\System32\EPPICPresetData_PT.dat -> [2012/01/22 13:08:42 | 000,001,139 | ---- | C] ()
     EPPICPresetData_BP.dat -> C:\WINDOWS\System32\EPPICPresetData_BP.dat -> [2012/01/22 13:08:42 | 000,001,139 | ---- | C] ()
     EPPICPresetData_ES.dat -> C:\WINDOWS\System32\EPPICPresetData_ES.dat -> [2012/01/22 13:08:42 | 000,001,136 | ---- | C] ()
     EPPICPresetData_FR.dat -> C:\WINDOWS\System32\EPPICPresetData_FR.dat -> [2012/01/22 13:08:42 | 000,001,129 | ---- | C] ()
     EPPICPresetData_CF.dat -> C:\WINDOWS\System32\EPPICPresetData_CF.dat -> [2012/01/22 13:08:42 | 000,001,129 | ---- | C] ()
     EPPICPresetData_IT.dat -> C:\WINDOWS\System32\EPPICPresetData_IT.dat -> [2012/01/22 13:08:42 | 000,001,120 | ---- | C] ()
     EPPICPresetData_GE.dat -> C:\WINDOWS\System32\EPPICPresetData_GE.dat -> [2012/01/22 13:08:42 | 000,001,107 | ---- | C] ()
     EPPICPresetData_EN.dat -> C:\WINDOWS\System32\EPPICPresetData_EN.dat -> [2012/01/22 13:08:42 | 000,001,104 | ---- | C] ()
     PICSDK.ini -> C:\WINDOWS\System32\PICSDK.ini -> [2012/01/22 13:08:42 | 000,000,097 | ---- | C] ()
     d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2011/06/26 17:15:20 | 000,000,664 | ---- | C] ()
    < End of report >
    
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,984
    Start OTS. Copy/Paste the information in the code box below into the pane where it says "Paste fix here" and then click the "Run Fix" button.

    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here please.

    Code:
    [Kill All Processes]
    [Unregister Dlls]
    [Registry - Safe List]
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    YN -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
    [Files/Folders - Created Within 30 Days]
    NY ->  7 C:\Documents and Settings\Mariah\Desktop\*.tmp files -> C:\Documents and Settings\Mariah\Desktop\*.tmp
    NY ->  3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
    NY ->  1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
    [Empty Temp Folders]
    [EmptyFlash]
    [EmptyJava]
    [Start Explorer]
     
  11. genubi

    genubi Thread Starter

    Joined:
    Oct 12, 2000
    Messages:
    81
    All Processes Killed
    [Registry - Safe List]
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    [Files/Folders - Created Within 30 Days]
    C:\Documents and Settings\Mariah\Desktop\~WRL0681.tmp deleted successfully.
    C:\Documents and Settings\Mariah\Desktop\~WRL1000.tmp deleted successfully.
    C:\Documents and Settings\Mariah\Desktop\~WRL1101.tmp deleted successfully.
    C:\Documents and Settings\Mariah\Desktop\~WRL3051.tmp deleted successfully.
    C:\Documents and Settings\Mariah\Desktop\~WRL3242.tmp deleted successfully.
    C:\Documents and Settings\Mariah\Desktop\~WRL3320.tmp deleted successfully.
    C:\Documents and Settings\Mariah\Desktop\~WRL3997.tmp deleted successfully.
    C:\WINDOWS\SET3.tmp deleted successfully.
    C:\WINDOWS\SET4.tmp deleted successfully.
    C:\WINDOWS\SET8.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    [Empty Temp Folders]


    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Isabella

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 262211 bytes

    User: Mariah
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 10960884 bytes
    ->Java cache emptied: 2946234 bytes
    ->Google Chrome cache emptied: 375467782 bytes
    ->Flash cache emptied: 1942 bytes

    User: Michael
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 5537862 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 199973044 bytes
    ->Flash cache emptied: 757 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 19075 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 568.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User

    User: Isabella

    User: LocalService

    User: Mariah
    ->Flash cache emptied: 0 bytes

    User: Michael
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default User

    User: Isabella

    User: LocalService

    User: Mariah
    ->Java cache emptied: 0 bytes

    User: Michael
    ->Java cache emptied: 0 bytes

    User: NetworkService

    Total Java Files Cleaned = 0.00 mb

    < End of fix log >
    OTS by OldTimer - Version 3.1.47.2 fix logfile created on 02032013_130551

    Files\Folders moved on Reboot...
    File\Folder C:\WINDOWS\temp\HPSLPSVC0003.log not found!

    Registry entries deleted on Reboot...
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,984
    Please download OTL to your Desktop.
    • Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under Custom Scans/Fixes type in Netsvcs
    • Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long.
    • When the scan completes, it will open two Notepad windows called OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy and paste the contents of both of these files here in your next reply.
     
  13. genubi

    genubi Thread Starter

    Joined:
    Oct 12, 2000
    Messages:
    81
    OTL logfile created on: 2/3/2013 1:19:33 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mariah\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.27% Memory free
    3.84 Gb Paging File | 3.21 Gb Available in Paging File | 83.74% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.53 Gb Total Space | 26.71 Gb Free Space | 35.84% Space Free | Partition Type: NTFS
    Drive F: | 59.83 Mb Total Space | 11.30 Mb Free Space | 18.88% Space Free | Partition Type: FAT

    Computer Name: PROMETHEUS | User Name: Mariah | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/03 13:18:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mariah\Desktop\OTL.exe
    PRC - [2013/01/27 10:40:42 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2011/06/28 08:27:48 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/03/28 15:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2011/03/28 15:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/03/28 15:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2008/04/13 18:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/10/07 14:13:38 | 000,176,128 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
    PRC - [2005/08/24 17:25:00 | 000,101,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Location Finder\LocationFinder.exe
    PRC - [2005/07/27 16:41:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
    PRC - [2004/06/28 23:56:12 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010/10/29 10:14:12 | 000,761,856 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
    MOD - [2010/05/20 05:50:54 | 000,040,292 | ---- | M] () -- C:\WINDOWS\system32\pdfmon.dll
    MOD - [2010/04/29 15:59:12 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
    MOD - [2010/04/05 19:18:48 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2013/01/27 10:40:42 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2013/01/08 20:40:06 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2011/06/28 08:27:48 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/03/28 15:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2009/10/14 18:59:54 | 000,099,688 | R--- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Mariah\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2011/06/28 08:27:49 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2011/06/28 08:27:49 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/10/29 10:14:44 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2010/03/14 12:15:41 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
    DRV - [2008/05/27 02:52:18 | 000,051,072 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MHIKEY10.sys -- (MHIKEY10)
    DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2005/10/26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2005/09/28 19:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2005/05/13 17:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
    DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
    DRV - [2003/09/20 08:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
    DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 03 D0 C8 EF BB CA 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {098BD665-C574-4969-91AF-84001FFD14F7}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{098BD665-C574-4969-91AF-84001FFD14F7}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADSA_en
    IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\pdf.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\gears.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    CHR - plugin: BrowserPlus (from Yahoo!) v2.7.1 (Enabled) = C:\Documents and Settings\Mariah\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: Google Search = C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: Gmail = C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2013/02/02 17:27:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKCU..\Run: [Microsoft Location Finder] C:\Program Files\Microsoft Location Finder\LocationFinder.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1342925172468 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1342893085875 (MUWebControl Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} https://briowebprod.syr.edu/InsightInstaller/setup.cab (SetupLauncher Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.17.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02B0796D-5CC4-4081-ABCD-1C6FF1643C56}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57830461-A526-416A-94B1-B5BC1DF3E6BB}: DhcpNameServer = 192.168.17.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/02/22 18:20:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/03 13:18:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mariah\Desktop\OTL.exe
    [2013/02/03 13:05:51 | 000,000,000 | ---D | C] -- C:\_OTS
    [2013/02/02 18:40:45 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mariah\Desktop\OTS.exe
    [2013/02/02 17:22:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2013/02/02 17:20:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2013/02/02 17:20:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2013/02/02 17:20:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2013/02/02 17:20:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2013/02/02 17:19:30 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/02/02 17:19:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2013/02/02 17:16:45 | 005,029,149 | R--- | C] (Swearware) -- C:\Documents and Settings\Mariah\Desktop\puppy.exe
    [2013/02/02 12:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mariah\Desktop\MC
    [2013/02/02 12:34:17 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mariah\Desktop\tdsskiller.exe
    [2013/02/01 13:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mariah\Local Settings\Application Data\Sun
    [2013/01/28 20:40:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mariah\Start Menu\Programs\Administrative Tools
    [2013/01/27 10:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2013/01/27 10:45:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
    [2013/01/27 10:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2013/01/27 10:41:00 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2013/01/27 10:41:00 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
    [2013/01/27 10:40:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2013/01/27 10:40:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2013/01/27 10:40:56 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/01/27 10:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2013/01/27 05:30:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mariah\Desktop\Old Favorites

    ========== Files - Modified Within 30 Days ==========

    [2013/02/03 13:22:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{12D6261B-6524-4ED6-888E-47F687F15403}.job
    [2013/02/03 13:18:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mariah\Desktop\OTL.exe
    [2013/02/03 13:11:30 | 000,510,766 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/02/03 13:11:30 | 000,091,344 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/02/03 13:07:48 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/03 13:07:28 | 000,000,254 | ---- | M] () -- C:\WINDOWS\pdf995.ini
    [2013/02/03 13:07:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/02/02 19:39:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1005UA.job
    [2013/02/02 19:39:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/02/02 19:35:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/02 19:34:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1004UA.job
    [2013/02/02 18:40:48 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mariah\Desktop\OTS.exe
    [2013/02/02 17:27:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2013/02/02 17:22:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2013/02/02 17:16:55 | 005,029,149 | R--- | M] (Swearware) -- C:\Documents and Settings\Mariah\Desktop\puppy.exe
    [2013/02/01 20:35:07 | 000,021,509 | ---- | M] () -- C:\Documents and Settings\Mariah\Desktop\IRONMAN.jpg
    [2013/01/31 21:07:45 | 000,002,311 | ---- | M] () -- C:\Documents and Settings\Mariah\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/01/31 21:07:45 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Mariah\Desktop\Google Chrome.lnk
    [2013/01/31 20:52:32 | 000,000,412 | ---- | M] () -- C:\Documents and Settings\Mariah\My Documents\spider.sav
    [2013/01/31 20:20:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/01/29 05:21:48 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mariah\Desktop\tdsskiller.exe
    [2013/01/27 11:39:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1005Core.job
    [2013/01/27 11:34:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1004Core.job
    [2013/01/27 10:45:06 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Mariah\Desktop\HijackThis.lnk
    [2013/01/27 10:40:43 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/01/27 10:40:41 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
    [2013/01/27 10:40:41 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2013/01/27 10:40:41 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2013/01/27 10:40:41 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2013/01/27 10:40:41 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
    [2013/01/27 10:40:40 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
    [2013/01/27 10:28:15 | 000,000,093 | ---- | M] () -- C:\Documents and Settings\Mariah\Desktop\Before posting a log - Free Antivirus Forum.url
    [2013/01/27 05:44:12 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/23 20:13:43 | 000,076,392 | ---- | M] () -- C:\Documents and Settings\Mariah\Desktop\Lincoln.png
    [2013/01/22 16:37:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2013/01/20 22:50:49 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Mariah\Desktop\My Computer.lnk
    [2013/01/20 22:50:43 | 000,000,340 | ---- | M] () -- C:\Documents and Settings\Mariah\Desktop\My Documents.lnk
    [2013/01/20 13:26:05 | 000,259,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/01/17 20:32:41 | 000,099,825 | ---- | M] () -- C:\Documents and Settings\Mariah\My Documents\01172012.wav
    [2013/01/08 22:18:03 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/01/08 20:40:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/01/08 20:40:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/01/06 00:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

    ========== Files Created - No Company Name ==========

    [2013/02/02 17:22:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2013/02/02 17:22:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2013/02/02 17:20:11 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2013/02/02 17:20:11 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2013/02/02 17:20:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2013/02/02 17:20:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2013/02/02 17:20:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2013/02/01 20:35:06 | 000,021,509 | ---- | C] () -- C:\Documents and Settings\Mariah\Desktop\IRONMAN.jpg
    [2013/01/27 10:45:06 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Mariah\Desktop\HijackThis.lnk
    [2013/01/27 10:28:15 | 000,000,093 | ---- | C] () -- C:\Documents and Settings\Mariah\Desktop\Before posting a log - Free Antivirus Forum.url
    [2013/01/27 05:44:12 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/23 20:13:42 | 000,076,392 | ---- | C] () -- C:\Documents and Settings\Mariah\Desktop\Lincoln.png
    [2013/01/20 22:50:49 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Mariah\Desktop\My Computer.lnk
    [2013/01/20 22:50:43 | 000,000,340 | ---- | C] () -- C:\Documents and Settings\Mariah\Desktop\My Documents.lnk
    [2013/01/17 20:32:40 | 000,099,825 | ---- | C] () -- C:\Documents and Settings\Mariah\My Documents\01172012.wav
    [2013/01/08 22:18:02 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2012/03/02 14:08:08 | 000,032,389 | ---- | C] () -- C:\WINDOWS\bqformat.ini
    [2012/02/14 19:13:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/22 13:08:42 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
    [2012/01/22 13:08:42 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
    [2012/01/22 13:08:42 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
    [2012/01/22 13:08:42 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
    [2012/01/22 13:08:42 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
    [2012/01/22 13:08:42 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
    [2012/01/22 13:08:42 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
    [2012/01/22 13:08:42 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
    [2012/01/22 13:08:42 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
    [2012/01/22 13:08:42 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
    [2012/01/22 13:08:42 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
    [2012/01/22 13:08:42 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
    [2012/01/22 13:08:42 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
    [2012/01/22 13:08:42 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
    [2012/01/22 13:08:42 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
    [2012/01/22 13:08:42 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
    [2012/01/22 13:08:42 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
    [2012/01/22 13:08:42 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
    [2012/01/22 13:08:42 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2011/06/26 17:15:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/05/15 05:45:12 | 000,013,010 | ---- | C] () -- C:\Documents and Settings\Mariah\Application Data\Comma Separated Values (Windows).CAL
    [2010/05/15 05:42:42 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Mariah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2010/05/15 13:58:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/22 00:21:02 | 001,509,888 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >
    OTL Extras logfile created on: 2/3/2013 1:19:33 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mariah\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.27% Memory free
    3.84 Gb Paging File | 3.21 Gb Available in Paging File | 83.74% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.53 Gb Total Space | 26.71 Gb Free Space | 35.84% Space Free | Partition Type: NTFS
    Drive F: | 59.83 Mb Total Space | 11.30 Mb Free Space | 18.88% Space Free | Partition Type: FAT

    Computer Name: PROMETHEUS | User Name: Mariah | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML.Mariah] -- C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
    "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
    "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Documents and Settings\Mariah\Local Settings\Temp\7zS0369\setup\hpznui01.exe" = C:\Documents and Settings\Mariah\Local Settings\Temp\7zS0369\setup\hpznui01.exe:*:Enabled:hpznui01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
    "C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
    "C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe
    "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
    "C:\Documents and Settings\Mariah\Local Settings\Temp\7zS3E5F\setup\hpznui01.exe" = C:\Documents and Settings\Mariah\Local Settings\Temp\7zS3E5F\setup\hpznui01.exe:*:Enabled:hpznui01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
    "C:\Documents and Settings\Mariah\Local Settings\Temp\7zS07DA\setup\hpznui01.exe" = C:\Documents and Settings\Mariah\Local Settings\Temp\7zS07DA\setup\hpznui01.exe:*:Enabled:hpznui01.exe

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
    "{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
    "{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
    "{32EF6F81-583E-4127-918D-D3768A8957C4}" = Palm
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50EE3E64-FE60-4803-BCDC-A8CD6830D185}" = Documents To Go
    "{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
    "{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6
    "{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder
    "{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
    "{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
    "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
    "DW WLAN Card Utility" = DW WLAN Card Utility
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HijackThis" = HijackThis 2.0.2
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Pdf995" = Pdf995
    "PE Builder_is1" = PE Builder v3.1.3
    "Picasa 3" = Picasa 3
    "VLC media player" = VideoLAN VLC media player 0.8.6f
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "f031ef6ac137efc5" = Dell Driver Download Manager
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 1/20/2013 9:20:45 PM | Computer Name = PROMETHEUS | Source = Application Hang | ID = 1002
    Description = Hanging application SETUP.EXE, version 0.0.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 1/20/2013 9:20:46 PM | Computer Name = PROMETHEUS | Source = Application Hang | ID = 1001
    Description = Fault bucket 01973502.

    Error - 1/20/2013 9:20:56 PM | Computer Name = PROMETHEUS | Source = Application Hang | ID = 1002
    Description = Hanging application SETUP.EXE, version 0.0.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 1/20/2013 9:20:58 PM | Computer Name = PROMETHEUS | Source = Application Hang | ID = 1001
    Description = Fault bucket 01973502.

    Error - 1/20/2013 10:17:25 PM | Computer Name = PROMETHEUS | Source = Application Hang | ID = 1002
    Description = Hanging application SETUP.EXE, version 0.0.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 1/20/2013 10:17:44 PM | Computer Name = PROMETHEUS | Source = Application Hang | ID = 1002
    Description = Hanging application SETUP.EXE, version 0.0.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 1/20/2013 10:17:59 PM | Computer Name = PROMETHEUS | Source = Application Hang | ID = 1002
    Description = Hanging application SETUP.EXE, version 0.0.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 1/20/2013 11:11:08 PM | Computer Name = PROMETHEUS | Source = Application Hang | ID = 1002
    Description = Hanging application SETUP.EXE, version 0.0.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 1/25/2013 9:05:15 PM | Computer Name = PROMETHEUS | Source = Chrome | ID = 1
    Description =

    Error - 1/31/2013 9:56:35 PM | Computer Name = PROMETHEUS | Source = Application Error | ID = 1000
    Description = Faulting application wordpad.exe, version 5.1.2600.6010, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    [ System Events ]
    Error - 1/27/2013 11:36:29 AM | Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 1/27/2013 11:36:29 AM | Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 1/27/2013 11:36:29 AM | Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 1/28/2013 4:47:28 PM | Computer Name = PROMETHEUS | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.101 for the Network Card with network
    address 0016CFAB2718 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 1/28/2013 7:21:41 PM | Computer Name = PROMETHEUS | Source = DCOM | ID = 10010
    Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
    with DCOM within the required timeout.

    Error - 1/29/2013 8:53:38 PM | Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the WZCSVC service.

    Error - 2/2/2013 6:23:03 PM | Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7034
    Description = The DW WLAN Tray Service service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 2/3/2013 2:05:52 PM | Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 2/3/2013 2:05:52 PM | Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7034
    Description = The Bonjour Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 2/3/2013 2:05:52 PM | Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7034
    Description = The Java Quick Starter service terminated unexpectedly. It has done
    this 1 time(s).


    < End of report >
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,984
    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following code box into the main text field:
      Code:
      :filefind
      *81591274*
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  15. genubi

    genubi Thread Starter

    Joined:
    Oct 12, 2000
    Messages:
    81
    SystemLook 30.07.11 by jpshortstuff
    Log created at 16:56 on 03/02/2013 by Mariah
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*81591274*"
    No files found.

    -= EOF =-
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1087360

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice