Virus attack on second computer

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

genubi

Thread Starter
Joined
Oct 12, 2000
Messages
107
I am being helped on my primary computer. But both got this nasty bug. It was from an email that I opened and clicked to download. Avira cleaned much of it up, but I am afraid it is still compromised. I saw that I had the JS/redirect and the Lamar.QJ.4 bugs.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz, x86 Family 6 Model 15 Stepping 6
Processor Count: 2
RAM: 2038 Mb
Graphics Card: Mobile Intel(R) 945GM Express Chipset Family, 224 Mb
Hard Drives: C: Total - 76316 MB, Free - 26383 MB;
Motherboard: Dell Inc., 0TD761
Antivirus: AntiVir Desktop, Updated: Yes, On-Demand Scanner: Enabled

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:23 PM, on 1/28/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office10\1033\MSOHELP.EXE
C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\calc.exe
C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WinCalendar] "C:\Program Files\Sapro Systems WinCalendar\WinCalendar_SysTray.exe /q /c"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1342925172468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1342893085875
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} (SetupLauncher Class) - https://briowebprod.syr.edu/InsightInstaller/setup.cab
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8514 bytes

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.11.2
Run by Mariah at 20:40:22 on 2013-01-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.864 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office10\1033\MSOHELP.EXE
C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\calc.exe
C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Mariah\My Documents\Downloads\SysInfo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\mariah\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WinCalendar] "c:\program files\sapro systems wincalendar\WinCalendar_SysTray.exe /q /c"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Microsoft Location Finder] "c:\program files\microsoft location finder\LocationFinder.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342925172468
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342893085875
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} - hxxps://briowebprod.syr.edu/InsightInstaller/setup.cab
TCP: NameServer = 192.168.17.1
TCP: Interfaces\{02B0796D-5CC4-4081-ABCD-1C6FF1643C56} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{57830461-A526-416A-94B1-B5BC1DF3E6BB} : DHCPNameServer = 192.168.17.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-2-22 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-2-22 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-2-22 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-22 66616]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2008-5-27 51072]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-01-27 15:45:06 -------- d-----w- c:\program files\Trend Micro
2013-01-27 15:41:00 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-27 15:40:56 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2013-01-27 15:40:41 859552 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-27 15:40:40 780192 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-09 01:40:06 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 01:40:06 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 20:40:54.10 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/22/2010 6:22:40 PM
System Uptime: 1/28/2013 5:16:37 AM (15 hours ago)
.
Motherboard: Dell Inc. | | 0TD761
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 1657/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 25.761 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C4700 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet 4620 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Officejet 4620 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
==== System Restore Points ===================
.
RP468: 10/31/2012 7:28:43 PM - System Checkpoint
RP469: 11/1/2012 8:38:17 PM - System Checkpoint
RP470: 11/2/2012 10:55:03 PM - System Checkpoint
RP471: 11/4/2012 7:41:23 PM - System Checkpoint
RP472: 11/5/2012 8:03:54 PM - System Checkpoint
RP473: 11/6/2012 8:32:02 PM - System Checkpoint
RP474: 11/8/2012 9:41:44 AM - System Checkpoint
RP475: 11/9/2012 8:54:31 PM - System Checkpoint
RP476: 11/11/2012 12:00:51 PM - System Checkpoint
RP477: 11/13/2012 5:59:13 PM - System Checkpoint
RP478: 11/14/2012 10:46:26 PM - System Checkpoint
RP479: 11/15/2012 9:02:35 AM - Software Distribution Service 3.0
RP480: 11/16/2012 8:18:38 PM - System Checkpoint
RP481: 11/18/2012 1:30:19 PM - System Checkpoint
RP482: 12/1/2012 8:23:24 AM - System Checkpoint
RP483: 12/2/2012 11:19:23 AM - System Checkpoint
RP484: 12/3/2012 7:42:07 PM - System Checkpoint
RP485: 12/5/2012 6:43:37 PM - System Checkpoint
RP486: 12/8/2012 10:09:04 AM - System Checkpoint
RP487: 12/9/2012 12:28:28 PM - System Checkpoint
RP488: 12/10/2012 9:40:42 PM - System Checkpoint
RP489: 12/12/2012 8:33:57 AM - Software Distribution Service 3.0
RP490: 12/15/2012 8:18:30 PM - System Checkpoint
RP491: 12/16/2012 8:40:20 PM - System Checkpoint
RP492: 12/19/2012 6:17:46 PM - System Checkpoint
RP493: 12/20/2012 10:51:24 PM - System Checkpoint
RP494: 12/21/2012 12:18:13 PM - Software Distribution Service 3.0
RP495: 12/22/2012 1:43:26 PM - System Checkpoint
RP496: 12/23/2012 4:04:14 PM - System Checkpoint
RP497: 12/24/2012 10:21:15 PM - System Checkpoint
RP498: 12/26/2012 9:17:48 AM - System Checkpoint
RP499: 12/27/2012 1:05:15 PM - System Checkpoint
RP500: 12/28/2012 10:47:37 PM - System Checkpoint
RP501: 12/29/2012 11:44:11 PM - System Checkpoint
RP502: 12/31/2012 11:41:57 AM - System Checkpoint
RP503: 1/1/2013 12:00:39 PM - System Checkpoint
RP504: 1/2/2013 3:42:18 PM - System Checkpoint
RP505: 1/3/2013 6:20:29 PM - System Checkpoint
RP506: 1/3/2013 10:23:49 PM - Software Distribution Service 3.0
RP507: 1/5/2013 10:10:52 AM - System Checkpoint
RP508: 1/6/2013 11:35:29 AM - System Checkpoint
RP509: 1/7/2013 8:46:14 PM - System Checkpoint
RP510: 1/8/2013 10:15:46 PM - Software Distribution Service 3.0
RP511: 1/10/2013 7:04:33 PM - System Checkpoint
RP512: 1/11/2013 10:19:44 PM - System Checkpoint
RP513: 1/12/2013 11:52:08 PM - System Checkpoint
RP514: 1/14/2013 10:47:04 PM - System Checkpoint
RP515: 1/15/2013 10:36:05 AM - Software Distribution Service 3.0
RP516: 1/17/2013 6:51:33 PM - System Checkpoint
RP517: 1/20/2013 12:06:09 PM - System Checkpoint
RP518: 1/20/2013 1:22:01 PM - Removed Microsoft Office Professional Edition 2003
RP519: 1/20/2013 10:11:43 PM - Software Distribution Service 3.0
RP520: 1/22/2013 12:27:48 PM - System Checkpoint
RP521: 1/23/2013 5:31:35 PM - System Checkpoint
RP522: 1/25/2013 1:20:09 PM - System Checkpoint
RP523: 1/26/2013 2:31:34 PM - System Checkpoint
RP524: 1/27/2013 10:35:28 AM - Removed Java(TM) 6 Update 33
RP525: 1/27/2013 10:40:33 AM - Installed Java 7 Update 11
RP526: 1/28/2013 5:14:58 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.01)
Adobe Shockwave Player 11.5
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Auslogics Disk Defrag
Avira AntiVir Personal - Free Antivirus
Bonjour
Broadcom Gigabit Integrated Controller
CCleaner
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Dell Driver Download Manager
Dell ResourceCD
Digital Voice Editor 3
Documents To Go
DW WLAN Card Utility
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6
Intel(R) Graphics Media Accelerator Driver
iTunes
Java 7 Update 11
Java Auto Updater
LUMIX Simple Viewer
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Location Finder
Microsoft Office File Validation Add-In
Microsoft Silverlight
Microsoft Streets & Trips 2006
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
Palm
Pdf995
PE Builder v3.1.3
PHOTOfunSTUDIO -viewer-
Picasa 3
PowerDVD 5.7
PS_AIO_06_C4700_SW_Min
QuickTime
Roxio DLA
Roxio Express Labeler
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Toolbox
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
VideoLAN VLC media player 0.8.6f
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
1/28/2013 3:47:28 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0016CFAB2718 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/27/2013 10:36:19 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================
GMER 2.0.18454 - http://www.gmer.net
Rootkit scan 2013-01-29 05:18:17
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS722080K9A300 rev.DCBOC54P 74.53GB
Running: wcq04ney.exe; Driver: C:\DOCUME~1\Mariah\LOCALS~1\Temp\uglcqfoc.sys


---- System - GMER 2.0 ----

SSDT BA7AA6DC ZwClose
SSDT BA7AA696 ZwCreateKey
SSDT BA7AA6E6 ZwCreateSection
SSDT BA7AA68C ZwCreateThread
SSDT BA7AA69B ZwDeleteKey
SSDT BA7AA6A5 ZwDeleteValueKey
SSDT BA7AA6D7 ZwDuplicateObject
SSDT BA7AA6AA ZwLoadKey
SSDT BA7AA678 ZwOpenProcess
SSDT BA7AA67D ZwOpenThread
SSDT BA7AA6B4 ZwReplaceKey
SSDT BA7AA6AF ZwRestoreKey
SSDT BA7AA6EB ZwSetContextThread
SSDT BA7AA6A0 ZwSetValueKey
SSDT BA7AA687 ZwTerminateProcess

---- Kernel code sections - GMER 2.0 ----

? C:\DOCUME~1\Mariah\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 2.0 ----

.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 2C, 56, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 2F, 56, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 2C, 56, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 2D, 56, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912C46
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 2E, 56, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 2D, 56, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 2E, 56, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912CB7
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 2C, 56, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912DE5
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 2D, 56, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 2E, 56, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 2F, 56, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A4, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, A7, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A4, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A5, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912BBE
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, A6, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A5, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, A6, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912C2F
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A4, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912D5D
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A5, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, A6, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, A7, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[220] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 24, 25, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 27, 25, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 24, 25, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 25, 25, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90FB3E
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 26, 25, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 25, 25, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 26, 25, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90FBAF
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 24, 25, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90FCDD
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 25, 25, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 26, 25, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 27, 25, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 2C, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 2F, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 2C, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 2D, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912B46
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 2E, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 2D, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 2E, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912BB7
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 2C, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912CE5
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 2D, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 2E, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 2F, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2124] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2144] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2144] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E75C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, BC, D7, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, BF, D7, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, BC, D7, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, BD, D7, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91ADD6
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, BE, D7, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, BD, D7, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, BE, D7, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91AE47
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, BC, D7, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91AF75
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, BD, D7, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, BE, D7, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, BF, D7, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 3E, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 3E, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 3E, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 3E, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91141A
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 3E, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 3E, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 3E, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91148B
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 3E, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9115B9
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 3E, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 3E, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 3E, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A8, 94, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, AB, 94, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A8, 94, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A9, 94, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B916AC2
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, AA, 94, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A9, 94, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, AA, 94, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B916B33
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A8, 94, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916C61
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A9, 94, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, AA, 94, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, AB, 94, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3216] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, D4, D8, 00] {SUB AH, DL; FADD DWORD [EAX]}
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, D7, D8, 00] {SUB BH, DL; FADD DWORD [EAX]}
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, D4, D8, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, D5, D8, 00] {TEST AL, 0xd5; FADD DWORD [EAX]}
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91AEEE
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, D6, D8, 00] {TEST AL, 0xd6; FADD DWORD [EAX]}
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, D5, D8, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, D6, D8, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91AF5F
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, D4, D8, 00] {TEST AL, 0xd4; FADD DWORD [EAX]}
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91B08D
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, D5, D8, 00] {SUB CH, DL; FADD DWORD [EAX]}
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, D6, D8, 00] {SUB DH, DL; FADD DWORD [EAX]}
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, D7, D8, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C8, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, CB, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C8, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C9, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912BE2
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, CA, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C9, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, CA, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912C53
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C8, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912D81
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C9, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, CA, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, CB, 55, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 70, 7E, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 73, 7E, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 70, 7E, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 71, 7E, 00] {TEST AL, 0x71; JLE 0x4}
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91548A
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 72, 7E, 00] {TEST AL, 0x72; JLE 0x4}
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 71, 7E, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 72, 7E, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9154FB
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 70, 7E, 00] {TEST AL, 0x70; JLE 0x4}
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B915629
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 71, 7E, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 72, 7E, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 73, 7E, 00]
.text C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3992] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641a2e441
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001641a2e441 (not active ControlSet)

---- EOF - GMER 2.0 ----
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
wait until the helper has cleaned your first computer and tell her about this one
I will close this thread until that has been done to prevent confusion. It always causes immense confusion and major problems when you different helpers working on multiple computers in the same household or with same poster
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,548
I've reopened this thread to start working on this second computer.

Please go here and download the TDSSKiller.exe to your desktop.
  • Double-click to TDSSKiller.exe on your desktop to run it.
  • Click on Start Scan
  • As we don't want to fix anything yet, if any malicious objects are detected, do NOT select Cure but select Skip instead.
It will produce a log once it finishes in the root drive which should look like this example:

C:\TDSSKiller.<version_date_time>log.txt

Please copy and paste the contents of that log in your next reply.
 

genubi

Thread Starter
Joined
Oct 12, 2000
Messages
107
12:34:25.0703 2888 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:34:26.0156 2888 ============================================================
12:34:26.0156 2888 Current date / time: 2013/02/02 12:34:26.0156
12:34:26.0156 2888 SystemInfo:
12:34:26.0156 2888
12:34:26.0156 2888 OS Version: 5.1.2600 ServicePack: 3.0
12:34:26.0156 2888 Product type: Workstation
12:34:26.0156 2888 ComputerName: PROMETHEUS
12:34:26.0156 2888 UserName: Mariah
12:34:26.0156 2888 Windows directory: C:\WINDOWS
12:34:26.0156 2888 System windows directory: C:\WINDOWS
12:34:26.0156 2888 Processor architecture: Intel x86
12:34:26.0156 2888 Number of processors: 2
12:34:26.0156 2888 Page size: 0x1000
12:34:26.0156 2888 Boot type: Normal boot
12:34:26.0156 2888 ============================================================
12:34:28.0265 2888 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:34:28.0281 2888 Drive \Device\Harddisk1\DR2 - Size: 0xF600000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:34:28.0281 2888 ============================================================
12:34:28.0281 2888 \Device\Harddisk0\DR0:
12:34:28.0281 2888 MBR partitions:
12:34:28.0281 2888 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
12:34:28.0281 2888 \Device\Harddisk1\DR2:
12:34:28.0281 2888 MBR partitions:
12:34:28.0281 2888 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x7ADE0
12:34:28.0281 2888 ============================================================
12:34:28.0312 2888 C: <-> \Device\Harddisk0\DR0\Partition1
12:34:28.0312 2888 ============================================================
12:34:28.0312 2888 Initialize success
12:34:28.0312 2888 ============================================================
12:34:34.0187 4084 ============================================================
12:34:34.0187 4084 Scan started
12:34:34.0187 4084 Mode: Manual;
12:34:34.0187 4084 ============================================================
12:34:34.0515 4084 ================ Scan system memory ========================
12:34:34.0515 4084 System memory - ok
12:34:34.0515 4084 ================ Scan services =============================
12:34:34.0593 4084 Abiosdsk - ok
12:34:34.0593 4084 abp480n5 - ok
12:34:34.0640 4084 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:34:34.0687 4084 ACPI - ok
12:34:34.0718 4084 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:34:34.0734 4084 ACPIEC - ok
12:34:34.0812 4084 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:34:34.0843 4084 AdobeFlashPlayerUpdateSvc - ok
12:34:34.0843 4084 adpu160m - ok
12:34:34.0906 4084 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:34:34.0937 4084 aec - ok
12:34:34.0968 4084 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys
12:34:35.0015 4084 Afc - ok
12:34:35.0046 4084 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:34:35.0093 4084 AFD - ok
12:34:35.0093 4084 Aha154x - ok
12:34:35.0093 4084 aic78u2 - ok
12:34:35.0109 4084 aic78xx - ok
12:34:35.0125 4084 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:34:35.0156 4084 Alerter - ok
12:34:35.0187 4084 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
12:34:35.0218 4084 ALG - ok
12:34:35.0218 4084 AliIde - ok
12:34:35.0234 4084 amsint - ok
12:34:35.0312 4084 [ B4837FE56D76B2E9EA90E5365CF6A2BE ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:34:35.0359 4084 AntiVirSchedulerService - ok
12:34:35.0390 4084 [ DF5A3016052755C910A206058B4A1729 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:34:35.0406 4084 AntiVirService - ok
12:34:35.0453 4084 [ 090880E9BF20F928BC341F96D27C019E ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
12:34:35.0484 4084 ApfiltrService - ok
12:34:35.0531 4084 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:34:35.0578 4084 Apple Mobile Device - ok
12:34:35.0578 4084 AppMgmt - ok
12:34:35.0578 4084 asc - ok
12:34:35.0593 4084 asc3350p - ok
12:34:35.0593 4084 asc3550 - ok
12:34:35.0687 4084 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:34:35.0703 4084 aspnet_state - ok
12:34:35.0750 4084 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:34:35.0765 4084 AsyncMac - ok
12:34:35.0796 4084 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:34:35.0796 4084 atapi - ok
12:34:35.0796 4084 Atdisk - ok
12:34:35.0828 4084 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:34:35.0859 4084 Atmarpc - ok
12:34:35.0906 4084 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:34:35.0937 4084 AudioSrv - ok
12:34:35.0953 4084 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:34:35.0984 4084 audstub - ok
12:34:36.0015 4084 [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio C:\Program Files\Avira\AntiVir Desktop\avgio.sys
12:34:36.0046 4084 avgio - ok
12:34:36.0062 4084 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
12:34:36.0093 4084 avgntflt - ok
12:34:36.0125 4084 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
12:34:36.0156 4084 avipbb - ok
12:34:36.0203 4084 [ C0ACD392ECE55784884CC208AAFA06CE ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
12:34:36.0218 4084 b57w2k - ok
12:34:36.0359 4084 [ 345D38F298368DD6B0DF5C4F37457A22 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
12:34:36.0453 4084 BCM43XX - ok
12:34:36.0500 4084 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:34:36.0500 4084 Beep - ok
12:34:36.0562 4084 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:34:36.0703 4084 BITS - ok
12:34:36.0781 4084 [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:34:36.0812 4084 Bonjour Service - ok
12:34:36.0859 4084 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
12:34:36.0890 4084 Browser - ok
12:34:36.0921 4084 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
12:34:36.0937 4084 BthEnum - ok
12:34:36.0953 4084 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
12:34:36.0984 4084 BthPan - ok
12:34:37.0015 4084 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
12:34:37.0062 4084 BTHPORT - ok
12:34:37.0078 4084 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
12:34:37.0109 4084 BthServ - ok
12:34:37.0125 4084 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
12:34:37.0156 4084 BTHUSB - ok
12:34:37.0187 4084 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:34:37.0203 4084 cbidf2k - ok
12:34:37.0203 4084 cd20xrnt - ok
12:34:37.0234 4084 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:34:37.0265 4084 Cdaudio - ok
12:34:37.0296 4084 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:34:37.0328 4084 Cdfs - ok
12:34:37.0359 4084 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:34:37.0390 4084 Cdrom - ok
12:34:37.0390 4084 cerc6 - ok
12:34:37.0406 4084 Changer - ok
12:34:37.0421 4084 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:34:37.0437 4084 CiSvc - ok
12:34:37.0453 4084 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:34:37.0468 4084 ClipSrv - ok
12:34:37.0515 4084 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:34:37.0531 4084 clr_optimization_v2.0.50727_32 - ok
12:34:37.0625 4084 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:34:37.0656 4084 clr_optimization_v4.0.30319_32 - ok
12:34:37.0703 4084 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:34:37.0718 4084 CmBatt - ok
12:34:37.0734 4084 CmdIde - ok
12:34:37.0734 4084 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:34:37.0750 4084 Compbatt - ok
12:34:37.0750 4084 COMSysApp - ok
12:34:37.0765 4084 Cpqarray - ok
12:34:37.0796 4084 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:34:37.0906 4084 CryptSvc - ok
12:34:37.0906 4084 dac2w2k - ok
12:34:37.0921 4084 dac960nt - ok
12:34:38.0015 4084 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:34:38.0031 4084 DcomLaunch - ok
12:34:38.0062 4084 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:34:38.0093 4084 Dhcp - ok
12:34:38.0125 4084 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:34:38.0156 4084 Disk - ok
12:34:38.0203 4084 [ E2D0DE31442390C35E3163C87CB6A9EB ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
12:34:38.0234 4084 DLABOIOM - ok
12:34:38.0234 4084 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
12:34:38.0265 4084 DLACDBHM - ok
12:34:38.0281 4084 [ 83545593E297F50A8E2524B4C071A153 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
12:34:38.0312 4084 DLADResN - ok
12:34:38.0328 4084 [ 96E01D901CDC98C7817155CC057001BF ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
12:34:38.0375 4084 DLAIFS_M - ok
12:34:38.0375 4084 [ 0A60A39CC5E767980A31CA5D7238DFA9 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
12:34:38.0406 4084 DLAOPIOM - ok
12:34:38.0406 4084 [ 9FE2B72558FC808357F427FD83314375 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
12:34:38.0437 4084 DLAPoolM - ok
12:34:38.0437 4084 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
12:34:38.0468 4084 DLARTL_N - ok
12:34:38.0468 4084 [ F08E1DAFAC457893399E03430A6A1397 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
12:34:38.0500 4084 DLAUDFAM - ok
12:34:38.0500 4084 [ E7D105ED1E694449D444A9933DF8E060 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
12:34:38.0531 4084 DLAUDF_M - ok
12:34:38.0531 4084 dmadmin - ok
12:34:38.0578 4084 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:34:38.0625 4084 dmboot - ok
12:34:38.0656 4084 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:34:38.0671 4084 dmio - ok
12:34:38.0703 4084 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:34:38.0718 4084 dmload - ok
12:34:38.0750 4084 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:34:38.0765 4084 dmserver - ok
12:34:38.0812 4084 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:34:38.0843 4084 DMusic - ok
12:34:38.0875 4084 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:34:38.0921 4084 Dnscache - ok
12:34:38.0937 4084 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:34:38.0968 4084 Dot3svc - ok
12:34:38.0968 4084 dpti2o - ok
12:34:38.0984 4084 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:34:39.0015 4084 drmkaud - ok
12:34:39.0046 4084 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
12:34:39.0062 4084 DRVMCDB - ok
12:34:39.0078 4084 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
12:34:39.0109 4084 DRVNDDM - ok
12:34:39.0140 4084 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:34:39.0156 4084 EapHost - ok
12:34:39.0187 4084 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:34:39.0218 4084 ERSvc - ok
12:34:39.0250 4084 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:34:39.0296 4084 Eventlog - ok
12:34:39.0343 4084 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
12:34:39.0375 4084 EventSystem - ok
12:34:39.0406 4084 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:34:39.0453 4084 Fastfat - ok
12:34:39.0484 4084 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:34:39.0531 4084 FastUserSwitchingCompatibility - ok
12:34:39.0546 4084 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
12:34:39.0578 4084 Fdc - ok
12:34:39.0609 4084 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:34:39.0640 4084 Fips - ok
12:34:39.0640 4084 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:34:39.0671 4084 Flpydisk - ok
12:34:39.0718 4084 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:34:39.0750 4084 FltMgr - ok
12:34:39.0781 4084 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:34:39.0828 4084 FontCache3.0.0.0 - ok
12:34:39.0828 4084 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:34:39.0843 4084 Fs_Rec - ok
12:34:39.0890 4084 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:34:39.0921 4084 Ftdisk - ok
12:34:39.0968 4084 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:34:39.0984 4084 GEARAspiWDM - ok
12:34:40.0031 4084 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:34:40.0046 4084 Gpc - ok
12:34:40.0125 4084 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:34:40.0156 4084 gupdate - ok
12:34:40.0156 4084 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:34:40.0171 4084 gupdatem - ok
12:34:40.0203 4084 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:34:40.0234 4084 gusvc - ok
12:34:40.0281 4084 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:34:40.0312 4084 HDAudBus - ok
12:34:40.0390 4084 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:34:40.0390 4084 helpsvc - ok
12:34:40.0406 4084 HidServ - ok
12:34:40.0437 4084 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:34:40.0453 4084 HidUsb - ok
12:34:40.0484 4084 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:34:40.0515 4084 hkmsvc - ok
12:34:40.0515 4084 hpn - ok
12:34:40.0625 4084 [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
12:34:40.0640 4084 HPSLPSVC - ok
12:34:40.0687 4084 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:34:40.0703 4084 HPZid412 - ok
12:34:40.0718 4084 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:34:40.0734 4084 HPZipr12 - ok
12:34:40.0750 4084 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:34:40.0765 4084 HPZius12 - ok
12:34:40.0828 4084 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
12:34:40.0890 4084 HSF_DPV - ok
12:34:40.0921 4084 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
12:34:40.0953 4084 HSXHWAZL - ok
12:34:41.0000 4084 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:34:41.0046 4084 HTTP - ok
12:34:41.0062 4084 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:34:41.0109 4084 HTTPFilter - ok
12:34:41.0109 4084 i2omgmt - ok
12:34:41.0109 4084 i2omp - ok
12:34:41.0140 4084 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:34:41.0171 4084 i8042prt - ok
12:34:41.0406 4084 [ E8C7CC369C2FB657E0792AF70DF529E6 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:34:41.0703 4084 ialm - ok
12:34:41.0734 4084 [ 17C3EC352DFABE0670E5A3AFD750891B ] ICDSPTSV C:\WINDOWS\system32\IcdSptSv.exe
12:34:41.0890 4084 ICDSPTSV - ok
12:34:41.0937 4084 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:34:41.0968 4084 IDriverT - ok
12:34:42.0046 4084 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:34:42.0140 4084 idsvc - ok
12:34:42.0156 4084 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:34:42.0171 4084 Imapi - ok
12:34:42.0218 4084 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:34:42.0265 4084 ImapiService - ok
12:34:42.0265 4084 ini910u - ok
12:34:42.0281 4084 IntelIde - ok
12:34:42.0312 4084 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:34:42.0343 4084 intelppm - ok
12:34:42.0375 4084 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:34:42.0375 4084 Ip6Fw - ok
12:34:42.0390 4084 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:34:42.0421 4084 IpFilterDriver - ok
12:34:42.0437 4084 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:34:42.0453 4084 IpInIp - ok
12:34:42.0484 4084 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:34:42.0531 4084 IpNat - ok
12:34:42.0593 4084 [ 3A6D4D8ABACF64292D060C9E06D2050D ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:34:42.0656 4084 iPod Service - ok
12:34:42.0687 4084 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:34:42.0718 4084 IPSec - ok
12:34:42.0734 4084 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:34:42.0750 4084 IRENUM - ok
12:34:42.0796 4084 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:34:42.0828 4084 isapnp - ok
12:34:42.0906 4084 [ 7FBFEEE245821925129C9F86470BF33C ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
12:34:42.0937 4084 JavaQuickStarterService - ok
12:34:42.0984 4084 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:34:43.0015 4084 Kbdclass - ok
12:34:43.0046 4084 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:34:43.0062 4084 kmixer - ok
12:34:43.0093 4084 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:34:43.0125 4084 KSecDD - ok
12:34:43.0171 4084 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
12:34:43.0203 4084 LanmanServer - ok
12:34:43.0250 4084 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:34:43.0265 4084 lanmanworkstation - ok
12:34:43.0265 4084 lbrtfdc - ok
12:34:43.0312 4084 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:34:43.0328 4084 LmHosts - ok
12:34:43.0406 4084 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
12:34:43.0437 4084 MDM - ok
12:34:43.0453 4084 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:34:43.0468 4084 mdmxsdk - ok
12:34:43.0500 4084 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:34:43.0515 4084 Messenger - ok
12:34:43.0546 4084 [ 8143E6203E5765ED9F7E6DAE57CEC8D3 ] MHIKEY10 C:\WINDOWS\system32\Drivers\MHIKEY10.sys
12:34:43.0578 4084 MHIKEY10 - ok
12:34:43.0625 4084 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:34:43.0640 4084 mnmdd - ok
12:34:43.0671 4084 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:34:43.0703 4084 mnmsrvc - ok
12:34:43.0734 4084 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:34:43.0750 4084 Modem - ok
12:34:43.0781 4084 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:34:43.0812 4084 Mouclass - ok
12:34:43.0843 4084 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:34:43.0859 4084 mouhid - ok
12:34:43.0890 4084 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:34:43.0906 4084 MountMgr - ok
12:34:43.0921 4084 mraid35x - ok
12:34:43.0937 4084 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:34:43.0968 4084 MRxDAV - ok
12:34:44.0031 4084 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:34:44.0078 4084 MRxSmb - ok
12:34:44.0109 4084 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:34:44.0140 4084 MSDTC - ok
12:34:44.0171 4084 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:34:44.0203 4084 Msfs - ok
12:34:44.0203 4084 MSIServer - ok
12:34:44.0218 4084 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:34:44.0250 4084 MSKSSRV - ok
12:34:44.0265 4084 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:34:44.0296 4084 MSPCLOCK - ok
12:34:44.0312 4084 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:34:44.0343 4084 MSPQM - ok
12:34:44.0375 4084 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:34:44.0390 4084 mssmbios - ok
12:34:44.0406 4084 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:34:44.0437 4084 Mup - ok
12:34:44.0468 4084 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:34:44.0500 4084 napagent - ok
12:34:44.0531 4084 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:34:44.0562 4084 NDIS - ok
12:34:44.0593 4084 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:34:44.0625 4084 NdisTapi - ok
12:34:44.0656 4084 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:34:44.0687 4084 Ndisuio - ok
12:34:44.0703 4084 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:34:44.0718 4084 NdisWan - ok
12:34:44.0718 4084 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:34:44.0750 4084 NDProxy - ok
12:34:44.0781 4084 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
12:34:44.0812 4084 Net Driver HPZ12 - ok
12:34:44.0843 4084 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:34:44.0859 4084 NetBIOS - ok
12:34:44.0890 4084 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:34:44.0937 4084 NetBT - ok
12:34:44.0953 4084 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
12:34:44.0984 4084 NetDDE - ok
12:34:44.0984 4084 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:34:44.0984 4084 NetDDEdsdm - ok
12:34:45.0015 4084 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:34:45.0046 4084 Netlogon - ok
12:34:45.0062 4084 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
12:34:45.0093 4084 Netman - ok
12:34:45.0109 4084 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:34:45.0156 4084 NetTcpPortSharing - ok
12:34:45.0203 4084 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:34:45.0203 4084 Nla - ok
12:34:45.0250 4084 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:34:45.0265 4084 Npfs - ok
12:34:45.0343 4084 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:34:45.0375 4084 Ntfs - ok
12:34:45.0375 4084 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:34:45.0375 4084 NtLmSsp - ok
12:34:45.0421 4084 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:34:45.0453 4084 NtmsSvc - ok
12:34:45.0468 4084 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:34:45.0500 4084 Null - ok
12:34:45.0515 4084 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:34:45.0531 4084 NwlnkFlt - ok
12:34:45.0562 4084 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:34:45.0578 4084 NwlnkFwd - ok
12:34:45.0609 4084 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
12:34:45.0640 4084 OMCI - ok
12:34:45.0656 4084 [ 240C0D4049A833B16B63B636ACF01672 ] PalmUSBD C:\WINDOWS\system32\drivers\PalmUSBD.sys
12:34:45.0687 4084 PalmUSBD - ok
12:34:45.0703 4084 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
12:34:45.0734 4084 Parport - ok
12:34:45.0734 4084 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:34:45.0750 4084 PartMgr - ok
12:34:45.0781 4084 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:34:45.0796 4084 ParVdm - ok
12:34:45.0828 4084 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:34:45.0859 4084 PCI - ok
12:34:45.0875 4084 PCIDump - ok
12:34:45.0875 4084 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:34:45.0875 4084 PCIIde - ok
12:34:45.0906 4084 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:34:45.0921 4084 Pcmcia - ok
12:34:45.0921 4084 PDCOMP - ok
12:34:45.0937 4084 PDFRAME - ok
12:34:45.0937 4084 PDRELI - ok
12:34:45.0937 4084 PDRFRAME - ok
12:34:45.0953 4084 perc2 - ok
12:34:45.0953 4084 perc2hib - ok
12:34:46.0000 4084 [ 6C1618A07B49E3873582B6449E744088 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
12:34:46.0015 4084 pfc - ok
12:34:46.0046 4084 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:34:46.0046 4084 PlugPlay - ok
12:34:46.0062 4084 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
12:34:46.0093 4084 Pml Driver HPZ12 - ok
12:34:46.0109 4084 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:34:46.0109 4084 PolicyAgent - ok
12:34:46.0125 4084 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:34:46.0156 4084 PptpMiniport - ok
12:34:46.0156 4084 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:34:46.0171 4084 ProtectedStorage - ok
12:34:46.0171 4084 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:34:46.0203 4084 PSched - ok
12:34:46.0203 4084 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:34:46.0218 4084 Ptilink - ok
12:34:46.0234 4084 [ 5491E4E7D93804F43ABE8CE3C39F5A86 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:34:46.0250 4084 PxHelp20 - ok
12:34:46.0265 4084 ql1080 - ok
12:34:46.0265 4084 Ql10wnt - ok
12:34:46.0265 4084 ql12160 - ok
12:34:46.0265 4084 ql1240 - ok
12:34:46.0281 4084 ql1280 - ok
12:34:46.0296 4084 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:34:46.0312 4084 RasAcd - ok
12:34:46.0343 4084 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:34:46.0375 4084 RasAuto - ok
12:34:46.0390 4084 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:34:46.0421 4084 Rasl2tp - ok
12:34:46.0453 4084 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:34:46.0484 4084 RasMan - ok
12:34:46.0484 4084 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:34:46.0515 4084 RasPppoe - ok
12:34:46.0515 4084 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:34:46.0531 4084 Raspti - ok
12:34:46.0562 4084 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:34:46.0578 4084 Rdbss - ok
12:34:46.0578 4084 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:34:46.0609 4084 RDPCDD - ok
12:34:46.0640 4084 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:34:46.0671 4084 RDPWD - ok
12:34:46.0703 4084 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:34:46.0734 4084 RDSessMgr - ok
12:34:46.0765 4084 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:34:46.0796 4084 redbook - ok
12:34:46.0812 4084 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:34:46.0828 4084 RemoteAccess - ok
12:34:46.0843 4084 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
12:34:46.0875 4084 RFCOMM - ok
12:34:46.0890 4084 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
12:34:46.0921 4084 RpcLocator - ok
12:34:46.0953 4084 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
12:34:46.0968 4084 RpcSs - ok
12:34:47.0000 4084 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:34:47.0015 4084 RSVP - ok
12:34:47.0031 4084 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:34:47.0046 4084 SamSs - ok
12:34:47.0078 4084 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:34:47.0125 4084 SCardSvr - ok
12:34:47.0187 4084 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:34:47.0234 4084 Schedule - ok
12:34:47.0250 4084 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:34:47.0265 4084 Secdrv - ok
12:34:47.0312 4084 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:34:47.0328 4084 seclogon - ok
12:34:47.0343 4084 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
12:34:47.0343 4084 SENS - ok
12:34:47.0375 4084 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:34:47.0406 4084 serenum - ok
12:34:47.0406 4084 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:34:47.0437 4084 Serial - ok
12:34:47.0484 4084 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:34:47.0500 4084 Sfloppy - ok
12:34:47.0531 4084 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:34:47.0578 4084 SharedAccess - ok
12:34:47.0593 4084 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:34:47.0609 4084 ShellHWDetection - ok
12:34:47.0609 4084 Simbad - ok
12:34:47.0625 4084 Sparrow - ok
12:34:47.0656 4084 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:34:47.0671 4084 splitter - ok
12:34:47.0687 4084 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:34:47.0718 4084 Spooler - ok
12:34:47.0765 4084 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:34:47.0781 4084 sr - ok
12:34:47.0812 4084 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
12:34:47.0859 4084 srservice - ok
12:34:47.0906 4084 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:34:47.0968 4084 Srv - ok
12:34:48.0015 4084 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:34:48.0046 4084 SSDPSRV - ok
12:34:48.0093 4084 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
12:34:48.0109 4084 ssmdrv - ok
12:34:48.0187 4084 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
12:34:48.0234 4084 STHDA - ok
12:34:48.0281 4084 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
12:34:48.0312 4084 StillCam - ok
12:34:48.0375 4084 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:34:48.0421 4084 stisvc - ok
12:34:48.0437 4084 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:34:48.0453 4084 swenum - ok
12:34:48.0500 4084 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:34:48.0515 4084 swmidi - ok
12:34:48.0531 4084 SwPrv - ok
12:34:48.0531 4084 symc810 - ok
12:34:48.0531 4084 symc8xx - ok
12:34:48.0546 4084 sym_hi - ok
12:34:48.0546 4084 sym_u3 - ok
12:34:48.0578 4084 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:34:48.0609 4084 sysaudio - ok
12:34:48.0625 4084 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:34:48.0656 4084 SysmonLog - ok
12:34:48.0687 4084 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:34:48.0718 4084 TapiSrv - ok
12:34:48.0765 4084 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:34:48.0812 4084 Tcpip - ok
12:34:48.0843 4084 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:34:48.0859 4084 TDPIPE - ok
12:34:48.0875 4084 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:34:48.0890 4084 TDTCP - ok
12:34:48.0937 4084 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:34:48.0968 4084 TermDD - ok
12:34:49.0000 4084 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
12:34:49.0046 4084 TermService - ok
12:34:49.0078 4084 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
12:34:49.0078 4084 Themes - ok
12:34:49.0093 4084 TosIde - ok
12:34:49.0109 4084 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:34:49.0140 4084 TrkWks - ok
12:34:49.0187 4084 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:34:49.0218 4084 Udfs - ok
12:34:49.0218 4084 UIUSys - ok
12:34:49.0218 4084 ultra - ok
12:34:49.0265 4084 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:34:49.0312 4084 Update - ok
12:34:49.0343 4084 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:34:49.0375 4084 upnphost - ok
12:34:49.0375 4084 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
12:34:49.0406 4084 UPS - ok
12:34:49.0437 4084 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
12:34:49.0453 4084 USBAAPL - ok
12:34:49.0484 4084 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:34:49.0500 4084 usbccgp - ok
12:34:49.0546 4084 [ 6B5E4D5E6E5ECD6ACD14AED59768CE5C ] USBCCID C:\WINDOWS\system32\DRIVERS\usbccid.sys
12:34:49.0562 4084 USBCCID - ok
12:34:49.0593 4084 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:34:49.0625 4084 usbehci - ok
12:34:49.0656 4084 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:34:49.0687 4084 usbhub - ok
12:34:49.0703 4084 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:34:49.0718 4084 usbprint - ok
12:34:49.0734 4084 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:34:49.0750 4084 usbscan - ok
12:34:49.0781 4084 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:34:49.0812 4084 USBSTOR - ok
12:34:49.0828 4084 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:34:49.0859 4084 usbuhci - ok
12:34:49.0859 4084 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:34:49.0875 4084 VgaSave - ok
12:34:49.0875 4084 ViaIde - ok
12:34:49.0906 4084 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:34:49.0921 4084 VolSnap - ok
12:34:49.0968 4084 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
12:34:50.0015 4084 VSS - ok
12:34:50.0046 4084 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
12:34:50.0078 4084 W32Time - ok
12:34:50.0109 4084 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:34:50.0140 4084 Wanarp - ok
12:34:50.0140 4084 WDICA - ok
12:34:50.0171 4084 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:34:50.0203 4084 wdmaud - ok
12:34:50.0234 4084 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:34:50.0265 4084 WebClient - ok
12:34:50.0312 4084 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
12:34:50.0375 4084 winachsf - ok
12:34:50.0453 4084 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:34:50.0484 4084 winmgmt - ok
12:34:50.0500 4084 wltrysvc - ok
12:34:50.0531 4084 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:34:50.0546 4084 WmdmPmSN - ok
12:34:50.0578 4084 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:34:50.0593 4084 WmiAcpi - ok
12:34:50.0609 4084 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:34:50.0640 4084 WmiApSrv - ok
12:34:50.0734 4084 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
12:34:50.0812 4084 WMPNetworkSvc - ok
12:34:50.0828 4084 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:34:50.0843 4084 WpdUsb - ok
12:34:50.0921 4084 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:34:51.0000 4084 WPFFontCache_v0400 - ok
12:34:51.0015 4084 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:34:51.0046 4084 WS2IFSL - ok
12:34:51.0078 4084 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:34:51.0109 4084 wscsvc - ok
12:34:51.0140 4084 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:34:51.0171 4084 wuauserv - ok
12:34:51.0218 4084 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:34:51.0250 4084 WudfPf - ok
12:34:51.0265 4084 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:34:51.0281 4084 WudfRd - ok
12:34:51.0296 4084 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:34:51.0343 4084 WudfSvc - ok
12:34:51.0375 4084 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:34:51.0421 4084 WZCSVC - ok
12:34:51.0453 4084 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:34:51.0468 4084 xmlprov - ok
12:34:51.0484 4084 ================ Scan global ===============================
12:34:51.0515 4084 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:34:51.0562 4084 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:34:51.0625 4084 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:34:51.0656 4084 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:34:51.0656 4084 [Global] - ok
12:34:51.0656 4084 ================ Scan MBR ==================================
12:34:51.0687 4084 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
12:34:51.0921 4084 \Device\Harddisk0\DR0 - ok
12:34:51.0921 4084 ================ Scan VBR ==================================
12:34:51.0921 4084 [ 3CBFE20E03CDAA1FBEF8F955B5DAFE10 ] \Device\Harddisk0\DR0\Partition1
12:34:51.0921 4084 \Device\Harddisk0\DR0\Partition1 - ok
12:34:51.0937 4084 ============================================================
12:34:51.0937 4084 Scan finished
12:34:51.0937 4084 ============================================================
12:34:51.0937 3940 Detected object count: 0
12:34:51.0937 3940 Actual detected object count: 0
 

genubi

Thread Starter
Joined
Oct 12, 2000
Messages
107
Heading to the gym for a work out. Back at it when I get back. The second computer is coming up clean. If that one was not infected I think my other devices are good. But, it wont hurt to run some "quick" diagnostics. I have the Nook and a third laptop that all share the wireless internet here at home.
Also, did you answer my question regarding the router and the modem? Can a virus or worm get into those devices?
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,548
Please visit Combofix Guide & Instructions for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
 

genubi

Thread Starter
Joined
Oct 12, 2000
Messages
107
ComboFix 13-02-02.05 - Mariah 02/02/2013 17:23:12.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1311 [GMT -5:00]
Running from: c:\documents and settings\Mariah\Desktop\puppy.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mariah\My Documents\~WRL0222.tmp
c:\documents and settings\Mariah\My Documents\~WRL0273.tmp
c:\documents and settings\Mariah\My Documents\~WRL0453.tmp
c:\documents and settings\Mariah\My Documents\~WRL1066.tmp
c:\documents and settings\Mariah\My Documents\~WRL1111.tmp
c:\documents and settings\Mariah\My Documents\~WRL1230.tmp
c:\documents and settings\Mariah\My Documents\~WRL1713.tmp
c:\documents and settings\Mariah\My Documents\~WRL1724.tmp
c:\documents and settings\Mariah\My Documents\~WRL2164.tmp
c:\documents and settings\Mariah\My Documents\~WRL2482.tmp
c:\documents and settings\Mariah\My Documents\~WRL2677.tmp
c:\documents and settings\Mariah\My Documents\~WRL2695.tmp
c:\documents and settings\Mariah\My Documents\~WRL3679.tmp
c:\windows\Downloaded Program Files\setup.dll
c:\windows\system32\SETA1.tmp
c:\windows\system32\SETA5.tmp
c:\windows\system32\SETA6.tmp
c:\windows\system32\SETAD.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-01-02 to 2013-02-02 )))))))))))))))))))))))))))))))
.
.
2013-02-01 18:50 . 2013-02-01 18:50 -------- d-----w- c:\documents and settings\Mariah\Local Settings\Application Data\Sun
2013-01-30 00:47 . 2013-01-30 00:47 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\Sun
2013-01-27 15:45 . 2013-01-27 15:45 -------- d-----w- c:\program files\Trend Micro
2013-01-27 15:41 . 2013-01-27 15:41 -------- d-----w- c:\program files\Common Files\Java
2013-01-27 15:41 . 2013-01-27 15:40 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-27 15:40 . 2013-01-27 15:40 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-27 15:40 . 2013-01-27 15:40 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-27 15:40 . 2012-07-21 17:47 859552 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-27 15:40 . 2012-03-02 19:26 780192 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-09 01:40 . 2012-08-23 13:41 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 01:40 . 2011-05-14 13:52 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2008-04-13 23:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49 . 2011-10-22 19:06 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25 . 2008-04-13 23:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2008-04-13 23:00 1371648 ----a-w- c:\windows\system32\msxml6.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Location Finder"="c:\program files\Microsoft Location Finder\LocationFinder.exe" [2005-08-24 101080]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-04-29 5248312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
backup=c:\windows\pss\DataViz Inc Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2010-10-29 15:14 2498560 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 09:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 01:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-23 02:50 135664 ----atw- c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 22:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-03-31 00:59 138008 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/22/2010 8:25 PM 136360]
S0 cerc6;cerc6; [x]
S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [5/27/2008 2:52 AM 51072]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 81591274
*Deregistered* - 81591274
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 01:40]
.
2013-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2013-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 02:57]
.
2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 02:57]
.
2013-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1004Core.job
- c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-23 02:50]
.
2013-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1004UA.job
- c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-23 02:50]
.
2013-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1005Core.job
- c:\documents and settings\Mariah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 20:30]
.
2013-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1005UA.job
- c:\documents and settings\Mariah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 20:30]
.
2010-04-09 c:\windows\Tasks\Install.job
- c:\windows\system32\Macromed\Shockwave 10\nssstub.exe [2010-04-07 23:58]
.
2013-02-02 c:\windows\Tasks\User_Feed_Synchronization-{12D6261B-6524-4ED6-888E-47F687F15403}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.17.1
DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} - hxxps://briowebprod.syr.edu/InsightInstaller/setup.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-WinCalendar - c:\program files\Sapro Systems WinCalendar\WinCalendar_SysTray.exe
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-02 17:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(804)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2013-02-02 17:28:49
ComboFix-quarantined-files.txt 2013-02-02 22:28
.
Pre-Run: 27,412,455,424 bytes free
Post-Run: 28,061,732,864 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 75F5698BA2CE3393975C6EED4653C9BB
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,548
Download OTS.exe to your Desktop.
  1. Close any open browsers.
  2. If your Real protection or Antivirus interferes with OTS, allow it to run.
  3. Double-click on OTS.exe to start the program.
  4. At the top put a check mark in the box beside "Scan All Users".
  5. Under the Additional Scans section put a check in the box next to Disabled MS Config Items, NetSvcs and EventViewer logs (Last 10 errors)
  6. Now click the Run Scan button on the toolbar.
  7. Let it run unhindered until it finishes.
  8. When the scan is complete Notepad will open with the report file loaded in it.
  9. Save that notepad file.
Use the Reply button, scroll down to the attachments section and attach the notepad file here.
 

genubi

Thread Starter
Joined
Oct 12, 2000
Messages
107
Code:
OTS logfile created on: 2/2/2013 6:42:15 PM - Run 1
OTS by OldTimer - Version 3.1.47.2     Folder = C:\Documents and Settings\Mariah\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 26.16 Gb Free Space | 35.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 59.83 Mb Total Space | 11.30 Mb Free Space | 18.88% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PROMETHEUS
Current User Name: Mariah
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Mariah\Desktop\OTS.exe -> [2013/02/02 18:40:48 | 000,646,656 | ---- | M] (OldTimer Tools)
jqs.exe -> C:\Program Files\Java\jre7\bin\jqs.exe -> [2013/01/27 10:40:42 | 000,170,912 | ---- | M] (Oracle Corporation)
avcenter.exe -> C:\Program Files\Avira\AntiVir Desktop\avcenter.exe -> [2011/06/28 08:27:48 | 000,400,040 | ---- | M] (Avira GmbH)
avguard.exe -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2011/06/28 08:27:48 | 000,269,480 | ---- | M] (Avira GmbH)
avshadow.exe -> C:\Program Files\Avira\AntiVir Desktop\avshadow.exe -> [2011/03/28 15:15:53 | 000,076,968 | ---- | M] (Avira GmbH)
sched.exe -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2011/03/28 15:15:40 | 000,136,360 | ---- | M] (Avira GmbH)
avgnt.exe -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe -> [2011/03/28 15:15:29 | 000,281,768 | ---- | M] (Avira GmbH)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 18:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)
apoint.exe -> C:\Program Files\Apoint\Apoint.exe -> [2005/10/07 14:13:38 | 000,176,128 | ---- | M] (Alps Electric Co., Ltd.)
locationfinder.exe -> C:\Program Files\Microsoft Location Finder\LocationFinder.exe -> [2005/08/24 17:25:00 | 000,101,080 | ---- | M] (Microsoft Corporation)
hidfind.exe -> C:\Program Files\Apoint\hidfind.exe -> [2004/06/28 23:56:12 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.)
 
[Modules - No Company Name]
bcm1xsup.dll -> C:\WINDOWS\system32\bcm1xsup.dll -> [2010/10/29 10:14:12 | 000,761,856 | ---- | M] ()
pdfmon.dll -> C:\WINDOWS\system32\pdfmon.dll -> [2010/05/20 05:50:54 | 000,040,292 | ---- | M] ()
yui.dll -> C:\Program Files\Yahoo!\Messenger\yui.dll -> [2010/04/29 15:59:12 | 000,929,792 | ---- | M] ()
sqlite3.dll -> C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll -> [2010/04/05 19:18:48 | 000,355,688 | ---- | M] ()
 
[Win32 Services - Safe List]
(HidServ) Human Interface Device Access [Disabled | Stopped] ->  -> File not found
(AppMgmt) Application Management [On_Demand | Stopped] ->  -> File not found
(JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files\Java\jre7\bin\jqs.exe -> [2013/01/27 10:40:42 | 000,170,912 | ---- | M] (Oracle Corporation)
(AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [On_Demand | Stopped] -> C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -> [2013/01/08 20:40:06 | 000,251,400 | ---- | M] (Adobe Systems Incorporated)
(AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2011/06/28 08:27:48 | 000,269,480 | ---- | M] (Avira GmbH)
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2011/03/28 15:15:40 | 000,136,360 | ---- | M] (Avira GmbH)
(ICDSPTSV) Sony SPTI Service for DVE [On_Demand | Stopped] -> C:\WINDOWS\system32\IcdSptSv.exe -> [2009/10/14 18:59:54 | 000,099,688 | R--- | M] (Sony Corporation)
 
[Driver Services - Safe List]
(avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2011/06/28 08:27:49 | 000,138,192 | ---- | M] (Avira GmbH)
(avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\avgntflt.sys -> [2011/06/28 08:27:49 | 000,066,616 | ---- | M] (Avira GmbH)
(BCM43XX) DW WLAN Card Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\BCMWL5.SYS -> [2010/10/29 10:14:44 | 002,649,216 | ---- | M] (Broadcom Corporation)
(ssmdrv) ssmdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH)
(avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH)
(PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\PalmUSBD.sys -> [2010/03/14 12:15:41 | 000,016,694 | ---- | M] (PalmSource, Inc.)
(MHIKEY10) MHIKEY10 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\MHIKEY10.sys -> [2008/05/27 02:52:18 | 000,051,072 | ---- | M] (Generic USB smartcard reader)
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sthda.sys -> [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.)
(b57w2k) Broadcom NetXtreme Gigabit Ethernet [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\b57xp32.sys -> [2005/10/26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation)
(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Apfiltr.sys -> [2005/09/28 19:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.)
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -> [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions)
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -> [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions)
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -> [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions)
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLABOIOM.SYS -> [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions)
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -> [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions)
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAPoolM.SYS -> [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions)
(DLADResN) DLADResN [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLADResN.SYS -> [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions)
(DLACDBHM) DLACDBHM [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLACDBHM.SYS -> [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions)
(DLARTL_N) DLARTL_N [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLARTL_N.SYS -> [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions)
(USBCCID) USB Smart Card reader [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\usbccid.sys -> [2005/05/13 17:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation)
(Afc) PPdus ASPI Shell [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\afc.sys -> [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.)
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pfc.sys -> [2003/09/20 08:45:48 | 000,021,248 | ---- | M] (Padus, Inc.)
(OMCI) OMCI [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -> [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.yahoo.com -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\] > -> -> 
HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\: Main\\"Start Page" -> http://www.google.com/ -> 
HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-us -> 
HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> DC 03 D0 C8 EF BB CA 01  [binary data] -> 
HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\: "ProxyOverride" -> *.local -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
< FireFox Extensions [User Folders] > -> 
< HOSTS File > ([2013/02/02 17:27:37 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> [2005/09/08 04:20:00 | 000,110,652 | ---- | M] (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre7\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2013/01/27 10:40:43 | 000,461,216 | ---- | M] (Oracle Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2013/01/27 10:40:42 | 000,170,912 | ---- | M] (Oracle Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Apoint" -> C:\Program Files\Apoint\Apoint.exe [C:\Program Files\Apoint\Apoint.exe] -> [2005/10/07 14:13:38 | 000,176,128 | ---- | M] (Alps Electric Co., Ltd.)
"avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2011/03/28 15:15:29 | 000,281,768 | ---- | M] (Avira GmbH)
"BluetoothAuthenticationAgent" -> C:\WINDOWS\System32\bthprops.cpl [rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent] -> [2008/04/13 18:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation)
"SigmatelSysTrayApp" -> C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe] -> [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.)
< Run [HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\] > -> HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Messenger (Yahoo!)" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe ["C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2010/04/29 15:59:14 | 005,248,312 | ---- | M] (Yahoo! Inc.)
"Microsoft Location Finder" -> C:\Program Files\Microsoft Location Finder\LocationFinder.exe ["C:\Program Files\Microsoft Location Finder\LocationFinder.exe"] -> [2005/08/24 17:25:00 | 000,101,080 | ---- | M] (Microsoft Corporation)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Mariah Startup Folder > -> C:\Documents and Settings\Mariah\Start Menu\Programs\Startup -> 
< Michael Startup Folder > -> C:\Documents and Settings\Michael\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005] > -> HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoCDBurning" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005] > -> HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005] > -> HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel ->  [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel ->  [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2012/03/22 14:12:12 | 004,435,968 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2012/03/22 14:12:12 | 004,435,968 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\] > -> HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2012/03/22 14:12:12 | 004,435,968 | ---- | M] (Google Inc.)
E&xport to Microsoft Excel ->  [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> File not found
Google Sidewiki... ->  [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\] > -> HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\] > -> HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1935655697-1417001333-322793739-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342925172468 [WUWebControl Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342893085875 [MUWebControl Class] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
{F79364C6-8DF2-4060-BF77-35239AC7BCB1} [HKLM] -> https://briowebprod.syr.edu/InsightInstaller/setup.cab [SetupLauncher Class] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.17.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{02B0796D-5CC4-4081-ABCD-1C6FF1643C56}\\DhcpNameServer -> 209.18.47.61 209.18.47.62   (Dell Wireless 1490 Dual Band WLAN Mini-Card) -> 
{57830461-A526-416A-94B1-B5BC1DF3E6BB}\\DhcpNameServer -> 192.168.17.1   (Dell Wireless 1390 WLAN Mini-Card) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 18:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/13 18:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"C:\Documents and Settings\Mariah\Local Settings\Temp\7zS0369\setup\hpznui01.exe" ->  [C:\Documents and Settings\Mariah\Local Settings\Temp\7zS0369\setup\hpznui01.exe:*:Enabled:hpznui01.exe] -> File not found
"C:\Documents and Settings\Mariah\Local Settings\Temp\7zS07DA\setup\hpznui01.exe" ->  [C:\Documents and Settings\Mariah\Local Settings\Temp\7zS07DA\setup\hpznui01.exe:*:Enabled:hpznui01.exe] -> File not found
"C:\Documents and Settings\Mariah\Local Settings\Temp\7zS3E5F\setup\hpznui01.exe" ->  [C:\Documents and Settings\Mariah\Local Settings\Temp\7zS3E5F\setup\hpznui01.exe:*:Enabled:hpznui01.exe] -> File not found
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" ->  [C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe] -> [2010/01/30 00:13:02 | 000,021,632 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2010/01/30 00:13:04 | 001,767,552 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" ->  [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe] -> File not found
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" ->  [C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\Google\Google Earth\client\googleearth.exe" -> C:\Program Files\Google\Google Earth\client\googleearth.exe [C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth] -> [2011/10/17 13:03:16 | 000,071,680 | ---- | M] (Google)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe] -> [2010/01/30 00:13:02 | 000,021,632 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2010/01/30 00:13:04 | 001,767,552 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2010/04/29 15:59:14 | 005,248,312 | ---- | M] (Yahoo! Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2010/02/22 18:20:35 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk -> C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe -> [2010/03/14 12:44:01 | 000,028,672 | ---- | M] (DataViz, Inc.)
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk -> C:\Program Files\Palm\Hotsync.exe -> [2004/06/09 13:27:34 | 000,471,040 | ---- | M] (PalmSource, Inc)
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk -> C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe -> [2006/09/29 11:55:14 | 000,057,344 | ---- | M] (Matsushita Electric Industrial Co., Ltd.)
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
Adobe ARM hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe -> [2012/12/03 02:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated)
Broadcom Wireless Manager UI hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
DLA hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
DVDLauncher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe -> [2005/12/09 20:29:52 | 000,049,152 | ---- | M] (CyberLink Corp.)
Google Update hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> [2010/02/22 21:50:55 | 000,135,664 | ---- | M] (Google Inc.)
iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\iTunes\iTunesHelper.exe -> [2011/07/19 17:29:00 | 000,421,736 | ---- | M] (Apple Inc.)
KernelFaultCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
Persistence hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\QuickTime\qttask.exe -> [2010/11/29 16:38:18 | 000,421,888 | ---- | M] (Apple Inc.)
SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Java\Java Update\jusched.exe -> [2012/07/03 09:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.)
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 0 -> 
"startup" -> 2 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 ->  -> File not found
AppMgmt ->  -> File not found
HidServ ->  -> File not found
Ias ->  -> File not found
Iprip ->  -> File not found
NWCWorkstation ->  -> File not found
Nwsapagent ->  -> File not found
WmdmPmSp ->  -> File not found
*MultiFile Done* -> -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 1/20/2013 9:20:45 PM Computer Name = PROMETHEUS | Source = Application Hang | ID = 1002 -> Description = Hanging application SETUP.EXE, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 1/20/2013 9:20:46 PM Computer Name = PROMETHEUS | Source = Application Hang | ID = 1001 -> Description = Fault bucket 01973502.
Application [ Error ] 1/20/2013 9:20:56 PM Computer Name = PROMETHEUS | Source = Application Hang | ID = 1002 -> Description = Hanging application SETUP.EXE, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 1/20/2013 9:20:58 PM Computer Name = PROMETHEUS | Source = Application Hang | ID = 1001 -> Description = Fault bucket 01973502.
Application [ Error ] 1/20/2013 10:17:25 PM Computer Name = PROMETHEUS | Source = Application Hang | ID = 1002 -> Description = Hanging application SETUP.EXE, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 1/20/2013 10:17:44 PM Computer Name = PROMETHEUS | Source = Application Hang | ID = 1002 -> Description = Hanging application SETUP.EXE, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 1/20/2013 10:17:59 PM Computer Name = PROMETHEUS | Source = Application Hang | ID = 1002 -> Description = Hanging application SETUP.EXE, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 1/20/2013 11:11:08 PM Computer Name = PROMETHEUS | Source = Application Hang | ID = 1002 -> Description = Hanging application SETUP.EXE, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 1/25/2013 9:05:15 PM Computer Name = PROMETHEUS | Source = Chrome | ID = 1 -> Description = 
Application [ Error ] 1/31/2013 9:56:35 PM Computer Name = PROMETHEUS | Source = Application Error | ID = 1000 -> Description = Faulting application wordpad.exe, version 5.1.2600.6010, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
System [ Error ] 1/27/2013 11:36:29 AM Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error:   %%126
System [ Error ] 1/27/2013 11:36:29 AM Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error:   %%126
System [ Error ] 1/27/2013 11:36:29 AM Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error:   %%126
System [ Error ] 1/27/2013 11:36:29 AM Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error:   %%126
System [ Error ] 1/27/2013 11:36:29 AM Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error:   %%126
System [ Error ] 1/27/2013 11:36:29 AM Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error:   %%126
System [ Error ] 1/28/2013 4:47:28 PM Computer Name = PROMETHEUS | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.1.101 for the Network Card with network address 0016CFAB2718 has been  denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 1/28/2013 7:21:41 PM Computer Name = PROMETHEUS | Source = DCOM | ID = 10010 -> Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register with DCOM within the required timeout.
System [ Error ] 1/29/2013 8:53:38 PM Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7011 -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
System [ Error ] 2/2/2013 6:23:03 PM Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7034 -> Description = The DW WLAN Tray Service service terminated unexpectedly.  It has done this 1 time(s).
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Mariah\Desktop\OTS.exe -> [2013/02/02 18:40:45 | 000,646,656 | ---- | C] (OldTimer Tools)
 cmdcons -> C:\cmdcons -> [2013/02/02 17:22:08 | 000,000,000 | RHSD | C]
 SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2013/02/02 17:20:11 | 000,518,144 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2013/02/02 17:20:11 | 000,406,528 | ---- | C] (SteelWerX)
 SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2013/02/02 17:20:11 | 000,212,480 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2013/02/02 17:20:11 | 000,060,416 | ---- | C] (NirSoft)
 Qoobox -> C:\Qoobox -> [2013/02/02 17:19:30 | 000,000,000 | ---D | C]
 erdnt -> C:\WINDOWS\erdnt -> [2013/02/02 17:19:14 | 000,000,000 | ---D | C]
 puppy.exe -> C:\Documents and Settings\Mariah\Desktop\puppy.exe -> [2013/02/02 17:16:45 | 005,029,149 | R--- | C] (Swearware)
 MC -> C:\Documents and Settings\Mariah\Desktop\MC -> [2013/02/02 12:54:37 | 000,000,000 | ---D | C]
 tdsskiller.exe -> C:\Documents and Settings\Mariah\Desktop\tdsskiller.exe -> [2013/02/02 12:34:17 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO)
 Sun -> C:\Documents and Settings\Mariah\Local Settings\Application Data\Sun -> [2013/02/01 13:50:18 | 000,000,000 | ---D | C]
 Administrative Tools -> C:\Documents and Settings\Mariah\Start Menu\Programs\Administrative Tools -> [2013/01/28 20:40:22 | 000,000,000 | R--D | C]
 Trend Micro -> C:\Program Files\Trend Micro -> [2013/01/27 10:45:06 | 000,000,000 | ---D | C]
 HijackThis -> C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis -> [2013/01/27 10:45:06 | 000,000,000 | ---D | C]
 Java -> C:\Program Files\Common Files\Java -> [2013/01/27 10:41:08 | 000,000,000 | ---D | C]
 javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2013/01/27 10:41:00 | 000,261,024 | ---- | C] (Oracle Corporation)
 javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2013/01/27 10:41:00 | 000,143,872 | ---- | C] (Oracle Corporation)
 javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2013/01/27 10:40:56 | 000,174,496 | ---- | C] (Oracle Corporation)
 java.exe -> C:\WINDOWS\System32\java.exe -> [2013/01/27 10:40:56 | 000,174,496 | ---- | C] (Oracle Corporation)
 WindowsAccessBridge.dll -> C:\WINDOWS\System32\WindowsAccessBridge.dll -> [2013/01/27 10:40:56 | 000,094,112 | ---- | C] (Oracle Corporation)
 Java -> C:\Program Files\Java -> [2013/01/27 10:40:34 | 000,000,000 | ---D | C]
 Old Favorites -> C:\Documents and Settings\Mariah\Desktop\Old Favorites -> [2013/01/27 05:30:40 | 000,000,000 | ---D | C]
 7 C:\Documents and Settings\Mariah\Desktop\*.tmp files -> C:\Documents and Settings\Mariah\Desktop\*.tmp -> 
 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 User_Feed_Synchronization-{12D6261B-6524-4ED6-888E-47F687F15403}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{12D6261B-6524-4ED6-888E-47F687F15403}.job -> [2013/02/02 18:42:00 | 000,000,426 | -H-- | M] ()
 OTS.exe -> C:\Documents and Settings\Mariah\Desktop\OTS.exe -> [2013/02/02 18:40:48 | 000,646,656 | ---- | M] (OldTimer Tools)
 GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1005UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1005UA.job -> [2013/02/02 18:39:00 | 000,000,982 | ---- | M] ()
 Adobe Flash Player Updater.job -> C:\WINDOWS\tasks\Adobe Flash Player Updater.job -> [2013/02/02 18:39:00 | 000,000,830 | ---- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2013/02/02 18:35:01 | 000,000,888 | ---- | M] ()
 GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1004UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1004UA.job -> [2013/02/02 18:34:00 | 000,000,986 | ---- | M] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2013/02/02 17:27:37 | 000,000,027 | ---- | M] ()
 boot.ini -> C:\boot.ini -> [2013/02/02 17:22:12 | 000,000,327 | RHS- | M] ()
 puppy.exe -> C:\Documents and Settings\Mariah\Desktop\puppy.exe -> [2013/02/02 17:16:55 | 005,029,149 | R--- | M] (Swearware)
 IRONMAN.jpg -> C:\Documents and Settings\Mariah\Desktop\IRONMAN.jpg -> [2013/02/01 20:35:07 | 000,021,509 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2013/02/01 13:49:30 | 000,510,766 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2013/02/01 13:49:30 | 000,091,344 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2013/02/01 13:45:25 | 000,000,884 | ---- | M] ()
 pdf995.ini -> C:\WINDOWS\pdf995.ini -> [2013/02/01 13:45:14 | 000,000,254 | ---- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2013/02/01 13:45:08 | 000,002,048 | --S- | M] ()
 Google Chrome.lnk -> C:\Documents and Settings\Mariah\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> [2013/01/31 21:07:45 | 000,002,311 | ---- | M] ()
 Google Chrome.lnk -> C:\Documents and Settings\Mariah\Desktop\Google Chrome.lnk -> [2013/01/31 21:07:45 | 000,002,293 | ---- | M] ()
 spider.sav -> C:\Documents and Settings\Mariah\My Documents\spider.sav -> [2013/01/31 20:52:32 | 000,000,412 | ---- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2013/01/31 20:20:31 | 000,002,206 | ---- | M] ()
 tdsskiller.exe -> C:\Documents and Settings\Mariah\Desktop\tdsskiller.exe -> [2013/01/29 05:21:48 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO)
 GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1005Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1005Core.job -> [2013/01/27 11:39:00 | 000,000,930 | ---- | M] ()
 GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1004Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1004Core.job -> [2013/01/27 11:34:00 | 000,000,934 | ---- | M] ()
 HijackThis.lnk -> C:\Documents and Settings\Mariah\Desktop\HijackThis.lnk -> [2013/01/27 10:45:06 | 000,001,734 | ---- | M] ()
 WindowsAccessBridge.dll -> C:\WINDOWS\System32\WindowsAccessBridge.dll -> [2013/01/27 10:40:43 | 000,094,112 | ---- | M] (Oracle Corporation)
 npdeployJava1.dll -> C:\WINDOWS\System32\npdeployJava1.dll -> [2013/01/27 10:40:41 | 000,859,552 | ---- | M] (Oracle Corporation)
 javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2013/01/27 10:40:41 | 000,261,024 | ---- | M] (Oracle Corporation)
 javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2013/01/27 10:40:41 | 000,174,496 | ---- | M] (Oracle Corporation)
 java.exe -> C:\WINDOWS\System32\java.exe -> [2013/01/27 10:40:41 | 000,174,496 | ---- | M] (Oracle Corporation)
 javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2013/01/27 10:40:41 | 000,143,872 | ---- | M] (Oracle Corporation)
 deployJava1.dll -> C:\WINDOWS\System32\deployJava1.dll -> [2013/01/27 10:40:40 | 000,780,192 | ---- | M] (Oracle Corporation)
 Before posting a log - Free Antivirus Forum.url -> C:\Documents and Settings\Mariah\Desktop\Before posting a log - Free Antivirus Forum.url -> [2013/01/27 10:28:15 | 000,000,093 | ---- | M] ()
 Malwarebytes Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk -> [2013/01/27 05:44:12 | 000,000,784 | ---- | M] ()
 Lincoln.png -> C:\Documents and Settings\Mariah\Desktop\Lincoln.png -> [2013/01/23 20:13:43 | 000,076,392 | ---- | M] ()
 AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2013/01/22 16:37:00 | 000,000,284 | ---- | M] ()
 My Computer.lnk -> C:\Documents and Settings\Mariah\Desktop\My Computer.lnk -> [2013/01/20 22:50:49 | 000,000,104 | ---- | M] ()
 My Documents.lnk -> C:\Documents and Settings\Mariah\Desktop\My Documents.lnk -> [2013/01/20 22:50:43 | 000,000,340 | ---- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2013/01/20 13:26:05 | 000,259,840 | ---- | M] ()
 01172012.wav -> C:\Documents and Settings\Mariah\My Documents\01172012.wav -> [2013/01/17 20:32:41 | 000,099,825 | ---- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2013/01/08 22:18:03 | 000,001,355 | ---- | M] ()
 FlashPlayerApp.exe -> C:\WINDOWS\System32\FlashPlayerApp.exe -> [2013/01/08 20:40:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated)
 FlashPlayerCPLApp.cpl -> C:\WINDOWS\System32\FlashPlayerCPLApp.cpl -> [2013/01/08 20:40:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated)
 mshtml.dll -> C:\WINDOWS\System32\dllcache\mshtml.dll -> [2013/01/06 00:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation)
 Pandora One -.url -> C:\Documents and Settings\Mariah\Desktop\Pandora One -.url -> [2013/01/03 20:51:46 | 000,000,049 | ---- | M] ()
 7 C:\Documents and Settings\Mariah\Desktop\*.tmp files -> C:\Documents and Settings\Mariah\Desktop\*.tmp -> 
 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 
[Files - No Company Name]
 Boot.bak -> C:\Boot.bak -> [2013/02/02 17:22:12 | 000,000,211 | ---- | C] ()
 cmldr -> C:\cmldr -> [2013/02/02 17:22:10 | 000,260,272 | RHS- | C] ()
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2013/02/02 17:20:11 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2013/02/02 17:20:11 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\WINDOWS\sed.exe -> [2013/02/02 17:20:11 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\WINDOWS\grep.exe -> [2013/02/02 17:20:11 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\WINDOWS\zip.exe -> [2013/02/02 17:20:11 | 000,068,096 | ---- | C] ()
 IRONMAN.jpg -> C:\Documents and Settings\Mariah\Desktop\IRONMAN.jpg -> [2013/02/01 20:35:06 | 000,021,509 | ---- | C] ()
 HijackThis.lnk -> C:\Documents and Settings\Mariah\Desktop\HijackThis.lnk -> [2013/01/27 10:45:06 | 000,001,734 | ---- | C] ()
 Before posting a log - Free Antivirus Forum.url -> C:\Documents and Settings\Mariah\Desktop\Before posting a log - Free Antivirus Forum.url -> [2013/01/27 10:28:15 | 000,000,093 | ---- | C] ()
 Malwarebytes Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk -> [2013/01/27 05:44:12 | 000,000,784 | ---- | C] ()
 Lincoln.png -> C:\Documents and Settings\Mariah\Desktop\Lincoln.png -> [2013/01/23 20:13:42 | 000,076,392 | ---- | C] ()
 My Computer.lnk -> C:\Documents and Settings\Mariah\Desktop\My Computer.lnk -> [2013/01/20 22:50:49 | 000,000,104 | ---- | C] ()
 My Documents.lnk -> C:\Documents and Settings\Mariah\Desktop\My Documents.lnk -> [2013/01/20 22:50:43 | 000,000,340 | ---- | C] ()
 01172012.wav -> C:\Documents and Settings\Mariah\My Documents\01172012.wav -> [2013/01/17 20:32:40 | 000,099,825 | ---- | C] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2013/01/08 22:18:02 | 000,001,355 | ---- | C] ()
 Pandora One -.url -> C:\Documents and Settings\Mariah\Desktop\Pandora One -.url -> [2013/01/03 20:51:46 | 000,000,049 | ---- | C] ()
 bqformat.ini -> C:\WINDOWS\bqformat.ini -> [2012/03/02 14:08:08 | 000,032,389 | ---- | C] ()
 iacenc.dll -> C:\WINDOWS\System32\iacenc.dll -> [2012/02/14 19:13:47 | 000,003,072 | ---- | C] ()
 EPPICPrinterDB.dat -> C:\WINDOWS\System32\EPPICPrinterDB.dat -> [2012/01/22 13:08:42 | 000,111,932 | ---- | C] ()
 EPPICPattern131.dat -> C:\WINDOWS\System32\EPPICPattern131.dat -> [2012/01/22 13:08:42 | 000,031,053 | ---- | C] ()
 EPPICPattern121.dat -> C:\WINDOWS\System32\EPPICPattern121.dat -> [2012/01/22 13:08:42 | 000,027,417 | ---- | C] ()
 EPPICPattern1.dat -> C:\WINDOWS\System32\EPPICPattern1.dat -> [2012/01/22 13:08:42 | 000,026,154 | ---- | C] ()
 EPPICPattern3.dat -> C:\WINDOWS\System32\EPPICPattern3.dat -> [2012/01/22 13:08:42 | 000,024,903 | ---- | C] ()
 EPPICPattern5.dat -> C:\WINDOWS\System32\EPPICPattern5.dat -> [2012/01/22 13:08:42 | 000,021,390 | ---- | C] ()
 EPPICPattern2.dat -> C:\WINDOWS\System32\EPPICPattern2.dat -> [2012/01/22 13:08:42 | 000,020,148 | ---- | C] ()
 EPPICPattern4.dat -> C:\WINDOWS\System32\EPPICPattern4.dat -> [2012/01/22 13:08:42 | 000,011,811 | ---- | C] ()
 EPPICPattern6.dat -> C:\WINDOWS\System32\EPPICPattern6.dat -> [2012/01/22 13:08:42 | 000,004,943 | ---- | C] ()
 EPPICPresetData_DU.dat -> C:\WINDOWS\System32\EPPICPresetData_DU.dat -> [2012/01/22 13:08:42 | 000,001,146 | ---- | C] ()
 EPPICPresetData_PT.dat -> C:\WINDOWS\System32\EPPICPresetData_PT.dat -> [2012/01/22 13:08:42 | 000,001,139 | ---- | C] ()
 EPPICPresetData_BP.dat -> C:\WINDOWS\System32\EPPICPresetData_BP.dat -> [2012/01/22 13:08:42 | 000,001,139 | ---- | C] ()
 EPPICPresetData_ES.dat -> C:\WINDOWS\System32\EPPICPresetData_ES.dat -> [2012/01/22 13:08:42 | 000,001,136 | ---- | C] ()
 EPPICPresetData_FR.dat -> C:\WINDOWS\System32\EPPICPresetData_FR.dat -> [2012/01/22 13:08:42 | 000,001,129 | ---- | C] ()
 EPPICPresetData_CF.dat -> C:\WINDOWS\System32\EPPICPresetData_CF.dat -> [2012/01/22 13:08:42 | 000,001,129 | ---- | C] ()
 EPPICPresetData_IT.dat -> C:\WINDOWS\System32\EPPICPresetData_IT.dat -> [2012/01/22 13:08:42 | 000,001,120 | ---- | C] ()
 EPPICPresetData_GE.dat -> C:\WINDOWS\System32\EPPICPresetData_GE.dat -> [2012/01/22 13:08:42 | 000,001,107 | ---- | C] ()
 EPPICPresetData_EN.dat -> C:\WINDOWS\System32\EPPICPresetData_EN.dat -> [2012/01/22 13:08:42 | 000,001,104 | ---- | C] ()
 PICSDK.ini -> C:\WINDOWS\System32\PICSDK.ini -> [2012/01/22 13:08:42 | 000,000,097 | ---- | C] ()
 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2011/06/26 17:15:20 | 000,000,664 | ---- | C] ()
< End of report >
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,548
Start OTS. Copy/Paste the information in the code box below into the pane where it says "Paste fix here" and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here please.

Code:
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files/Folders - Created Within 30 Days]
NY ->  7 C:\Documents and Settings\Mariah\Desktop\*.tmp files -> C:\Documents and Settings\Mariah\Desktop\*.tmp
NY ->  3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY ->  1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Start Explorer]
 

genubi

Thread Starter
Joined
Oct 12, 2000
Messages
107
All Processes Killed
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
[Files/Folders - Created Within 30 Days]
C:\Documents and Settings\Mariah\Desktop\~WRL0681.tmp deleted successfully.
C:\Documents and Settings\Mariah\Desktop\~WRL1000.tmp deleted successfully.
C:\Documents and Settings\Mariah\Desktop\~WRL1101.tmp deleted successfully.
C:\Documents and Settings\Mariah\Desktop\~WRL3051.tmp deleted successfully.
C:\Documents and Settings\Mariah\Desktop\~WRL3242.tmp deleted successfully.
C:\Documents and Settings\Mariah\Desktop\~WRL3320.tmp deleted successfully.
C:\Documents and Settings\Mariah\Desktop\~WRL3997.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
[Empty Temp Folders]


User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Isabella

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 262211 bytes

User: Mariah
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 10960884 bytes
->Java cache emptied: 2946234 bytes
->Google Chrome cache emptied: 375467782 bytes
->Flash cache emptied: 1942 bytes

User: Michael
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5537862 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 199973044 bytes
->Flash cache emptied: 757 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19075 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 568.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Isabella

User: LocalService

User: Mariah
->Flash cache emptied: 0 bytes

User: Michael
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: Isabella

User: LocalService

User: Mariah
->Java cache emptied: 0 bytes

User: Michael
->Java cache emptied: 0 bytes

User: NetworkService

Total Java Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 02032013_130551

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\HPSLPSVC0003.log not found!

Registry entries deleted on Reboot...
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,548
Please download OTL to your Desktop.
  • Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under Custom Scans/Fixes type in Netsvcs
  • Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long.
  • When the scan completes, it will open two Notepad windows called OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy and paste the contents of both of these files here in your next reply.
 

genubi

Thread Starter
Joined
Oct 12, 2000
Messages
107
OTL logfile created on: 2/3/2013 1:19:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mariah\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.27% Memory free
3.84 Gb Paging File | 3.21 Gb Available in Paging File | 83.74% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 26.71 Gb Free Space | 35.84% Space Free | Partition Type: NTFS
Drive F: | 59.83 Mb Total Space | 11.30 Mb Free Space | 18.88% Space Free | Partition Type: FAT

Computer Name: PROMETHEUS | User Name: Mariah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/03 13:18:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mariah\Desktop\OTL.exe
PRC - [2013/01/27 10:40:42 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/06/28 08:27:48 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 15:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 15:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 15:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/04/13 18:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/10/07 14:13:38 | 000,176,128 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/08/24 17:25:00 | 000,101,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Location Finder\LocationFinder.exe
PRC - [2005/07/27 16:41:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/06/28 23:56:12 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe


========== Modules (No Company Name) ==========

MOD - [2010/10/29 10:14:12 | 000,761,856 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2010/05/20 05:50:54 | 000,040,292 | ---- | M] () -- C:\WINDOWS\system32\pdfmon.dll
MOD - [2010/04/29 15:59:12 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2010/04/05 19:18:48 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/27 10:40:42 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/08 20:40:06 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/06/28 08:27:48 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/28 15:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/10/14 18:59:54 | 000,099,688 | R--- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Mariah\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/06/28 08:27:49 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 08:27:49 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/10/29 10:14:44 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/03/14 12:15:41 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2008/05/27 02:52:18 | 000,051,072 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MHIKEY10.sys -- (MHIKEY10)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/10/26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/09/28 19:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/05/13 17:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2003/09/20 08:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 03 D0 C8 EF BB CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {098BD665-C574-4969-91AF-84001FFD14F7}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{098BD665-C574-4969-91AF-84001FFD14F7}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADSA_en
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.7.1 (Enabled) = C:\Documents and Settings\Mariah\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/02/02 17:27:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Microsoft Location Finder] C:\Program Files\Microsoft Location Finder\LocationFinder.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1342925172468 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1342893085875 (MUWebControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} https://briowebprod.syr.edu/InsightInstaller/setup.cab (SetupLauncher Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.17.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02B0796D-5CC4-4081-ABCD-1C6FF1643C56}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57830461-A526-416A-94B1-B5BC1DF3E6BB}: DhcpNameServer = 192.168.17.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/22 18:20:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/02/03 13:18:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mariah\Desktop\OTL.exe
[2013/02/03 13:05:51 | 000,000,000 | ---D | C] -- C:\_OTS
[2013/02/02 18:40:45 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mariah\Desktop\OTS.exe
[2013/02/02 17:22:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/02/02 17:20:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/02/02 17:20:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/02/02 17:20:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/02/02 17:20:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/02/02 17:19:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/02 17:19:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/02/02 17:16:45 | 005,029,149 | R--- | C] (Swearware) -- C:\Documents and Settings\Mariah\Desktop\puppy.exe
[2013/02/02 12:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mariah\Desktop\MC
[2013/02/02 12:34:17 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mariah\Desktop\tdsskiller.exe
[2013/02/01 13:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mariah\Local Settings\Application Data\Sun
[2013/01/28 20:40:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mariah\Start Menu\Programs\Administrative Tools
[2013/01/27 10:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/01/27 10:45:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2013/01/27 10:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/01/27 10:41:00 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/01/27 10:41:00 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/01/27 10:40:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/01/27 10:40:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/01/27 10:40:56 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/01/27 10:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/01/27 05:30:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mariah\Desktop\Old Favorites

========== Files - Modified Within 30 Days ==========

[2013/02/03 13:22:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{12D6261B-6524-4ED6-888E-47F687F15403}.job
[2013/02/03 13:18:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mariah\Desktop\OTL.exe
[2013/02/03 13:11:30 | 000,510,766 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/03 13:11:30 | 000,091,344 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/03 13:07:48 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/03 13:07:28 | 000,000,254 | ---- | M] () -- C:\WINDOWS\pdf995.ini
[2013/02/03 13:07:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/02 19:39:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1005UA.job
[2013/02/02 19:39:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/02 19:35:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/02 19:34:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1004UA.job
[2013/02/02 18:40:48 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mariah\Desktop\OTS.exe
[2013/02/02 17:27:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/02/02 17:22:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/02/02 17:16:55 | 005,029,149 | R--- | M] (Swearware) -- C:\Documents and Settings\Mariah\Desktop\puppy.exe
[2013/02/01 20:35:07 | 000,021,509 | ---- | M] () -- C:\Documents and Settings\Mariah\Desktop\IRONMAN.jpg
[2013/01/31 21:07:45 | 000,002,311 | ---- | M] () -- C:\Documents and Settings\Mariah\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/31 21:07:45 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Mariah\Desktop\Google Chrome.lnk
[2013/01/31 20:52:32 | 000,000,412 | ---- | M] () -- C:\Documents and Settings\Mariah\My Documents\spider.sav
[2013/01/31 20:20:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/29 05:21:48 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mariah\Desktop\tdsskiller.exe
[2013/01/27 11:39:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1005Core.job
[2013/01/27 11:34:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-322793739-1004Core.job
[2013/01/27 10:45:06 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Mariah\Desktop\HijackThis.lnk
[2013/01/27 10:40:43 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/01/27 10:40:41 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013/01/27 10:40:41 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/01/27 10:40:41 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/01/27 10:40:41 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/01/27 10:40:41 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/01/27 10:40:40 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/01/27 10:28:15 | 000,000,093 | ---- | M] () -- C:\Documents and Settings\Mariah\Desktop\Before posting a log - Free Antivirus Forum.url
[2013/01/27 05:44:12 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/23 20:13:43 | 000,076,392 | ---- | M] () -- C:\Documents and Settings\Mariah\Desktop\Lincoln.png
[2013/01/22 16:37:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/01/20 22:50:49 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Mariah\Desktop\My Computer.lnk
[2013/01/20 22:50:43 | 000,000,340 | ---- | M] () -- C:\Documents and Settings\Mariah\Desktop\My Documents.lnk
[2013/01/20 13:26:05 | 000,259,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/17 20:32:41 | 000,099,825 | ---- | M] () -- C:\Documents and Settings\Mariah\My Documents\01172012.wav
[2013/01/08 22:18:03 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/08 20:40:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/01/08 20:40:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/01/06 00:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

========== Files Created - No Company Name ==========

[2013/02/02 17:22:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/02/02 17:22:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/02/02 17:20:11 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/02/02 17:20:11 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/02/02 17:20:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/02/02 17:20:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/02/02 17:20:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/02/01 20:35:06 | 000,021,509 | ---- | C] () -- C:\Documents and Settings\Mariah\Desktop\IRONMAN.jpg
[2013/01/27 10:45:06 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Mariah\Desktop\HijackThis.lnk
[2013/01/27 10:28:15 | 000,000,093 | ---- | C] () -- C:\Documents and Settings\Mariah\Desktop\Before posting a log - Free Antivirus Forum.url
[2013/01/27 05:44:12 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/23 20:13:42 | 000,076,392 | ---- | C] () -- C:\Documents and Settings\Mariah\Desktop\Lincoln.png
[2013/01/20 22:50:49 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Mariah\Desktop\My Computer.lnk
[2013/01/20 22:50:43 | 000,000,340 | ---- | C] () -- C:\Documents and Settings\Mariah\Desktop\My Documents.lnk
[2013/01/17 20:32:40 | 000,099,825 | ---- | C] () -- C:\Documents and Settings\Mariah\My Documents\01172012.wav
[2013/01/08 22:18:02 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/03/02 14:08:08 | 000,032,389 | ---- | C] () -- C:\WINDOWS\bqformat.ini
[2012/02/14 19:13:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/22 13:08:42 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/01/22 13:08:42 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/01/22 13:08:42 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012/01/22 13:08:42 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/01/22 13:08:42 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/01/22 13:08:42 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/01/22 13:08:42 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/01/22 13:08:42 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/01/22 13:08:42 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/01/22 13:08:42 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2012/01/22 13:08:42 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/01/22 13:08:42 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/01/22 13:08:42 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/01/22 13:08:42 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/01/22 13:08:42 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/01/22 13:08:42 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2012/01/22 13:08:42 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2012/01/22 13:08:42 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/01/22 13:08:42 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/06/26 17:15:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/15 05:45:12 | 000,013,010 | ---- | C] () -- C:\Documents and Settings\Mariah\Application Data\Comma Separated Values (Windows).CAL
[2010/05/15 05:42:42 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Mariah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2010/05/15 13:58:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/22 00:21:02 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
OTL Extras logfile created on: 2/3/2013 1:19:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mariah\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.27% Memory free
3.84 Gb Paging File | 3.21 Gb Available in Paging File | 83.74% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 26.71 Gb Free Space | 35.84% Space Free | Partition Type: NTFS
Drive F: | 59.83 Mb Total Space | 11.30 Mb Free Space | 18.88% Space Free | Partition Type: FAT

Computer Name: PROMETHEUS | User Name: Mariah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.Mariah] -- C:\Documents and Settings\Mariah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Documents and Settings\Mariah\Local Settings\Temp\7zS0369\setup\hpznui01.exe" = C:\Documents and Settings\Mariah\Local Settings\Temp\7zS0369\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
"C:\Documents and Settings\Mariah\Local Settings\Temp\7zS3E5F\setup\hpznui01.exe" = C:\Documents and Settings\Mariah\Local Settings\Temp\7zS3E5F\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\Mariah\Local Settings\Temp\7zS07DA\setup\hpznui01.exe" = C:\Documents and Settings\Mariah\Local Settings\Temp\7zS07DA\setup\hpznui01.exe:*:Enabled:hpznui01.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{32EF6F81-583E-4127-918D-D3768A8957C4}" = Palm
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50EE3E64-FE60-4803-BCDC-A8CD6830D185}" = Documents To Go
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6
"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder
"{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DW WLAN Card Utility" = DW WLAN Card Utility
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Pdf995" = Pdf995
"PE Builder_is1" = PE Builder v3.1.3
"Picasa 3" = Picasa 3
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/20/2013 9:20:45 PM | Computer Name = PROMETHEUS | Source = Application Hang | ID = 1002
Description = Hanging application SETUP.EXE, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2013 9:20:46 PM | Computer Name = PROMETHEUS | Source = Application Hang | ID = 1001
Description = Fault bucket 01973502.

Error - 1/20/2013 9:20:56 PM | Computer Name = PROMETHEUS | Source = Application Hang | ID = 1002
Description = Hanging application SETUP.EXE, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2013 9:20:58 PM | Computer Name = PROMETHEUS | Source = Application Hang | ID = 1001
Description = Fault bucket 01973502.

Error - 1/20/2013 10:17:25 PM | Computer Name = PROMETHEUS | Source = Application Hang | ID = 1002
Description = Hanging application SETUP.EXE, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2013 10:17:44 PM | Computer Name = PROMETHEUS | Source = Application Hang | ID = 1002
Description = Hanging application SETUP.EXE, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2013 10:17:59 PM | Computer Name = PROMETHEUS | Source = Application Hang | ID = 1002
Description = Hanging application SETUP.EXE, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2013 11:11:08 PM | Computer Name = PROMETHEUS | Source = Application Hang | ID = 1002
Description = Hanging application SETUP.EXE, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/25/2013 9:05:15 PM | Computer Name = PROMETHEUS | Source = Chrome | ID = 1
Description =

Error - 1/31/2013 9:56:35 PM | Computer Name = PROMETHEUS | Source = Application Error | ID = 1000
Description = Faulting application wordpad.exe, version 5.1.2600.6010, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 1/27/2013 11:36:29 AM | Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/27/2013 11:36:29 AM | Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/27/2013 11:36:29 AM | Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/28/2013 4:47:28 PM | Computer Name = PROMETHEUS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 0016CFAB2718 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 1/28/2013 7:21:41 PM | Computer Name = PROMETHEUS | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.

Error - 1/29/2013 8:53:38 PM | Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

Error - 2/2/2013 6:23:03 PM | Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7034
Description = The DW WLAN Tray Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/3/2013 2:05:52 PM | Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 2/3/2013 2:05:52 PM | Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/3/2013 2:05:52 PM | Computer Name = PROMETHEUS | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).


< End of report >
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,548
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following code box into the main text field:
    Code:
    :filefind
    *81591274*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 

genubi

Thread Starter
Joined
Oct 12, 2000
Messages
107
SystemLook 30.07.11 by jpshortstuff
Log created at 16:56 on 03/02/2013 by Mariah
Administrator - Elevation successful

========== filefind ==========

Searching for "*81591274*"
No files found.

-= EOF =-
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top