[Trojan] Trojan Infection - lots of connections in the netstat r - Security Cleanup

Author	All Replies
dudedad join:2011-11-23 Denver, CO	[Trojan] Trojan Infection - lots of connections in the netstat r Hi, I've been experiencing an interrupted internet connection regularly for a couple months now. I had a major infection about the same time that included a blank desktop and missing toolbar icons. Malwarebytes' and spybot cleaned a couple trojans and other infections at that time but the interruptions continued. As I looked further into the problem I've found, through the netstat command, what appears to me to be other computers connecting through 192.168.1.7. Today I cleaned another couple trojans and looked until I found this site. Hope you can help... I'm very concerned about what may have transpired in the last months/weeks. Larry Your site would not accept my post due to size requirements so I will have to chop it into segments to get the logs posted. MBAM LOG Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8179 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 11/23/2011 1:54:22 PM mbam-log-2011-11-23 (13-54-22).txt Scan type: Full scan (C:\\|D:\\|E:\\|F:\\|) Objects scanned: 404910 Time elapsed: 58 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) OTL LOG OTL logfile created on: 11/23/2011 1:57:22 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\CrazyFamily\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 5.87 Gb Total Physical Memory \| 3.92 Gb Available Physical Memory \| 66.85% Memory free 11.73 Gb Paging File \| 9.71 Gb Available in Paging File \| 82.75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 917.74 Gb Total Space \| 823.53 Gb Free Space \| 89.73% Space Free \| Partition Type: NTFS Computer Name: OFFICE \| User Name: CrazyFamily \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - File not found -- PRC - [2011/11/23 13:55:12 \| 000,584,192 \| ---- \| M] (OldTimer Tools) -- C:\Users\CrazyFamily\Desktop\OTL.exe PRC - [2011/10/11 08:17:41 \| 005,389,944 \| ---- \| M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe PRC - [2011/07/04 06:29:24 \| 000,025,472 \| ---- \| M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe PRC - [2011/04/28 05:01:20 \| 000,439,616 \| ---- \| M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe PRC - [2011/04/28 04:58:54 \| 000,140,608 \| ---- \| M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe PRC - [2011/03/14 07:28:16 \| 002,071,904 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe PRC - [2011/02/17 15:58:14 \| 000,206,336 \| ---- \| M] (Iomega Corp) -- C:\Program Files (x86)\Iomega Storage Manager\pCloudd.exe PRC - [2010/11/20 05:17:55 \| 000,257,536 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2010/06/22 07:49:23 \| 000,308,136 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe PRC - [2010/05/27 10:40:30 \| 000,087,336 \| ---- \| M] (Nero AG) -- C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe PRC - [2010/04/02 15:19:36 \| 000,091,456 \| ---- \| M] () -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe PRC - [2010/04/02 15:19:32 \| 000,279,360 \| ---- \| M] (Motorola) -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe PRC - [2009/12/09 02:24:16 \| 000,076,320 \| ---- \| M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe PRC - [2009/11/11 15:17:02 \| 000,771,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe PRC - [2009/10/13 12:25:30 \| 000,354,840 \| ---- \| M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009/10/09 04:45:56 \| 000,169,312 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe PRC - [2009/09/30 05:01:32 \| 002,320,920 \| ---- \| M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/09/30 05:01:30 \| 000,268,824 \| ---- \| M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/08/28 02:38:58 \| 001,150,496 \| ---- \| M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe PRC - [2009/08/12 16:04:44 \| 000,062,208 \| ---- \| M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe PRC - [2009/08/12 15:58:52 \| 000,244,480 \| ---- \| M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe PRC - [2009/07/03 19:47:12 \| 000,240,160 \| ---- \| M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe PRC - [2009/05/27 11:05:30 \| 000,123,904 \| ---- \| M] (IOI) -- C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe PRC - [2009/03/05 16:07:20 \| 002,260,480 \| RHS- \| M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011/10/12 02:25:07 \| 012,433,408 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011/10/12 02:25:02 \| 001,587,200 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011/10/12 02:24:47 \| 005,453,312 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2011/10/12 02:24:44 \| 000,971,264 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011/10/12 02:24:43 \| 007,963,648 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011/10/12 02:24:37 \| 011,490,304 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011/06/24 21:56:36 \| 000,087,328 \| ---- \| M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 21:56:14 \| 001,241,888 \| ---- \| M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009/05/27 11:05:28 \| 000,032,768 \| ---- \| M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll MOD - [2009/05/27 11:05:26 \| 000,025,088 \| ---- \| M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll MOD - [2009/02/02 18:33:56 \| 000,460,199 \| ---- \| M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:64bit: - [2009/07/13 18:41:27 \| 001,011,712 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/03 19:47:12 \| 000,240,160 \| ---- \| M] (Acer) [Auto \| Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service) SRV:64bit: - [2008/05/07 16:29:38 \| 000,122,880 \| ---- \| M] (CrypKey (Canada) Ltd.) [Auto \| Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License) SRV - [2011/08/31 16:00:48 \| 000,366,152 \| ---- \| M] (Malwarebytes Corporation) [Disabled \| Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/04/28 04:58:54 \| 000,140,608 \| ---- \| M] (Panda Security, S.L.) [Auto \| Running] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain) SRV - [2011/02/17 15:58:14 \| 000,206,336 \| ---- \| M] (Iomega Corp) [Auto \| Running] -- C:\Program Files (x86)\Iomega Storage Manager\pCloudd.exe -- (PCloudd) SRV - [2010/11/25 08:49:46 \| 000,517,448 \| ---- \| M] () [On_Demand \| Stopped] -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2010/06/22 07:49:23 \| 000,308,136 \| ---- \| M] (AVG Technologies CZ, s.r.o.) [Auto \| Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2010/05/27 10:40:30 \| 000,087,336 \| ---- \| M] (Nero AG) [Auto \| Running] -- C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe -- (DeviceMonitorService) SRV - [2010/04/02 15:19:36 \| 000,091,456 \| ---- \| M] () [Auto \| Running] -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service) SRV - [2010/03/18 12:16:28 \| 000,130,384 \| ---- \| M] (Microsoft Corporation) [Auto \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/17 20:55:06 \| 000,867,080 \| ---- \| M] (Acresso Software Inc.) [On_Demand \| Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/12/09 02:24:16 \| 000,076,320 \| ---- \| M] () [Auto \| Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection) SRV - [2009/10/13 12:25:30 \| 000,354,840 \| ---- \| M] (Intel Corporation) [Auto \| Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2009/10/09 04:45:56 \| 000,169,312 \| ---- \| M] (Adobe Systems Incorporated) [Auto \| Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2009/09/30 05:01:32 \| 002,320,920 \| ---- \| M] (Intel Corporation) [Auto \| Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009/09/30 05:01:30 \| 000,268,824 \| ---- \| M] (Intel Corporation) [Auto \| Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009/08/28 02:38:58 \| 001,150,496 \| ---- \| M] (Acer Incorporated) [Auto \| Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009/08/25 11:38:06 \| 000,935,208 \| ---- \| M] (Nero AG) [On_Demand \| Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009/08/12 16:04:44 \| 000,062,208 \| ---- \| M] (NewTech Infosystems, Inc.) [Auto \| Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009/06/10 14:23:09 \| 000,066,384 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/05/22 11:02:20 \| 000,250,616 \| ---- \| M] (WildTangent, Inc.) [On_Demand \| Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:64bit: - [2011/08/31 16:00:50 \| 000,025,416 \| ---- \| M] (Malwarebytes Corporation) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011/08/19 08:01:33 \| 000,138,872 \| ---- \| M] (SlySoft, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2011/08/01 04:23:26 \| 000,160,520 \| ---- \| M] (Panda Security, S.L.) [Kernel \| Auto \| Running] -- C:\Windows\SysNative\drivers\PSINAflt.sys -- (PSINAflt) DRV:64bit: - [2011/05/10 07:06:08 \| 000,051,712 \| ---- \| M] (Apple, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/04/28 04:57:43 \| 000,128,072 \| ---- \| M] (Panda Security, S.L.) [Kernel \| Auto \| Running] -- C:\Windows\SysNative\drivers\PSINProt.sys -- (PSINProt) DRV:64bit: - [2011/04/28 04:57:43 \| 000,121,928 \| ---- \| M] (Panda Security, S.L.) [File_System \| Auto \| Running] -- C:\Windows\SysNative\drivers\PSINProc.sys -- (PSINProc) DRV:64bit: - [2011/04/28 04:57:42 \| 000,149,576 \| ---- \| M] (Panda Security, S.L.) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\PSINKNC.sys -- (PSINKNC) DRV:64bit: - [2011/04/28 04:57:42 \| 000,114,760 \| ---- \| M] (Panda Security, S.L.) [File_System \| Auto \| Running] -- C:\Windows\SysNative\drivers\PSINFile.sys -- (PSINFile) DRV:64bit: - [2011/04/01 09:22:58 \| 000,037,480 \| ---- \| M] (RapidSolution Software AG) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCapMP) DRV:64bit: - [2011/04/01 09:22:58 \| 000,037,480 \| ---- \| M] (RapidSolution Software AG) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCap) DRV:64bit: - [2011/03/10 23:41:12 \| 000,107,904 \| ---- \| M] (Advanced Micro Devices) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 23:41:12 \| 000,027,008 \| ---- \| M] (Advanced Micro Devices) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/20 13:17:10 \| 000,020,024 \| ---- \| M] (Iomega Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\vNICdrv.sys -- (vNICdrv) DRV:64bit: - [2010/12/16 15:58:14 \| 000,040,816 \| ---- \| M] (Elaborate Bytes AG) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010/11/20 06:33:35 \| 000,078,720 \| ---- \| M] (Hewlett-Packard Company) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 04:07:05 \| 000,059,392 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/08/25 19:36:04 \| 010,611,552 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/06/22 07:49:26 \| 000,317,520 \| ---- \| M] (AVG Technologies CZ, s.r.o.) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA) DRV:64bit: - [2010/06/22 07:49:22 \| 000,269,904 \| ---- \| M] (AVG Technologies CZ, s.r.o.) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64) DRV:64bit: - [2010/06/01 15:23:18 \| 000,035,536 \| ---- \| M] (AVG Technologies CZ, s.r.o.) [File_System \| System \| Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64) DRV:64bit: - [2010/03/03 23:04:10 \| 000,056,008 \| ---- \| M] (AVG Technologies CZ, s.r.o.) [File_System \| Boot \| Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (AvgRkx64) DRV:64bit: - [2009/10/29 15:56:34 \| 000,244,736 \| ---- \| M] (Intel(R) Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2009/10/13 12:16:40 \| 000,409,624 \| ---- \| M] (Intel Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/09/23 02:11:04 \| 000,283,824 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R) DRV:64bit: - [2009/09/16 21:54:54 \| 000,056,344 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009/07/13 18:52:20 \| 000,194,128 \| ---- \| M] (AMD Technologies Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 \| 000,065,600 \| ---- \| M] (LSI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:45:55 \| 000,024,656 \| ---- \| M] (Promise Technology) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 17:10:47 \| 000,011,264 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009/06/10 13:34:33 \| 003,286,016 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 \| 000,468,480 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 \| 000,270,848 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 \| 000,031,232 \| ---- \| M] (Hauppauge Computer Works, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 12:17:08 \| 000,034,152 \| ---- \| M] (GEAR Software Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/05/05 17:46:08 \| 000,018,432 \| ---- \| M] (NewTech Infosystems, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009/05/05 17:46:08 \| 000,016,896 \| ---- \| M] (NewTech Infosystems Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2008/11/25 23:56:26 \| 000,558,080 \| ---- \| M] (Atheros Communications, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\dwarusb_lhx.sys -- (arusb_lhx) DRV:64bit: - [2008/10/01 15:44:06 \| 000,026,624 \| ---- \| M] (Atheros Communications, Inc.) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF) DRV:64bit: - [2008/06/16 02:00:00 \| 000,055,024 \| ---- \| M] (Sonic Solutions) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2008/05/06 10:27:06 \| 000,015,872 \| ---- \| M] (Alpha Networks Inc.) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf) DRV:64bit: - [2008/03/17 10:12:26 \| 000,028,664 \| ---- \| M] () [Kernel \| System \| Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX) DRV:64bit: - [2007/10/28 11:22:00 \| 000,340,480 \| ---- \| M] (Marvell Semiconductor, Inc) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\MRVW24C.sys -- (MRV6X64U) Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x) DRV:64bit: - [2007/01/18 14:10:22 \| 000,030,336 \| ---- \| M] (Research in Motion Ltd) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:64bit: - [2006/11/28 20:46:20 \| 000,043,328 \| ---- \| M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\PCAMp50a64.sys -- (PCAMp50a64) DRV:64bit: - [2006/11/28 20:46:20 \| 000,041,280 \| ---- \| M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\PCASp50a64.sys -- (PCASp50a64) DRV - [2011/08/19 08:01:33 \| 000,138,872 \| ---- \| M] (SlySoft, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2009/07/13 18:19:10 \| 000,019,008 \| ---- \| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008/10/01 15:44:06 \| 000,026,624 \| ---- \| M] (Atheros Communications, Inc.) [Kernel \| System \| Running] -- C:\Windows\SysWOW64\drivers\jswpslwfx.sys -- (JSWPSLWF) DRV - [2007/09/11 02:23:46 \| 000,018,944 \| ---- \| M] (Windows (R) Codename Longhorn DDK provider) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysWOW64\drivers\mrv64drv.sys -- (Mrvleap) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »homepage.gateway.com/rdr.aspx?b=···4911r245 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »homepage.gateway.com/rdr.aspx?b=···4911r245 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »homepage.gateway.com/rdr.aspx?b=···4911r245 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = »ie.redirect.hp.com/svs/rdr?TYPE=···f=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.the-crazy-family.com/ IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local FF:64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\widgetruntime@surfsecret.com: C:\Program Files (x86)\Panda Security\Panda ID Protect\Firefox [2011/05/29 03:58:07 \| 000,000,000 \| ---D \| M] [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2011/11/23 11:09:26 \| 000,438,903 \| R--- \| M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15094 more lines... O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll () O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI) O4 - HKLM..\Run: [PSUNMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKCU..\Run: [EZSniper Homelink] C:\Program Files (x86)\EZSniper\EZSniper Homelink\EZSniperHomelink.exe () O4 - HKCU..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} »dlm.tools.akamai.com/dlmanager/v···.5.0.cab (DLM Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} »trial.trymicrosoftoffice.com/tri···rc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C6CBEB8-1AC8-4729-9912-C29D76DF234A}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll () O18 - Protocol\Handler\gopher - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk ) O35:64bit:* - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/11/23 13:55:11 \| 000,584,192 \| ---- \| C] (OldTimer Tools) -- C:\Users\CrazyFamily\Desktop\OTL.exe [2011/11/23 12:24:03 \| 000,446,464 \| ---- \| C] (OldTimer Tools) -- C:\Users\CrazyFamily\Desktop\TFC.exe [2011/11/23 12:06:01 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis [2011/11/23 12:06:00 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Trend Micro [2011/11/23 12:05:13 \| 000,812,344 \| ---- \| C] (Trend Micro Inc.) -- C:\Users\CrazyFamily\Desktop\HJTInstall.exe [2011/11/16 21:53:56 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\Java [2011/11/16 21:53:44 \| 000,157,472 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011/11/16 21:53:44 \| 000,145,184 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011/11/16 21:53:44 \| 000,145,184 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011/11/16 19:50:05 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011/11/16 19:43:42 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011/11/16 19:43:16 \| 000,000,000 \| ---D \| C] -- C:\Program Files\iPod [2011/11/16 19:43:13 \| 000,000,000 \| ---D \| C] -- C:\Program Files\iTunes [2011/10/24 14:29:02 \| 000,094,208 \| ---- \| C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx [2011/10/24 14:29:02 \| 000,069,632 \| ---- \| C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts [1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\.tmp files -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/11/23 13:55:12 \| 000,584,192 \| ---- \| M] (OldTimer Tools) -- C:\Users\CrazyFamily\Desktop\OTL.exe [2011/11/23 13:47:05 \| 000,000,908 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/11/23 13:06:46 \| 000,007,932 \| ---- \| M] () -- C:\Users\CrazyFamily\AppData\Roaming\wklnhst.dat [2011/11/23 13:00:59 \| 000,009,920 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/11/23 13:00:59 \| 000,009,920 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/11/23 13:00:10 \| 000,730,320 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/11/23 13:00:10 \| 000,626,976 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2011/11/23 13:00:10 \| 000,107,292 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2011/11/23 12:53:22 \| 000,000,904 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/11/23 12:53:20 \| 000,000,356 \| ---- \| M] () -- C:\Windows\tasks\RegistryBooster.job [2011/11/23 12:53:11 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2011/11/23 12:53:04 \| 429,203,455 \| -HS- \| M] () -- C:\hiberfil.sys [2011/11/23 12:24:03 \| 000,446,464 \| ---- \| M] (OldTimer Tools) -- C:\Users\CrazyFamily\Desktop\TFC.exe [2011/11/23 12:16:09 \| 000,038,912 \| ---- \| M] () -- C:\Users\CrazyFamily\Desktop\Hijack this log.wps [2011/11/23 12:06:01 \| 000,002,100 \| ---- \| M] () -- C:\Users\CrazyFamily\Desktop\HijackThis.lnk [2011/11/23 12:05:15 \| 000,812,344 \| ---- \| M] (Trend Micro Inc.) -- C:\Users\CrazyFamily\Desktop\HJTInstall.exe [2011/11/23 11:09:26 \| 000,438,903 \| R--- \| M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011/11/23 10:03:36 \| 000,000,120 \| ---- \| M] () -- C:\Windows\wininit.ini [2011/11/23 07:36:29 \| 000,438,903 \| R--- \| M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111123-110926.backup [2011/11/23 07:16:14 \| 000,414,368 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011/11/17 06:16:41 \| 000,438,851 \| R--- \| M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111123-073629.backup [2011/11/16 23:48:03 \| 000,002,347 \| ---- \| M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011/11/16 19:50:05 \| 000,001,852 \| ---- \| M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011/11/16 19:43:42 \| 000,001,790 \| ---- \| M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011/11/12 11:52:23 \| 000,078,616 \| ---- \| M] () -- C:\Users\CrazyFamily\Desktop\Gnome enlargement.psd [2011/11/12 11:45:57 \| 000,073,850 \| ---- \| M] () -- C:\Users\CrazyFamily\Desktop\Gnome original.psd [2011/11/12 09:33:00 \| 000,013,824 \| ---- \| M] () -- C:\Users\CrazyFamily\Documents\Breaker Box Directory.wps [2011/11/09 22:25:12 \| 000,438,592 \| R--- \| M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111117-061641.backup [2011/11/09 03:18:44 \| 000,482,152 \| ---- \| M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/11/02 10:06:37 \| 000,000,356 \| ---- \| M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job [2011/11/02 07:02:03 \| 000,000,338 \| ---- \| M] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job [2011/10/29 10:34:52 \| 000,010,240 \| ---- \| M] () -- C:\Users\CrazyFamily\Desktop\Bottle labels.wps [2011/10/29 10:08:58 \| 000,009,728 \| ---- \| M] () -- C:\Users\CrazyFamily\Desktop\Parking Signs.wps [2011/10/24 14:29:02 \| 000,094,208 \| ---- \| M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx [2011/10/24 14:29:02 \| 000,069,632 \| ---- \| M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/11/23 12:16:09 \| 000,038,912 \| ---- \| C] () -- C:\Users\CrazyFamily\Desktop\Hijack this log.wps [2011/11/23 12:06:01 \| 000,002,100 \| ---- \| C] () -- C:\Users\CrazyFamily\Desktop\HijackThis.lnk [2011/11/23 10:03:36 \| 000,000,120 \| ---- \| C] () -- C:\Windows\wininit.ini [2011/11/16 19:50:05 \| 000,001,852 \| ---- \| C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011/11/16 19:43:42 \| 000,001,790 \| ---- \| C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011/11/12 11:52:23 \| 000,078,616 \| ---- \| C] () -- C:\Users\CrazyFamily\Desktop\Gnome enlargement.psd [2011/11/12 11:45:57 \| 000,073,850 \| ---- \| C] () -- C:\Users\CrazyFamily\Desktop\Gnome original.psd [2011/11/12 09:16:21 \| 000,013,824 \| ---- \| C] () -- C:\Users\CrazyFamily\Documents\Breaker Box Directory.wps [2011/10/28 21:25:07 \| 000,009,728 \| ---- \| C] () -- C:\Users\CrazyFamily\Desktop\Parking Signs.wps [2011/10/27 19:27:58 \| 000,010,240 \| ---- \| C] () -- C:\Users\CrazyFamily\Desktop\Bottle labels.wps [2011/05/29 04:37:08 \| 000,855,641 \| ---- \| C] () -- C:\Users\CrazyFamily\AppData\Roaming\PandaIDProtectHelp.chm [2010/12/12 09:41:31 \| 000,000,000 \| ---- \| C] () -- C:\Users\CrazyFamily\AppData\Local\rx_image.Cache [2010/12/12 09:41:14 \| 000,002,108 \| ---- \| C] () -- C:\Users\CrazyFamily\AppData\Local\rx_audio.Cache [2010/11/29 20:44:17 \| 000,743,066 \| ---- \| C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/10/06 10:20:53 \| 000,000,111 \| ---- \| C] () -- C:\Windows\DVR.INI [2010/08/25 19:34:30 \| 000,870,560 \| ---- \| C] () -- C:\Windows\SysWow64\igkrng575.bin [2010/08/25 19:34:30 \| 000,127,868 \| ---- \| C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2010/08/25 19:34:30 \| 000,104,796 \| ---- \| C] () -- C:\Windows\SysWow64\igfcg575m.bin [2010/05/14 14:38:07 \| 000,000,014 \| ---- \| C] () -- C:\Windows\SysWow64\systeminfo.dll [2010/04/28 18:41:23 \| 000,000,004 \| ---- \| C] () -- C:\Windows\vx86036.dat [2010/04/28 18:40:45 \| 000,000,139 \| ---- \| C] () -- C:\Windows\Crypkey.ini [2010/04/28 18:40:43 \| 000,027,648 \| R--- \| C] () -- C:\Windows\Setup_ck.exe [2010/04/28 18:40:43 \| 000,018,432 \| ---- \| C] () -- C:\Windows\Setup_ck.dll [2010/04/28 18:40:43 \| 000,011,776 \| ---- \| C] () -- C:\Windows\Ckrfresh.exe [2010/03/03 17:01:31 \| 000,007,932 \| ---- \| C] () -- C:\Users\CrazyFamily\AppData\Roaming\wklnhst.dat [2010/03/02 11:16:31 \| 000,000,253 \| ---- \| C] () -- C:\Users\CrazyFamily\AppData\Roaming\ANICONFIG_{24ED701A-6332-4785-9DA4-3E5CE51C1CA6}.ini [2010/03/02 11:16:27 \| 000,000,121 \| ---- \| C] () -- C:\Users\CrazyFamily\AppData\Roaming\ANIOIDCONFIG_{24ED701A-6332-4785-9DA4-3E5CE51C1CA6}.ini [2009/11/24 10:14:29 \| 000,208,896 \| ---- \| C] () -- C:\Windows\SysWow64\iglhsip32.dll [2009/11/24 10:14:29 \| 000,143,360 \| ---- \| C] () -- C:\Windows\SysWow64\iglhcp32.dll [2009/07/13 22:38:36 \| 000,067,584 \| --S- \| C] () -- C:\Windows\bootstat.dat [2009/07/13 19:35:51 \| 000,000,741 \| ---- \| C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/13 19:34:42 \| 000,215,943 \| ---- \| C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/13 17:10:29 \| 000,043,131 \| ---- \| C] () -- C:\Windows\mib.bin [2009/07/13 16:42:10 \| 000,064,000 \| ---- \| C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 14:03:59 \| 000,364,544 \| ---- \| C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 14:26:10 \| 000,673,088 \| ---- \| C] () -- C:\Windows\SysWow64\mlang.dat [2007/04/27 08:43:58 \| 000,120,200 \| ---- \| C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [color=#E56717]========== LOP Check ==========[/color] [2011/10/21 11:20:20 \| 000,000,000 \| ---D \| M] -- C:\Users\CrazyFamily\AppData\Roaming\AVG9 [2010/11/22 22:53:43 \| 000,000,000 \| ---D \| M] -- C:\Users\CrazyFamily\AppData\Roaming\BitDefender [2010/03/02 13:21:34 \| 000,000,000 \| ---D \| M] -- C:\Users\CrazyFamily\AppData\Roaming\GetRightToGo [2011/02/06 10:03:14 \| 000,000,000 \| ---D \| M] -- C:\Users\CrazyFamily\AppData\Roaming\iConcertCal [2011/10/28 09:11:22 \| 000,000,000 \| ---D \| M] -- C:\Users\CrazyFamily\AppData\Roaming\KidZui [2011/09/13 12:42:36 \| 000,000,000 \| ---D \| M] -- C:\Users\CrazyFamily\AppData\Roaming\MAGIX [2010/06/18 06:35:39 \| 000,000,000 \| ---D \| M] -- C:\Users\CrazyFamily\AppData\Roaming\motorola [2010/11/22 23:05:42 \| 000,000,000 \| ---D \| M] -- C:\Users\CrazyFamily\AppData\Roaming\Panda Security [2010/03/03 23:41:40 \| 000,000,000 \| ---D \| M] -- C:\Users\CrazyFamily\AppData\Roaming\SlySoft [2011/05/29 03:58:00 \| 000,000,000 \| ---D \| M] -- C:\Users\CrazyFamily\AppData\Roaming\SurfSecret Privacy Suite [2010/03/03 17:01:32 \| 000,000,000 \| ---D \| M] -- C:\Users\CrazyFamily\AppData\Roaming\Template [2011/02/20 08:04:52 \| 000,000,000 \| ---D \| M] -- C:\Users\CrazyFamily\AppData\Roaming\Uniblue [2010/10/28 19:51:28 \| 000,000,000 \| ---D \| M] -- C:\Users\CrazyFamily\AppData\Roaming\Windows Live Writer [2011/11/23 12:53:20 \| 000,000,356 \| ---- \| M] () -- C:\Windows\Tasks\RegistryBooster.job [2011/10/12 02:24:00 \| 000,032,582 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] Continued in reply post
	to forum · permalink · 2011-11-23 18:41:19 ·
lilhurricane Crunchin' For Cures Premium,Mod join:2003-01-11 Purple Zone kudos:51	Re: [Trojan] Trojan Infection - lots of connections in the netst Thanks, dudedad..we'd be happy to take a peek for you. Please know, posts may be slightly delayed after submitting ..but it will display shortly.
	to forum · permalink · 2011-11-23 18:43:51 ·
dudedad join:2011-11-23 Denver, CO	reply to dudedad Logs Continued: EXTRAS.TXT OTL Extras logfile created on: 11/23/2011 1:57:22 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\CrazyFamily\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 5.87 Gb Total Physical Memory \| 3.92 Gb Available Physical Memory \| 66.85% Memory free 11.73 Gb Paging File \| 9.71 Gb Available in Paging File \| 82.75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 917.74 Gb Total Space \| 823.53 Gb Free Space \| 89.73% Space Free \| Partition Type: NTFS Computer Name: OFFICE \| User Name: CrazyFamily \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst "{37DEBC1E-0A1F-448A-8DDD-A2FF4B1578EB}" = Motorola Driver Installation 4.6.0 "{50431EE1-C1CC-4AE7-BDE3-B60536E7BA92}" = Panda Cloud Antivirus "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{EC8A40B2-096A-4EA4-B11A-167F87F293A7}" = iCloud "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64) "{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{40184457-4514-4B18-84A8-6BB8A3AB6A81}" = AirPort "{4044436C-3A01-4ECA-8FC9-AC8F3F838EDC}" = Audials TV "{42becc57-b524-418f-91a8-ed079b8d3fd3}" = Nero 9 Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}" = Roxio Media Manager "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6F9FB6DA-AAF4-4CCE-8D36-20217A02B2DC}" = MAGIX Speed 2 (MSI) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72CF2918-A98E-478B-9CC4-E07BF6C05AD3}" = Audials "{75AF966A-CBB9-4801-963B-9A4378941799}" = D-Link Xtreme N Dual Band DWA-160 "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{77BA1DE2-8236-44BD-A04D-F9560E2ECBAA}" = EZSniper Homelink "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{85C4B245-A137-4EB1-84A6-ABB21EDB1FAD}" = MAGIX Audio Cleaning Lab 17 deluxe "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}" = Iomega Product Registration "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007 "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.6 MUI "{ADCA2156-B646-428E-92F2-D63D4A67B90F}" = iConcertCal "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D0DDF9EE-C67F-368B-EB42-ECB44FD7556D}" = Adobe Photoshop.com Inspiration Browser "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D9DC70B6-BE13-41DD-9053-9E617E72D085}" = MOTOROLA MEDIA LINK "{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements "Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0 "Adobe SVG Viewer" = Adobe SVG Viewer "AnyDVD" = AnyDVD "AVG9Uninstall" = AVG 9.0 "CloneDVD2" = CloneDVD2 "CloneDVDmobile" = CloneDVDmobile "Gateway InfoCentre" = Gateway InfoCentre "Gateway Photo Frame" = Gateway Photo Frame 4.2.3.7 "Gateway Registration" = Gateway Registration "Gateway Screensaver" = Gateway ScreenSaver "Gateway Welcome Center" = Welcome Center "Google Chrome" = Google Chrome "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Identity Card" = Identity Card "InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Gateway MyBackup "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "Iomega Storage Manager" = Iomega Storage Manager "Kidzui" = Kidzui "MAGIX_MSI_mclab_17dlx" = MAGIX Audio Cleaning Lab 17 deluxe "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300 "Panda Cloud Antivirus" = Panda Cloud Antivirus "Panda Identity Protect" = Panda Identity Protect 3.0.44 "pandasecuritytb" = Panda Security Toolbar "PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser "PROR" = Microsoft Office Professional 2007 Trial "StarDot DVR 16(v1.0.71)" = StarDot DVR 16 "StarDot_DVR_Services_1.0.28" = StarDot DVR "StarDot_Tools_1.5" = StarDot Tools 1.5.3 "Uniblue RegistryBooster" = Uniblue RegistryBooster "WildTangent gateway Master Uninstall" = Gateway Games "WinLiveSuite" = Windows Live Essentials [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 10/21/2011 1:33:34 PM \| Computer Name = Office \| Source = SideBySide \| ID = 16842785 Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 10/21/2011 2:10:11 PM \| Computer Name = Office \| Source = System Restore \| ID = 8210 Description = Error - 10/21/2011 6:14:58 PM \| Computer Name = Office \| Source = System Restore \| ID = 8210 Description = Error - 10/22/2011 2:30:14 AM \| Computer Name = Office \| Source = SideBySide \| ID = 16842785 Description = Activation context generation failed for "C:\Program Files (x86)\Motorola Media Link\NMDllHost.exe.Manifest". Dependent Assembly NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 10/22/2011 2:32:16 AM \| Computer Name = Office \| Source = SideBySide \| ID = 16842815 Description = Activation context generation failed for "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 10/22/2011 2:36:53 AM \| Computer Name = Office \| Source = SideBySide \| ID = 16842815 Description = Activation context generation failed for "c:\program files (x86)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "" of attribute "language" in element "assemblyIdentity" is invalid. Error - 10/22/2011 2:37:32 AM \| Computer Name = Office \| Source = SideBySide \| ID = 16842785 Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 10/22/2011 2:37:32 AM \| Computer Name = Office \| Source = SideBySide \| ID = 16842785 Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 10/22/2011 2:37:32 AM \| Computer Name = Office \| Source = SideBySide \| ID = 16842785 Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 10/22/2011 2:37:32 AM \| Computer Name = Office \| Source = SideBySide \| ID = 16842785 Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. [ System Events ] Error - 4/19/2011 9:55:51 PM \| Computer Name = Office \| Source = DCOM \| ID = 10010 Description = Error - 4/19/2011 10:00:58 PM \| Computer Name = Office \| Source = Service Control Manager \| ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: cdrom Error - 4/19/2011 11:35:47 PM \| Computer Name = Office \| Source = Service Control Manager \| ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: ElbyCDIO Error - 4/19/2011 11:38:07 PM \| Computer Name = Office \| Source = Service Control Manager \| ID = 7023 Description = The Intel(R) Management & Security Application User Notification Service service terminated with the following error: %%-2147467243 Error - 4/19/2011 11:50:16 PM \| Computer Name = Office \| Source = cdrom \| ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 4/20/2011 12:52:47 AM \| Computer Name = Office \| Source = cdrom \| ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 4/20/2011 2:21:24 AM \| Computer Name = Office \| Source = cdrom \| ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 4/28/2011 1:21:19 PM \| Computer Name = Office \| Source = Service Control Manager \| ID = 7031 Description = The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 5/4/2011 3:06:49 AM \| Computer Name = Office \| Source = cdrom \| ID = 262155 Description = The driver detected a controller error on \Device\CdRom0. Error - 5/12/2011 5:01:25 AM \| Computer Name = Office \| Source = Microsoft-Windows-WindowsUpdateClient \| ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Redistributable Package (KB973924). CHECKUP.TXT Results of screen317's Security Check version 0.99.28 Windows 7 x64 (UAC is enabled) Internet Explorer 8 [color=red]Out of date![/color] `````````````````````````````` [u]Antivirus/Firewall Check:[/u] Windows Firewall Enabled! AVG 9.0 Panda Cloud Antivirus [size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size] ``````````````````````````````` [u]Anti-malware/Other Utilities Check:[/u] MVPS Hosts File Malwarebytes' Anti-Malware HijackThis 2.0.2 Java(TM) 6 Update 29 Adobe Reader 9 [color=red](Adobe Reader out of date![/color] ```````````````````````````````` Process Check: [u]objlist.exe by Laurent[/u] AVG avgwdsvc.exe AVG avgtray.exe Panda Security Panda Cloud Antivirus PSANHost.exe Panda Security Panda Cloud Antivirus PSUNMain.exe ``````````End of Log````````````* Lastly, the ESET online scan found 7 instances of win32/registrybooster that it removed but I couldn't locate the log to copy it here. I found the folder with the rest of the program data/files but no log.txt. I will run it again
	to forum · permalink · 2011-11-23 18:47:39 ·

lilhurricane Crunchin' For Cures Premium,Mod join:2003-01-11 Purple Zone kudos:51	No need to run again In your case for (64bit Windows): check C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
	to forum · permalink · 2011-11-23 18:48:24 ·
dudedad join:2011-11-23 Denver, CO	Yes, I found the correct folder but not the file.
	to forum · permalink · 2011-11-23 18:55:38 ·
lilhurricane Crunchin' For Cures Premium,Mod join:2003-01-11 Purple Zone kudos:51 Reviews: ·Comcast Host: TV over IP Software RCN Inside Insight Team Discovery	Don't worry then..can you try the BitDefender scan instead, as outlined in our forum FAQ? bitDefender Online Scan: Go here: »quickscan.bitdefender.com/ to run an online scannner from bitDefender. • Start the BitDefender online scan by pressing the 'Start Scan' button. • You will need to allow an ActiveX control or plugin to install for the scan to run. • Leave the scanning options at default and press "click here to scan" • When finished scanning, click on "click here to export the scan report" • Save it to your desktop, at "file name" type in "bdscan" then click save. Post the log in your next reply.
	to forum · permalink · 2011-11-23 18:59:20 ·
dudedad join:2011-11-23 Denver, CO	okay. It may take some time. The ESET scan was almost 2 hrs.
	to forum · permalink · 2011-11-23 19:13:59 ·
dudedad join:2011-11-23 Denver, CO	Cant get the bit defender scan to start. I click the start scan and nothing happens - no activex install - nothing. Antivirus is off, spybot is off.
	to forum · permalink · 2011-11-23 19:24:18 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	reply to dudedad Nothing screaming at me from the logs, but I'll go over them again more closely. If you use a wreless router, make sure it's properly secured with either WPA or WPA2 encryption and a strong password. Now for some checking... First: Download and run TDSS Killer, posting the log in this thread. Please post the log, even if nothing is detected. You'll find the link(s) and instruction(s) here: »Security Cleanup FAQ »Rootkit Detection Applications Second: Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found. You find link(s) and instructions here: »Security Cleanup FAQ »Rootkit Detection Applications -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2011-11-23 19:32:10 ·
dudedad join:2011-11-23 Denver, CO	17:40:07.0388 5752 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55 17:40:07.0864 5752 ============================================================ 17:40:07.0864 5752 Current date / time: 2011/11/23 17:40:07.0864 17:40:07.0864 5752 SystemInfo: 17:40:07.0864 5752 17:40:07.0864 5752 OS Version: 6.1.7601 ServicePack: 1.0 17:40:07.0865 5752 Product type: Workstation 17:40:07.0865 5752 ComputerName: OFFICE 17:40:07.0865 5752 UserName: CrazyFamily 17:40:07.0865 5752 Windows directory: C:\Windows 17:40:07.0865 5752 System windows directory: C:\Windows 17:40:07.0865 5752 Running under WOW64 17:40:07.0865 5752 Processor architecture: Intel x64 17:40:07.0865 5752 Number of processors: 4 17:40:07.0865 5752 Page size: 0x1000 17:40:07.0865 5752 Boot type: Normal boot 17:40:07.0865 5752 ============================================================ 17:40:08.0316 5752 Initialize success 17:40:11.0751 2768 ============================================================ 17:40:11.0751 2768 Scan started 17:40:11.0751 2768 Mode: Manual; 17:40:11.0751 2768 ============================================================ 17:40:12.0215 2768 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 17:40:12.0232 2768 1394ohci - ok 17:40:12.0266 2768 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 17:40:12.0272 2768 ACPI - ok 17:40:12.0309 2768 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 17:40:12.0344 2768 AcpiPmi - ok 17:40:12.0398 2768 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 17:40:12.0406 2768 adp94xx - ok 17:40:12.0419 2768 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 17:40:12.0425 2768 adpahci - ok 17:40:12.0444 2768 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 17:40:12.0448 2768 adpu320 - ok 17:40:12.0497 2768 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 17:40:12.0507 2768 AFD - ok 17:40:12.0543 2768 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 17:40:12.0546 2768 agp440 - ok 17:40:12.0570 2768 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 17:40:12.0573 2768 aliide - ok 17:40:12.0604 2768 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 17:40:12.0607 2768 amdide - ok 17:40:12.0622 2768 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 17:40:12.0639 2768 AmdK8 - ok 17:40:12.0659 2768 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 17:40:12.0662 2768 AmdPPM - ok 17:40:12.0699 2768 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 17:40:12.0703 2768 amdsata - ok 17:40:12.0725 2768 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 17:40:12.0729 2768 amdsbs - ok 17:40:12.0748 2768 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 17:40:12.0751 2768 amdxata - ok 17:40:12.0780 2768 anodlwf (126188e4f5f457b0e8336f1781229ee1) C:\Windows\system32\DRIVERS\anodlwfx.sys 17:40:12.0783 2768 anodlwf - ok 17:40:12.0820 2768 AnyDVD (2c4a05fcef72ef614dcd11d0872498c9) C:\Windows\system32\Drivers\AnyDVD.sys 17:40:12.0824 2768 AnyDVD - ok 17:40:12.0854 2768 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 17:40:12.0858 2768 AppID - ok 17:40:12.0894 2768 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 17:40:12.0897 2768 arc - ok 17:40:12.0905 2768 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 17:40:12.0909 2768 arcsas - ok 17:40:12.0928 2768 arusb_lhx (daba01dfb79d6d45259ed6d018138de6) C:\Windows\system32\DRIVERS\dwarusb_lhx.sys 17:40:12.0938 2768 arusb_lhx - ok 17:40:12.0960 2768 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 17:40:12.0962 2768 AsyncMac - ok 17:40:12.0997 2768 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 17:40:13.0000 2768 atapi - ok 17:40:13.0061 2768 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\system32\Drivers\avgldx64.sys 17:40:13.0067 2768 AvgLdx64 - ok 17:40:13.0101 2768 AvgMfx64 (405baabbb48f9176e220020b1a77c47b) C:\Windows\system32\Drivers\avgmfx64.sys 17:40:13.0103 2768 AvgMfx64 - ok 17:40:13.0141 2768 AvgRkx64 (5e7f0f9cbe0f7823371a4d51df29f7ff) C:\Windows\system32\Drivers\avgrkx64.sys 17:40:13.0144 2768 AvgRkx64 - ok 17:40:13.0166 2768 AvgTdiA (ce90aec358a809e7bce6bb0f1da84622) C:\Windows\system32\Drivers\avgtdia.sys 17:40:13.0171 2768 AvgTdiA - ok 17:40:13.0197 2768 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 17:40:13.0205 2768 b06bdrv - ok 17:40:13.0219 2768 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 17:40:13.0226 2768 b57nd60a - ok 17:40:13.0245 2768 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 17:40:13.0256 2768 Beep - ok 17:40:13.0286 2768 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 17:40:13.0288 2768 blbdrive - ok 17:40:13.0323 2768 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 17:40:13.0326 2768 bowser - ok 17:40:13.0337 2768 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 17:40:13.0339 2768 BrFiltLo - ok 17:40:13.0345 2768 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 17:40:13.0347 2768 BrFiltUp - ok 17:40:13.0374 2768 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 17:40:13.0398 2768 Brserid - ok 17:40:13.0405 2768 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 17:40:13.0407 2768 BrSerWdm - ok 17:40:13.0425 2768 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 17:40:13.0427 2768 BrUsbMdm - ok 17:40:13.0438 2768 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 17:40:13.0440 2768 BrUsbSer - ok 17:40:13.0460 2768 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 17:40:13.0463 2768 BTHMODEM - ok 17:40:13.0484 2768 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 17:40:13.0487 2768 cdfs - ok 17:40:13.0516 2768 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 17:40:13.0519 2768 cdrom - ok 17:40:13.0534 2768 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 17:40:13.0536 2768 circlass - ok 17:40:13.0572 2768 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 17:40:13.0576 2768 CLFS - ok 17:40:13.0590 2768 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 17:40:13.0592 2768 CmBatt - ok 17:40:13.0613 2768 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 17:40:13.0615 2768 cmdide - ok 17:40:13.0649 2768 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys 17:40:13.0655 2768 CNG - ok 17:40:13.0668 2768 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 17:40:13.0669 2768 Compbatt - ok 17:40:13.0706 2768 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 17:40:13.0709 2768 CompositeBus - ok 17:40:13.0718 2768 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 17:40:13.0720 2768 crcdisk - ok 17:40:13.0768 2768 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 17:40:13.0770 2768 DfsC - ok 17:40:13.0795 2768 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 17:40:13.0797 2768 discache - ok 17:40:13.0811 2768 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 17:40:13.0813 2768 Disk - ok 17:40:13.0833 2768 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 17:40:13.0835 2768 drmkaud - ok 17:40:13.0880 2768 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 17:40:13.0889 2768 DXGKrnl - ok 17:40:13.0915 2768 e1kexpress (52a482dc61f24b498c8268866b90bb44) C:\Windows\system32\DRIVERS\e1k62x64.sys 17:40:13.0918 2768 e1kexpress - ok 17:40:13.0979 2768 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 17:40:14.0029 2768 ebdrv - ok 17:40:14.0064 2768 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys 17:40:14.0065 2768 ElbyCDIO - ok 17:40:14.0091 2768 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 17:40:14.0096 2768 elxstor - ok 17:40:14.0129 2768 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 17:40:14.0132 2768 ErrDev - ok 17:40:14.0199 2768 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 17:40:14.0203 2768 exfat - ok 17:40:14.0226 2768 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 17:40:14.0231 2768 fastfat - ok 17:40:14.0242 2768 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 17:40:14.0246 2768 fdc - ok 17:40:14.0265 2768 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 17:40:14.0268 2768 FileInfo - ok 17:40:14.0281 2768 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 17:40:14.0283 2768 Filetrace - ok 17:40:14.0291 2768 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 17:40:14.0294 2768 flpydisk - ok 17:40:14.0336 2768 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 17:40:14.0340 2768 FltMgr - ok 17:40:14.0354 2768 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 17:40:14.0357 2768 FsDepends - ok 17:40:14.0377 2768 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 17:40:14.0379 2768 Fs_Rec - ok 17:40:14.0417 2768 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 17:40:14.0422 2768 fvevol - ok 17:40:14.0445 2768 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 17:40:14.0449 2768 gagp30kx - ok 17:40:14.0495 2768 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 17:40:14.0498 2768 GEARAspiWDM - ok 17:40:14.0521 2768 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 17:40:14.0524 2768 hcw85cir - ok 17:40:14.0565 2768 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 17:40:14.0581 2768 HdAudAddService - ok 17:40:14.0606 2768 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 17:40:14.0610 2768 HDAudBus - ok 17:40:14.0631 2768 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 17:40:14.0634 2768 HECIx64 - ok 17:40:14.0652 2768 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 17:40:14.0655 2768 HidBatt - ok 17:40:14.0678 2768 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 17:40:14.0681 2768 HidBth - ok 17:40:14.0689 2768 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 17:40:14.0692 2768 HidIr - ok 17:40:14.0713 2768 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 17:40:14.0716 2768 HidUsb - ok 17:40:14.0739 2768 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 17:40:14.0742 2768 HpSAMD - ok 17:40:14.0789 2768 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 17:40:14.0799 2768 HTTP - ok 17:40:14.0829 2768 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 17:40:14.0832 2768 hwpolicy - ok 17:40:14.0867 2768 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 17:40:14.0871 2768 i8042prt - ok 17:40:14.0907 2768 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys 17:40:14.0910 2768 iaStor - ok 17:40:14.0962 2768 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 17:40:14.0969 2768 iaStorV - ok 17:40:15.0183 2768 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys 17:40:15.0440 2768 igfx - ok 17:40:15.0462 2768 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 17:40:15.0464 2768 iirsp - ok 17:40:15.0531 2768 IntcAzAudAddService (d2356ebe25781b2fb61687e4d07ed188) C:\Windows\system32\drivers\RTKVHD64.sys 17:40:15.0586 2768 IntcAzAudAddService - ok 17:40:15.0612 2768 IntcDAud (408b401cd7cdb075c7470b0ff7ba8d0b) C:\Windows\system32\DRIVERS\IntcDAud.sys 17:40:15.0616 2768 IntcDAud - ok 17:40:15.0648 2768 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 17:40:15.0651 2768 intelide - ok 17:40:15.0663 2768 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 17:40:15.0666 2768 intelppm - ok 17:40:15.0708 2768 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:40:15.0711 2768 IpFilterDriver - ok 17:40:15.0747 2768 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 17:40:15.0751 2768 IPMIDRV - ok 17:40:15.0768 2768 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 17:40:15.0771 2768 IPNAT - ok 17:40:15.0792 2768 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 17:40:15.0795 2768 IRENUM - ok 17:40:15.0809 2768 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 17:40:15.0812 2768 isapnp - ok 17:40:15.0852 2768 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 17:40:15.0858 2768 iScsiPrt - ok 17:40:15.0887 2768 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys 17:40:15.0890 2768 JSWPSLWF - ok 17:40:15.0904 2768 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 17:40:15.0907 2768 kbdclass - ok 17:40:15.0941 2768 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 17:40:15.0944 2768 kbdhid - ok 17:40:15.0971 2768 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys 17:40:15.0974 2768 KSecDD - ok 17:40:16.0010 2768 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys 17:40:16.0015 2768 KSecPkg - ok 17:40:16.0032 2768 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 17:40:16.0035 2768 ksthunk - ok 17:40:16.0059 2768 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 17:40:16.0061 2768 lltdio - ok 17:40:16.0085 2768 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 17:40:16.0087 2768 LSI_FC - ok 17:40:16.0103 2768 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 17:40:16.0105 2768 LSI_SAS - ok 17:40:16.0120 2768 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 17:40:16.0122 2768 LSI_SAS2 - ok 17:40:16.0129 2768 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 17:40:16.0132 2768 LSI_SCSI - ok 17:40:16.0147 2768 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 17:40:16.0149 2768 luafv - ok 17:40:16.0171 2768 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys 17:40:16.0173 2768 MBAMProtector - ok 17:40:16.0181 2768 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 17:40:16.0183 2768 megasas - ok 17:40:16.0191 2768 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 17:40:16.0195 2768 MegaSR - ok 17:40:16.0215 2768 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 17:40:16.0217 2768 Modem - ok 17:40:16.0251 2768 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 17:40:16.0253 2768 monitor - ok 17:40:16.0289 2768 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 17:40:16.0291 2768 mouclass - ok 17:40:16.0305 2768 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 17:40:16.0307 2768 mouhid - ok 17:40:16.0346 2768 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 17:40:16.0348 2768 mountmgr - ok 17:40:16.0388 2768 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 17:40:16.0392 2768 mpio - ok 17:40:16.0418 2768 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 17:40:16.0438 2768 mpsdrv - ok 17:40:16.0481 2768 MRV6X64U (7e997df71cd2dd5cf0d3d07b8d8e798c) C:\Windows\system32\DRIVERS\MRVW24C.sys 17:40:16.0488 2768 MRV6X64U - ok 17:40:16.0499 2768 Mrvleap - ok 17:40:16.0530 2768 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 17:40:16.0534 2768 MRxDAV - ok 17:40:16.0570 2768 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 17:40:16.0577 2768 mrxsmb - ok 17:40:16.0614 2768 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:40:16.0621 2768 mrxsmb10 - ok 17:40:16.0642 2768 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:40:16.0647 2768 mrxsmb20 - ok 17:40:16.0660 2768 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 17:40:16.0663 2768 msahci - ok 17:40:16.0687 2768 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 17:40:16.0691 2768 msdsm - ok 17:40:16.0722 2768 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 17:40:16.0725 2768 Msfs - ok 17:40:16.0739 2768 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 17:40:16.0741 2768 mshidkmdf - ok 17:40:16.0783 2768 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 17:40:16.0785 2768 msisadrv - ok 17:40:16.0811 2768 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 17:40:16.0814 2768 MSKSSRV - ok 17:40:16.0828 2768 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 17:40:16.0831 2768 MSPCLOCK - ok 17:40:16.0845 2768 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 17:40:16.0848 2768 MSPQM - ok 17:40:16.0901 2768 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 17:40:16.0908 2768 MsRPC - ok 17:40:16.0926 2768 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 17:40:16.0929 2768 mssmbios - ok 17:40:16.0943 2768 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 17:40:16.0945 2768 MSTEE - ok 17:40:16.0960 2768 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 17:40:16.0963 2768 MTConfig - ok 17:40:16.0978 2768 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 17:40:16.0981 2768 Mup - ok 17:40:17.0003 2768 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 17:40:17.0010 2768 NativeWifiP - ok 17:40:17.0067 2768 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 17:40:17.0077 2768 NDIS - ok 17:40:17.0112 2768 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 17:40:17.0114 2768 NdisCap - ok 17:40:17.0127 2768 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 17:40:17.0129 2768 NdisTapi - ok 17:40:17.0170 2768 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 17:40:17.0172 2768 Ndisuio - ok 17:40:17.0209 2768 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 17:40:17.0212 2768 NdisWan - ok 17:40:17.0247 2768 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 17:40:17.0249 2768 NDProxy - ok 17:40:17.0266 2768 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 17:40:17.0269 2768 NetBIOS - ok 17:40:17.0308 2768 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 17:40:17.0319 2768 NetBT - ok 17:40:17.0360 2768 NetworkX (2263727032e9b19231a706046b8c82d3) C:\Windows\system32\ckldrv.sys 17:40:17.0362 2768 NetworkX - ok 17:40:17.0380 2768 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 17:40:17.0382 2768 nfrd960 - ok 17:40:17.0401 2768 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 17:40:17.0404 2768 Npfs - ok 17:40:17.0420 2768 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 17:40:17.0422 2768 nsiproxy - ok 17:40:17.0487 2768 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 17:40:17.0532 2768 Ntfs - ok 17:40:17.0551 2768 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys 17:40:17.0553 2768 NTIDrvr - ok 17:40:17.0574 2768 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 17:40:17.0576 2768 Null - ok 17:40:17.0610 2768 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 17:40:17.0613 2768 nvraid - ok 17:40:17.0654 2768 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 17:40:17.0657 2768 nvstor - ok 17:40:17.0686 2768 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 17:40:17.0688 2768 nv_agp - ok 17:40:17.0721 2768 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 17:40:17.0724 2768 ohci1394 - ok 17:40:17.0747 2768 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 17:40:17.0750 2768 Parport - ok 17:40:17.0779 2768 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 17:40:17.0781 2768 partmgr - ok 17:40:17.0808 2768 PCAMp50a64 (304e6ac43613a9c43896c4300009442b) C:\Windows\system32\Drivers\PCAMp50a64.sys 17:40:17.0810 2768 PCAMp50a64 - ok 17:40:17.0831 2768 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys 17:40:17.0833 2768 PCASp50a64 - ok 17:40:17.0872 2768 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 17:40:17.0876 2768 pci - ok 17:40:17.0908 2768 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 17:40:17.0910 2768 pciide - ok 17:40:17.0937 2768 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 17:40:17.0942 2768 pcmcia - ok 17:40:17.0967 2768 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 17:40:17.0970 2768 pcw - ok 17:40:17.0997 2768 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 17:40:18.0008 2768 PEAUTH - ok 17:40:18.0086 2768 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 17:40:18.0089 2768 PptpMiniport - ok 17:40:18.0105 2768 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 17:40:18.0107 2768 Processor - ok 17:40:18.0139 2768 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 17:40:18.0142 2768 Psched - ok 17:40:18.0177 2768 PSINAflt (d1901df2df073e1eb1c264a3905f4f77) C:\Windows\system32\DRIVERS\PSINAflt.sys 17:40:18.0181 2768 PSINAflt - ok 17:40:18.0212 2768 PSINFile (2377f49c39725ed0021d75136fb0f746) C:\Windows\system32\DRIVERS\PSINFile.sys 17:40:18.0215 2768 PSINFile - ok 17:40:18.0235 2768 PSINKNC (2dd99f249699d69bb5fb455a405e724a) C:\Windows\system32\DRIVERS\psinknc.sys 17:40:18.0239 2768 PSINKNC - ok 17:40:18.0249 2768 PSINProc (f8d7465cdd2a4ecae761ba8a0577d151) C:\Windows\system32\DRIVERS\PSINProc.sys 17:40:18.0252 2768 PSINProc - ok 17:40:18.0266 2768 PSINProt (8ce7ccb7ba1e79d78d25cb964dd5393e) C:\Windows\system32\DRIVERS\PSINProt.sys 17:40:18.0269 2768 PSINProt - ok 17:40:18.0297 2768 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys 17:40:18.0299 2768 PxHlpa64 - ok 17:40:18.0336 2768 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 17:40:18.0356 2768 ql2300 - ok 17:40:18.0384 2768 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 17:40:18.0386 2768 ql40xx - ok 17:40:18.0400 2768 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 17:40:18.0402 2768 QWAVEdrv - ok 17:40:18.0417 2768 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 17:40:18.0419 2768 RasAcd - ok 17:40:18.0437 2768 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 17:40:18.0439 2768 RasAgileVpn - ok 17:40:18.0478 2768 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 17:40:18.0482 2768 Rasl2tp - ok 17:40:18.0499 2768 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 17:40:18.0520 2768 RasPppoe - ok 17:40:18.0541 2768 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 17:40:18.0545 2768 RasSstp - ok 17:40:18.0584 2768 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 17:40:18.0590 2768 rdbss - ok 17:40:18.0607 2768 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 17:40:18.0609 2768 rdpbus - ok 17:40:18.0630 2768 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 17:40:18.0632 2768 RDPCDD - ok 17:40:18.0647 2768 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 17:40:18.0649 2768 RDPENCDD - ok 17:40:18.0670 2768 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 17:40:18.0672 2768 RDPREFMP - ok 17:40:18.0709 2768 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 17:40:18.0714 2768 RDPWD - ok 17:40:18.0744 2768 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 17:40:18.0748 2768 rdyboost - ok 17:40:18.0773 2768 RimUsb - ok 17:40:18.0813 2768 RimVSerPort (0de22421179d5a8440b68517ddf2b051) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys 17:40:18.0816 2768 RimVSerPort - ok 17:40:18.0828 2768 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys 17:40:18.0831 2768 ROOTMODEM - ok 17:40:18.0891 2768 RRNetCap (2abd2b3ba2ef0c3ba82284c2a5e28675) C:\Windows\system32\DRIVERS\rrnetcap.sys 17:40:18.0893 2768 RRNetCap - ok 17:40:18.0899 2768 RRNetCapMP (2abd2b3ba2ef0c3ba82284c2a5e28675) C:\Windows\system32\DRIVERS\rrnetcap.sys 17:40:18.0900 2768 RRNetCapMP - ok 17:40:18.0911 2768 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 17:40:18.0915 2768 rspndr - ok 17:40:18.0957 2768 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 17:40:18.0961 2768 sbp2port - ok 17:40:18.0995 2768 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 17:40:18.0998 2768 scfilter - ok 17:40:19.0022 2768 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 17:40:19.0024 2768 secdrv - ok 17:40:19.0066 2768 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 17:40:19.0068 2768 Serenum - ok 17:40:19.0076 2768 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 17:40:19.0079 2768 Serial - ok 17:40:19.0098 2768 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 17:40:19.0100 2768 sermouse - ok 17:40:19.0138 2768 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 17:40:19.0149 2768 sffdisk - ok 17:40:19.0175 2768 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 17:40:19.0178 2768 sffp_mmc - ok 17:40:19.0189 2768 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 17:40:19.0211 2768 sffp_sd - ok 17:40:19.0219 2768 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 17:40:19.0222 2768 sfloppy - ok 17:40:19.0276 2768 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 17:40:19.0279 2768 SiSRaid2 - ok 17:40:19.0289 2768 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 17:40:19.0292 2768 SiSRaid4 - ok 17:40:19.0301 2768 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 17:40:19.0305 2768 Smb - ok 17:40:19.0341 2768 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 17:40:19.0342 2768 spldr - ok 17:40:19.0379 2768 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 17:40:19.0397 2768 srv - ok 17:40:19.0423 2768 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 17:40:19.0428 2768 srv2 - ok 17:40:19.0462 2768 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 17:40:19.0465 2768 srvnet - ok 17:40:19.0488 2768 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 17:40:19.0490 2768 stexstor - ok 17:40:19.0505 2768 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 17:40:19.0507 2768 swenum - ok 17:40:19.0592 2768 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 17:40:19.0656 2768 Tcpip - ok 17:40:19.0692 2768 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 17:40:19.0709 2768 TCPIP6 - ok 17:40:19.0751 2768 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 17:40:19.0754 2768 tcpipreg - ok 17:40:19.0772 2768 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 17:40:19.0774 2768 TDPIPE - ok 17:40:19.0786 2768 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 17:40:19.0806 2768 TDTCP - ok 17:40:19.0842 2768 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 17:40:19.0845 2768 tdx - ok 17:40:19.0860 2768 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 17:40:19.0863 2768 TermDD - ok 17:40:19.0905 2768 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 17:40:19.0907 2768 tssecsrv - ok 17:40:19.0948 2768 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 17:40:19.0951 2768 TsUsbFlt - ok 17:40:19.0982 2768 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 17:40:19.0986 2768 tunnel - ok 17:40:20.0007 2768 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 17:40:20.0010 2768 uagp35 - ok 17:40:20.0030 2768 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys 17:40:20.0032 2768 UBHelper - ok 17:40:20.0072 2768 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 17:40:20.0078 2768 udfs - ok 17:40:20.0109 2768 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 17:40:20.0111 2768 uliagpkx - ok 17:40:20.0124 2768 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 17:40:20.0127 2768 umbus - ok 17:40:20.0142 2768 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 17:40:20.0144 2768 UmPass - ok 17:40:20.0188 2768 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 17:40:20.0205 2768 USBAAPL64 - ok 17:40:20.0231 2768 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 17:40:20.0238 2768 usbccgp - ok 17:40:20.0279 2768 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 17:40:20.0283 2768 usbcir - ok 17:40:20.0301 2768 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 17:40:20.0305 2768 usbehci - ok 17:40:20.0331 2768 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 17:40:20.0339 2768 usbhub - ok 17:40:20.0379 2768 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 17:40:20.0382 2768 usbohci - ok 17:40:20.0399 2768 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 17:40:20.0402 2768 usbprint - ok 17:40:20.0439 2768 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:40:20.0440 2768 USBSTOR - ok 17:40:20.0456 2768 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 17:40:20.0460 2768 usbuhci - ok 17:40:20.0476 2768 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 17:40:20.0480 2768 vdrvroot - ok 17:40:20.0517 2768 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 17:40:20.0520 2768 vga - ok 17:40:20.0534 2768 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 17:40:20.0536 2768 VgaSave - ok 17:40:20.0562 2768 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 17:40:20.0567 2768 vhdmp - ok 17:40:20.0584 2768 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 17:40:20.0586 2768 viaide - ok 17:40:20.0626 2768 vNICdrv (3e8efae49964227611d5b211817d2228) C:\Windows\system32\DRIVERS\vNICdrv.sys 17:40:20.0629 2768 vNICdrv - ok 17:40:20.0651 2768 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 17:40:20.0654 2768 volmgr - ok 17:40:20.0697 2768 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 17:40:20.0703 2768 volmgrx - ok 17:40:20.0729 2768 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 17:40:20.0734 2768 volsnap - ok 17:40:20.0764 2768 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 17:40:20.0768 2768 vsmraid - ok 17:40:20.0803 2768 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 17:40:20.0805 2768 vwifibus - ok 17:40:20.0832 2768 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 17:40:20.0835 2768 WacomPen - ok 17:40:20.0858 2768 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 17:40:20.0861 2768 WANARP - ok 17:40:20.0866 2768 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 17:40:20.0867 2768 Wanarpv6 - ok 17:40:20.0903 2768 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 17:40:20.0905 2768 Wd - ok 17:40:20.0930 2768 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 17:40:20.0937 2768 Wdf01000 - ok 17:40:20.0978 2768 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 17:40:20.0980 2768 WfpLwf - ok 17:40:20.0986 2768 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 17:40:20.0988 2768 WIMMount - ok 17:40:21.0019 2768 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 17:40:21.0021 2768 WinUsb - ok 17:40:21.0045 2768 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 17:40:21.0047 2768 WmiAcpi - ok 17:40:21.0063 2768 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 17:40:21.0065 2768 ws2ifsl - ok 17:40:21.0104 2768 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 17:40:21.0107 2768 WudfPf - ok 17:40:21.0131 2768 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 17:40:21.0134 2768 WUDFRd - ok 17:40:21.0157 2768 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 17:40:21.0173 2768 \Device\Harddisk0\DR0 - ok 17:40:21.0175 2768 Boot (0x1200) (b57f793d31ccf623b804a8d8d8da0edc) \Device\Harddisk0\DR0\Partition0 17:40:21.0176 2768 \Device\Harddisk0\DR0\Partition0 - ok 17:40:21.0188 2768 Boot (0x1200) (979ae8b7e606d0fb141fb5f2de825525) \Device\Harddisk0\DR0\Partition1 17:40:21.0189 2768 \Device\Harddisk0\DR0\Partition1 - ok 17:40:21.0189 2768 ============================================================ 17:40:21.0189 2768 Scan finished 17:40:21.0189 2768 ============================================================ 17:40:21.0197 5264 Detected object count: 0 17:40:21.0197 5264 Actual detected object count: 0 Sophos results: No hidden items found by scan. I don't know. I'm still very concerned about the activity shown in the netstat that shows connections at 192.168.1.7 which is an isp in BC Canada. It is obviously over my technical ability to interpret the information.
	to forum · permalink · 2011-11-23 21:00:17 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	reply to dudedad The IP addresses starting with 192.168.x.x are non-routable. They do not exist on the internet. They are for local area networks only. If netstat is showing that address, then one of the computers attached your local network has that address. Still waiting for the Sophos log. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2011-11-23 21:31:35 ·
dudedad join:2011-11-23 Denver, CO	At the bottom I posted that Sophos found: No hidden items found by scan. Larry
	to forum · permalink · 2011-11-23 21:42:35 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	reply to dudedad Again, here are the instructions I posted: Second: Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found. Please post the log. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2011-11-23 22:13:56 ·
dudedad join:2011-11-23 Denver, CO	Okay. I'll run it again and try to find something to post. Larry
	to forum · permalink · 2011-11-23 22:31:43 ·

Broadband Tech > Security > Security Cleanup > [Trojan] Trojan Infection - lots of connections in the netstat r

[Trojan] Trojan Infection - lots of connections in the netstat r

Re: [Trojan] Trojan Infection - lots of connections in the netst