# Screen goes black on DELL Inspiron 8600 Win XP Pro



## sjajdld (Jan 25, 2007)

Within the last day my screen will go completely black... not like when it is turned off, but a completely deep black. No cursor, nothing. Is this a virus I have??? It's a DELL Inspiron 8600 with Win XP Pro. It did it the first time while on Facebook. So I shut it off and tried again. Second time it did it on Facebook again, third time, on desktop screen, fourth was at start-up. I booted in f 2 and went to diagnostics and it went black as soon as page popped up withCPU or whatever and then proceeded to do a series of 3 beeps at different intervals. After listening to that horrid sound for about 3 minutes, I shut if off !!! lol Turned on and again did f 2 and started in first option (can't recall exact name) of internal HD ??? and this is how I ended up here . Still on and going, but for how long? No clue. Am wondering if this is a virus I have or is my laptop really about to bite the dust? Currently running a full scan on Malwarebytes. Thanks for any help offered !!!!


----------



## sjajdld (Jan 25, 2007)

UPDATE *** Ok I BARELY can see the screen underneath the "blackness" so I am guessing I have a virus... weird thing is if I unplug the power cord from my laptop, I am able to keep the screen up longer before going "balck" How do I fix this !!!!!!! PLEASE HELP !!!! TYTYTYTYTY Still running a full scan in Malwarebytes as i type.... going to try to go to hijack this and add what i get from there too  crossing fingers


----------



## sjajdld (Jan 25, 2007)

Here's my Hijack this 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:29:11 PM, on 8/25/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.searchonme.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:5555
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://rewards.mydrivefm.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
O16 - DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} (RSClientPrint 2005 Class) - https://members.ladiesauxvfw.org/EW...033&UICulture=9&ReportStack=1&OpType=PrintCab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1326218597187
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267219565705
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1343793071963
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6539 bytes


----------



## sjajdld (Jan 25, 2007)

One more update... 8.25.12 If I boot with just battery power, it does not go black as quickly. I tried taking the battery out and then replacing it. Tried using it just with battery, but since the battery is old, it only holds power for about 45 minutes... not even long enough to run a full scan with Malwarebytes. So I'm still not sure if anything is showing up (virus, spyware, etc) If any other info is needed please let me know  TYTYTY again and again 
~susan 
[email protected]


----------



## sjajdld (Jan 25, 2007)

Ok so I apologize for not posting all I should have as I originally posted this in a different forum and just noticed that it had been moved to this forum... so here goes with update and the required scans.... Forgive me if this goes in spurts but since this is my only computer and it is acting up (why I'm here... ) I may have to post in intervals, so forgive me in advance for all of this nonsense  
*** okay I restored to an earlier point on my computer on 8.25.12 after the above posts and same thing is happeneing. Black screen like very dark sunglasses were put over it. I can barely make out the icons etc on my desktop. I can access internet and everything else that I have tried so far while the screen is black like this. I found if I shine a flashlight at an angle i can see the screen a little better and have accessed it this way at times. VERY frustrating to say the least. ***Also, I seem to be able to have everything be normal as long as the ac power adapter is NOT connected... as soon as I plug it into the laptop, POOF* black screen. If I allow the battery to completely charge and then unplug ac adapter before turning on computer, I am able to get on with no black screen, no known issues, everything seems completely fine until my battery depletes itself, which is not long. Approximately an hour or so. So with all that being said, I redid all scans you asked for in the forum top post and am including them with this TYTYTYTY again for ANY help whatsoever... I miss my computer  lol

hijack this 8.26.12

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:07:07 AM, on 8/26/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Frontier\Security\Anti-Virus\fsgk32st.exe
C:\Program Files\Frontier\Security\Common\FSMA32.EXE
C:\Program Files\Frontier\Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Frontier\Security\Common\FSHDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Frontier\Security\Common\FSM32.EXE
C:\Program Files\Frontier\Security\FWES\Program\fsdfwd.exe
C:\Program Files\Frontier\Security\Anti-Virus\fssm32.exe
C:\Program Files\Frontier\Security\Anti-Virus\fsav32.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.searchonme.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:5555
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Frontier\Security\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Frontier\Security\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Frontier\Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Frontier\Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://rewards.mydrivefm.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
O16 - DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} (RSClientPrint 2005 Class) - https://members.ladiesauxvfw.org/EW...033&UICulture=9&ReportStack=1&OpType=PrintCab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1326218597187
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267219565705
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1343793071963
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Frontier\Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Frontier\Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Frontier\Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Frontier\Security\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\MsMpEng.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8370 bytes
*********************************************************************************************************************************

dds file 8.26.12

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Administrator at 10:19:55 on 2012-08-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.434 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Max Security 9.17 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Max Security 9.17 *Enabled* 
FW: ZoneAlarm Firewall *Disabled* 
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Frontier\Security\Anti-Virus\fsgk32st.exe
C:\Program Files\Frontier\Security\Common\FSMA32.EXE
C:\Program Files\Frontier\Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Frontier\Security\Common\FSHDLL32.EXE
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Frontier\Security\Common\FSM32.EXE
C:\Program Files\Frontier\Security\FWES\Program\fsdfwd.exe
C:\Program Files\Frontier\Security\Anti-Virus\fssm32.exe
C:\Program Files\Frontier\Security\Anti-Virus\fsav32.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\cidaemon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/
mStart Page = hxxp://search.searchonme.com/
uInternet Settings,ProxyServer = 127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 : {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\frontier\security\nrs\iescript\baselitmus.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\frontier\security\nrs\iescript\baselitmus.dll
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [F-Secure Manager] "c:\program files\frontier\security\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\frontier\security\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki...
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: c:\program files\frontier\security\fsps\program\FSLSP.DLL
Trusted Zone: mydrivefm.com\rewards
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxps://members.ladiesauxvfw.org/EWEBREPORTSERVER/Reserved.ReportViewerWebControl.axd?ExecutionID=idpqch45rkbyrkfgjvf2rrjo&ControlID=79beb4c6385b404d9f2d7e368b1a9fd6&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1326218597187
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267219565705
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343793071963
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{1CF38442-E0F6-4221-89B5-D3EC4BEF932B} : DhcpNameServer = 192.168.10.24 192.168.10.25
TCP: Interfaces\{76313147-6AC4-43F5-BE56-F3429732AA9D} : DhcpNameServer = 192.168.254.254
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2012-8-25 44240]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2012-8-25 82160]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\frontier\security\hips\drivers\fshs.sys [2012-8-25 70192]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\frontier\security\anti-virus\fsgk32st.exe [2012-8-25 221872]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\frontier\security\anti-virus\minifilter\fsgk.sys [2012-8-25 149672]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\frontier\security\orsp client\fsorsp.exe [2012-8-25 61088]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\mpfilter.sys --> c:\windows\system32\drivers\MpFilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-11 135664]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2012-1-14 94208]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-11 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.1.121\mcchsvc.exe" --> c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-26 02:48:42	44240	----a-w-	c:\windows\system32\drivers\fsbts.sys
2012-08-26 02:47:54	82160	----a-w-	c:\windows\system32\drivers\fsdfw.sys
2012-08-26 01:44:59	--------	d-----w-	c:\windows\system32\wbem\repository\FS
2012-08-26 01:44:59	--------	d-----w-	c:\windows\system32\wbem\Repository
2012-08-25 18:27:22	--------	d-----w-	c:\program files\Frontier
2012-08-25 18:24:35	--------	d-----w-	c:\documents and settings\all users\application data\fssg
2012-08-25 17:26:01	388096	----a-r-	c:\documents and settings\administrator\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-08-25 16:45:57	--------	d-----w-	c:\documents and settings\all users\application data\f-secure
2012-08-15 19:36:34	--------	d-----w-	c:\documents and settings\administrator\application data\Virtual Prophecy
.
==================== Find3M ====================
.
2012-07-06 13:58:51	78336	----a-w-	c:\windows\system32\browser.dll
2012-07-06 02:07:08	143872	----a-w-	c:\windows\system32\javacpl.cpl
2012-07-06 02:06:30	772544	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-07-06 02:06:20	687544	----a-w-	c:\windows\system32\deployJava1.dll
2012-07-04 14:05:18	139784	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15	1866112	----a-w-	c:\windows\system32\win32k.sys
2012-07-02 17:49:33	916992	----a-w-	c:\windows\system32\wininet.dll
2012-07-02 17:49:32	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43	385024	----a-w-	c:\windows\system32\html.iec
2012-06-05 15:50:25	1372672	----a-w-	c:\windows\system32\msxml6.dll
2012-06-05 15:50:25	1172480	----a-w-	c:\windows\system32\msxml3.dll
2012-06-04 21:35:26	222448	----a-w-	c:\windows\system32\muweb.dll
2012-06-04 04:32:08	152576	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 19:19:44	22040	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38	15384	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34	15384	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30	17944	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58	275696	----a-w-	c:\windows\system32\mucltui.dll
2012-06-02 19:18:58	17136	----a-w-	c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09	599040	----a-w-	c:\windows\system32\crypt32.dll
.
============= FINISH: 10:23:38.22 ===============
******************************************************************************************************************************************

*** the gmer ark.txt scan is taking a longggg time so I will post that as soon as I can but am posting these now before I lose it all to a black screen again ty for patience 

[email protected] 
~Susan


----------



## sjajdld (Jan 25, 2007)

here is the attach file


----------



## sjajdld (Jan 25, 2007)

ahhhhhhhhhhhhhhhhhhhhhhhh finally finished the gmer... whatever it is...scan.... took FOREVER !!!!!!!!! 
here goes:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-26 16:50:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2060AH rev.00000096
Running: ks9qelwz.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdypow.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcess [0xF6D9BCC6]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcessEx [0xF6D9BCE0]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateThread [0xF6D9AE7C]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwLoadDriver [0xF6D9B1AC]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwMapViewOfSection [0xF6D9ABBC]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwOpenSection [0xF6D9B5DE]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwRenameKey [0xF6D9C87C]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSetSystemInformation [0xF6D9B42E]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendProcess [0xF6D9AA3C]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendThread [0xF6D9AEB0]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSystemDebugControl [0xF6D9B032]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateProcess [0xF6D9A996]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateThread [0xF6D9AAF6]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwWriteVirtualMemory [0xF6D9AF76]

Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [3C, AA, D9, F6, B0, AE, D9, ...]
PAGE ntoskrnl.exe!IoCreateDevice  8059EC46 5 Bytes JMP F7683010 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisRegisterProtocol F765317F 5 Bytes JMP F7682E22 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisOpenAdapter F7653399 5 Bytes JMP F76833AA fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisCloseAdapter F765D642 5 Bytes JMP F7682F2E fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisDeregisterProtocol F765D821 5 Bytes JMP F76831C6 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisReturnPackets F7660810 5 Bytes JMP F7683C22 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisRequest F766097B 5 Bytes JMP F76835C2 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisSend F7663986 5 Bytes JMP F76845A2 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisSendPackets F76639A3 5 Bytes JMP F7684674 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisTransferData F76639BE 5 Bytes JMP F7683D20 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoCreateVc F766A186 5 Bytes JMP F7682E8C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoDeleteVc F766B557 5 Bytes JMP F7682EFA fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoSendPackets F766BAF1 5 Bytes JMP F768438C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[228] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0266000C 
.text C:\WINDOWS\Explorer.EXE[228] ntdll.dll!NtCreateProcessEx  7C90D15E 5 Bytes JMP 0266100C 
.text C:\WINDOWS\Explorer.EXE[228] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0266200C 
.text C:\WINDOWS\Explorer.EXE[228] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0266300C 
.text C:\WINDOWS\Explorer.EXE[228] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0266700C 
.text C:\WINDOWS\Explorer.EXE[228] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0266500C 
.text C:\WINDOWS\Explorer.EXE[228] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0266600C 
.text C:\WINDOWS\Explorer.EXE[228] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0266800C 
.text C:\WINDOWS\Explorer.EXE[228] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0266400C 
.text C:\WINDOWS\Explorer.EXE[228] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0266A00C 
.text C:\WINDOWS\Explorer.EXE[228] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 0266900C 
.text C:\Program Files\Frontier\Security\Common\FSM32.EXE[544] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0102000C 
.text C:\Program Files\Frontier\Security\Common\FSM32.EXE[544] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0102100C 
.text C:\WINDOWS\system32\winlogon.exe[856] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C0000C 
.text C:\WINDOWS\system32\winlogon.exe[856] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00C0100C 
.text C:\WINDOWS\system32\winlogon.exe[856] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C0200C 
.text C:\WINDOWS\system32\winlogon.exe[856] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00C0300C 
.text C:\WINDOWS\system32\winlogon.exe[856] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00C0700C 
.text C:\WINDOWS\system32\winlogon.exe[856] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00C0500C 
.text C:\WINDOWS\system32\winlogon.exe[856] ADVAPI32.dll!ControlService  77DF4A09 5 Bytes JMP 00C0600C 
.text C:\WINDOWS\system32\winlogon.exe[856] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C0800C 
.text C:\WINDOWS\system32\winlogon.exe[856] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C0400C 
.text C:\WINDOWS\system32\winlogon.exe[856] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00C0A00C 
.text C:\WINDOWS\system32\winlogon.exe[856] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00C0900C 
.text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B8000C 
.text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B8100C 
.text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B8200C 
.text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00B8300C 
.text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00B8700C 
.text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00B8500C 
.text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00B8600C 
.text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B8800C 
.text C:\WINDOWS\system32\lsass.exe[916] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B8400C 
.text C:\WINDOWS\system32\lsass.exe[916] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00B8A00C 
.text C:\WINDOWS\system32\lsass.exe[916] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00B8900C 
.text C:\WINDOWS\system32\cisvc.exe[1036] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006C000C 
.text C:\WINDOWS\system32\cisvc.exe[1036] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 006C100C 
.text C:\WINDOWS\system32\cisvc.exe[1036] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006C200C 
.text C:\WINDOWS\system32\cisvc.exe[1036] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 006C300C 
.text C:\WINDOWS\system32\cisvc.exe[1036] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006C400C 
.text C:\WINDOWS\system32\cisvc.exe[1036] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 006CA00C 
.text C:\WINDOWS\system32\cisvc.exe[1036] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 006C700C 
.text C:\WINDOWS\system32\cisvc.exe[1036] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 006C500C 
.text C:\WINDOWS\system32\cisvc.exe[1036] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 006C600C 
.text C:\WINDOWS\system32\cisvc.exe[1036] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006C800C 
.text C:\WINDOWS\system32\cisvc.exe[1036] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 006C900C 
.text C:\WINDOWS\system32\Ati2evxx.exe[1076] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0240000C 
.text C:\WINDOWS\system32\Ati2evxx.exe[1076] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0240100C 
.text C:\WINDOWS\system32\Ati2evxx.exe[1076] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0240200C 
.text C:\WINDOWS\system32\Ati2evxx.exe[1076] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0240300C 
.text C:\WINDOWS\system32\Ati2evxx.exe[1076] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0240400C 
.text C:\WINDOWS\system32\Ati2evxx.exe[1076] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0240A00C 
.text C:\WINDOWS\system32\Ati2evxx.exe[1076] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 0240900C 
.text C:\WINDOWS\system32\Ati2evxx.exe[1076] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0240700C 
.text C:\WINDOWS\system32\Ati2evxx.exe[1076] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0240500C 
.text C:\WINDOWS\system32\Ati2evxx.exe[1076] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0240600C 
.text C:\WINDOWS\system32\Ati2evxx.exe[1076] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0240800C 
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 026F000C 
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 026F100C 
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 026F200C 
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 026F300C 
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 026F700C 
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 026F500C 
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 026F600C 
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 026F800C 
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 026F400C 
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] user32.dll!DdeConnect 7E4581C3 5 Bytes JMP 026FA00C 
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 026F900C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A1000C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A1100C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A1200C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00A1300C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00A1700C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00A1500C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00A1600C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A1800C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A1400C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00A1900C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00A1A00C 
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003A000C 
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003A100C 
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003A200C 
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 003A300C 
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 003A700C 
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 003A500C 
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 003A600C 
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A800C 
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A400C 
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 003A900C 
.text C:\WINDOWS\System32\bcmwltry.exe[1636] ntdll.dll!NtCreateProcess  7C90D14E 5 Bytes JMP 00CD000C 
.text C:\WINDOWS\System32\bcmwltry.exe[1636] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00CD100C 
.text C:\WINDOWS\System32\bcmwltry.exe[1636] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CD200C 
.text C:\WINDOWS\System32\bcmwltry.exe[1636] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00CD300C 
.text C:\WINDOWS\System32\bcmwltry.exe[1636] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00CD700C 
.text C:\WINDOWS\System32\bcmwltry.exe[1636] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00CD500C 
.text C:\WINDOWS\System32\bcmwltry.exe[1636] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00CD600C 
.text C:\WINDOWS\System32\bcmwltry.exe[1636] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00CD800C 
.text C:\WINDOWS\System32\bcmwltry.exe[1636] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00CD400C 
.text C:\WINDOWS\System32\bcmwltry.exe[1636] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00CDA00C 
.text C:\WINDOWS\System32\bcmwltry.exe[1636] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00CD900C 
.text C:\WINDOWS\system32\lxdncoms.exe[1808] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003F000C 
.text C:\WINDOWS\system32\lxdncoms.exe[1808] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003F100C 
.text C:\WINDOWS\system32\lxdncoms.exe[1808] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003F200C 
.text C:\WINDOWS\system32\lxdncoms.exe[1808] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 003F300C 
.text C:\WINDOWS\system32\lxdncoms.exe[1808] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F400C 
.text C:\WINDOWS\system32\lxdncoms.exe[1808] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 003F900C 
.text C:\WINDOWS\system32\lxdncoms.exe[1808] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 003F700C 
.text C:\WINDOWS\system32\lxdncoms.exe[1808] ADVAPI32.dll!OpenServiceW  77DE6FFD 5 Bytes JMP 003F500C 
.text C:\WINDOWS\system32\lxdncoms.exe[1808] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 003F600C 
.text C:\WINDOWS\system32\lxdncoms.exe[1808] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F800C 
.text C:\WINDOWS\system32\Ati2evxx.exe[2020] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C4000C 
.text C:\WINDOWS\system32\Ati2evxx.exe[2020] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00C4100C 
.text C:\WINDOWS\system32\Ati2evxx.exe[2020] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C4200C 
.text C:\WINDOWS\system32\Ati2evxx.exe[2020] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00C4300C 
.text C:\WINDOWS\system32\Ati2evxx.exe[2020] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C4400C 
.text C:\WINDOWS\system32\Ati2evxx.exe[2020] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00C4A00C 
.text C:\WINDOWS\system32\Ati2evxx.exe[2020] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00C4900C 
.text C:\WINDOWS\system32\Ati2evxx.exe[2020] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00C4700C 
.text C:\WINDOWS\system32\Ati2evxx.exe[2020] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00C4500C 
.text C:\WINDOWS\system32\Ati2evxx.exe[2020] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00C4600C 
.text C:\WINDOWS\system32\Ati2evxx.exe[2020] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C4800C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 2A, 00] {SUB [EAX], AL; SUB AL, [EAX]}
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0095000C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0095100C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 2A, 00] {SUB [EBX], AL; SUB AL, [EAX]}
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 2A, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 2A, 00] {TEST AL, 0x1; SUB AL, [EAX]}
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91001A 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 2A, 00] {TEST AL, 0x2; SUB AL, [EAX]}
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 2A, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 2A, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91008B 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 2A, 00] {TEST AL, 0x0; SUB AL, [EAX]}
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9101B9 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 2A, 00] {SUB [ECX], AL; SUB AL, [EAX]}
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 2A, 00] {SUB [EDX], AL; SUB AL, [EAX]}
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 2A, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0095200C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0095300C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0095700C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0095500C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0095600C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0095800C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0095400C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0095900C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 52, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AC000C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00AC100C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 52, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 52, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 52, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91281A 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 52, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 52, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 52, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91288B 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 52, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9129B9 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 52, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 52, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 52, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AC200C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00AC300C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00AC700C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00AC500C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00AC600C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00AC800C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AC400C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00AC900C 
.text C:\WINDOWS\system32\tlntsvr.exe[2396] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A2000C 
.text C:\WINDOWS\system32\tlntsvr.exe[2396] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A2100C 
.text C:\WINDOWS\system32\tlntsvr.exe[2396] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A2200C 
.text C:\WINDOWS\system32\tlntsvr.exe[2396] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00A2300C 
.text C:\WINDOWS\system32\tlntsvr.exe[2396] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00A2700C 
.text C:\WINDOWS\system32\tlntsvr.exe[2396] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00A2500C 
.text C:\WINDOWS\system32\tlntsvr.exe[2396] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00A2600C 
.text C:\WINDOWS\system32\tlntsvr.exe[2396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A2800C 
.text C:\WINDOWS\system32\tlntsvr.exe[2396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A2400C 
.text C:\WINDOWS\system32\tlntsvr.exe[2396] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00A2A00C 
.text C:\WINDOWS\system32\tlntsvr.exe[2396] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00A2900C 
.text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0038000C 
.text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0038100C 
.text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0038200C 
.text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0038300C 
.text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0038400C 
.text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0038900C 
.text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0038700C 
.text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0038500C 
.text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0038600C 
.text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0038800C 
.text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 0038A00C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A1000C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A1100C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A1200C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00A1300C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00A1700C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00A1500C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00A1600C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A1800C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A1400C 
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00A1900C 
.text  C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00A1A00C 
.text C:\WINDOWS\system32\SearchIndexer.exe[2568] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0D58000C 
.text C:\WINDOWS\system32\SearchIndexer.exe[2568] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0D58100C 
.text C:\WINDOWS\system32\SearchIndexer.exe[2568] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0D58200C 
.text C:\WINDOWS\system32\SearchIndexer.exe[2568] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2568] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0D58300C 
.text C:\WINDOWS\system32\SearchIndexer.exe[2568] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0D58700C 
.text C:\WINDOWS\system32\SearchIndexer.exe[2568] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0D58500C 
.text C:\WINDOWS\system32\SearchIndexer.exe[2568] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0D58600C 
.text C:\WINDOWS\system32\SearchIndexer.exe[2568] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0D58800C 
.text C:\WINDOWS\system32\SearchIndexer.exe[2568] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0D58400C 
.text C:\WINDOWS\system32\SearchIndexer.exe[2568] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0D58A00C 
.text C:\WINDOWS\system32\SearchIndexer.exe[2568] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 0D58900C 
.text C:\WINDOWS\system32\wuauclt.exe[2720] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 03D9000C 
.text C:\WINDOWS\system32\wuauclt.exe[2720] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 03D9100C 
.text C:\WINDOWS\system32\wuauclt.exe[2720] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03D9200C 
.text C:\WINDOWS\system32\wuauclt.exe[2720] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 03D9300C 
.text C:\WINDOWS\system32\wuauclt.exe[2720] ole32.dll!CoCreateInstanceEx  774FF164 5 Bytes JMP 03D9900C 
.text C:\WINDOWS\system32\wuauclt.exe[2720] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 03D9700C 
.text C:\WINDOWS\system32\wuauclt.exe[2720] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 03D9500C 
.text C:\WINDOWS\system32\wuauclt.exe[2720] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 03D9600C 
.text C:\WINDOWS\system32\wuauclt.exe[2720] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 03D9800C 
.text C:\WINDOWS\system32\wuauclt.exe[2720] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 03D9400C 
.text C:\WINDOWS\system32\wuauclt.exe[2720] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 03D9A00C 
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E1000C 
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00E1100C 
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E1200C 
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00E1300C 
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00E1700C 
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00E1500C 
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00E1600C 
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00E1800C 
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00E1400C 
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00E1A00C 
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00E1900C 
.text C:\WINDOWS\System32\alg.exe[3960] ntdll.dll!NtCreateProcess  7C90D14E 5 Bytes JMP 00AD000C 
.text C:\WINDOWS\System32\alg.exe[3960] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00AD100C 
.text C:\WINDOWS\System32\alg.exe[3960] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD200C 
.text C:\WINDOWS\System32\alg.exe[3960] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00AD300C 
.text C:\WINDOWS\System32\alg.exe[3960] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AD400C 
.text C:\WINDOWS\System32\alg.exe[3960] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00ADA00C 
.text C:\WINDOWS\System32\alg.exe[3960] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00AD700C 
.text C:\WINDOWS\System32\alg.exe[3960] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00AD500C 
.text C:\WINDOWS\System32\alg.exe[3960] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00AD600C 
.text C:\WINDOWS\System32\alg.exe[3960] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00AD800C 
.text C:\WINDOWS\System32\alg.exe[3960] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00AD900C

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 003D0010
IAT C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00690010

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST  fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

---- EOF - GMER 1.0.15 ----


----------



## sjajdld (Jan 25, 2007)

I've tried to add pictures of what the screen looks like when black, but it won't let me add the photos. I tried a zip file as well.... no luck  So I'm trying a link to my facebook page so you can see them. You can see the desktop underneath the blackness and I still have full function of the laptop... just can't see anything to use it unless I shine a flashlight on it and that is making me go blind  !!! As I stated above, I can use it if it's not on AC power, but the battery only lasts for an hour, give or take a few minutes. As soon as I plug the AC cord in, boom, the screen goes black within 10-15 seconds.

https://www.facebook.com/media/set/?set=a.10152056613420562.892459.893150561&type=1

Hope this works 

http://www.facebook.com/media/set/?set=a.10152056613420562.892459.893150561&type=1


----------



## sjajdld (Jan 25, 2007)

No one? Was hoping someone would see this and Be able to help me out...


----------



## sjajdld (Jan 25, 2007)

Bump ! and please HELP !!!!!


----------



## sjajdld (Jan 25, 2007)

bumping back up...


----------



## sjajdld (Jan 25, 2007)

Seriously... no one???  It's getting worse now... goes black while on battery now too... I'm running out of time. PLEASE HELPPPPPPPPPPPPPPPPPPPPPPPPPPP PLEASE !!!


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## sjajdld (Jan 25, 2007)

ComboFix 12-09-01.01 - Administrator 09/02/2012 22:52:37.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.562 [GMT -4:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: F-Secure Anti-Virus 9.20.17320 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\100
c:\documents and settings\All Users\Application Data\Codecv
c:\documents and settings\All Users\Application Data\Codecv\background.html
c:\documents and settings\All Users\Application Data\Codecv\content.js
c:\documents and settings\All Users\Application Data\Codecv\data\content.js
c:\documents and settings\All Users\Application Data\Codecv\data\jsondb.js
c:\documents and settings\All Users\Application Data\Codecv\mpkhppmnhgaocboaancgaipdlcifneik.crx
c:\documents and settings\All Users\Application Data\Codecv\settings.ini
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{889C6F39-241F-4119-8026-1B2F4A124839}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe
c:\program files\Shared
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\EventSystem.log
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\Tasks\wxiwwczw.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVOKO6
.
.
((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))
.
.
2012-09-03 02:32 . 2012-08-23 04:15	7022536	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9157C03B-6555-454F-8E61-F751D4BEE779}\mpengine.dll
2012-09-01 17:35 . 2012-08-23 04:15	7022536	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-01 17:30 . 2012-09-01 17:30	--------	d-----w-	c:\program files\Microsoft Security Client
2012-09-01 15:40 . 2012-09-01 17:07	--------	d-----w-	C:\d80e6c2efb9c4c9564
2012-08-29 17:07 . 2012-08-29 17:11	--------	d-----w-	c:\documents and settings\All Users\Application Data\Tarma Installer
2012-08-26 02:48 . 2012-08-26 02:57	44240	----a-w-	c:\windows\system32\drivers\fsbts.sys
2012-08-26 02:47 . 2011-09-26 15:52	82160	----a-w-	c:\windows\system32\drivers\fsdfw.sys
2012-08-26 01:44 . 2012-08-26 01:44	--------	d-----w-	c:\windows\system32\wbem\Repository
2012-08-25 18:29 . 2012-08-25 18:29	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\F-Secure
2012-08-25 18:27 . 2012-08-25 18:27	--------	d-----w-	c:\program files\Frontier
2012-08-25 18:24 . 2012-08-25 19:09	--------	d-----w-	c:\documents and settings\All Users\Application Data\fssg
2012-08-25 17:26 . 2012-08-25 17:26	388096	----a-r-	c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-25 16:45 . 2012-08-26 02:47	--------	d-----w-	c:\documents and settings\All Users\Application Data\f-secure
2012-08-15 19:36 . 2012-08-15 19:36	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Virtual Prophecy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 13:58 . 2004-08-04 12:00	78336	----a-w-	c:\windows\system32\browser.dll
2012-07-06 02:07 . 2011-09-25 01:21	143872	----a-w-	c:\windows\system32\javacpl.cpl
2012-07-06 02:06 . 2012-07-14 16:35	772544	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-07-06 02:06 . 2010-12-01 13:40	687544	----a-w-	c:\windows\system32\deployJava1.dll
2012-07-04 14:05 . 2007-04-12 14:07	139784	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2004-08-04 12:00	1866112	----a-w-	c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2004-08-04 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-04 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2004-08-04 12:00	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 12:00	385024	----a-w-	c:\windows\system32\html.iec
2012-06-05 15:50 . 2007-05-15 19:43	1372672	----a-w-	c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 12:00	1172480	----a-w-	c:\windows\system32\msxml3.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51	919008	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 11:22	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-06 01:05	344064	-c--a-w-	c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-12-19 22:08	1347584	----a-w-	c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2010-02-04 04:05	107176	----a-w-	c:\program files\Lexmark 2600 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
2011-09-26 15:53	201392	----a-w-	c:\program files\Frontier\Security\Common\FSM32.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
2011-09-26 15:52	1655472	----a-w-	c:\program files\Frontier\Security\FSGUI\tnbutil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-09-09 20:33	136176	----atw-	c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnmon.exe]
2010-02-04 04:05	660136	----a-w-	c:\program files\Lexmark 2600 Series\lxdnmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 21:08	931200	----a-w-	c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 18:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 15:07	252296	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 00:12	143360	----a-w-	c:\windows\system32\mobsync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"seclogon"=2 (0x2)
"mnmsrvc"=3 (0x3)
"Messenger"=2 (0x2)
"McComponentHostService"=3 (0x3)
"FSORSPClient"=3 (0x3)
"FSMA"=2 (0x2)
"FSDFWD"=3 (0x3)
"F-Secure Gatekeeper Handler Starter"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\Diagnostics\\LXDNdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:GateOKO
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [8/25/2012 10:48 PM 44240]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [8/25/2012 10:47 PM 82160]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/11/2010 9:53 PM 135664]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [1/14/2012 8:44 PM 94208]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Frontier\Security\Anti-Virus\minifilter\fsgk.sys [8/25/2012 10:46 PM 149672]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/11/2010 9:53 PM 135664]
S4 FSORSPClient;F-Secure ORSP Client;c:\program files\Frontier\Security\ORSP Client\fsorsp.exe [8/25/2012 10:47 PM 61088]
S4 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 01:53]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 01:53]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-963248029-2652404320-3942384350-500Core1cc902a60d0ab00.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-10 20:33]
.
2012-09-03 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
mStart Page = hxxp://search.searchonme.com/
uInternet Settings,ProxyServer = 127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki...
LSP: c:\program files\Frontier\Security\FSPS\program\FSLSP.DLL
Trusted Zone: mydrivefm.com\rewards
TCP: DhcpNameServer = 192.168.254.254
DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxps://members.ladiesauxvfw.org/EWEBREPORTSERVER/Reserved.ReportViewerWebControl.axd?ExecutionID=idpqch45rkbyrkfgjvf2rrjo&ControlID=79beb4c6385b404d9f2d7e368b1a9fd6&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-Locked - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-NavLogon - (no file)
SafeBoot-klmdb.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-lxdnamon - c:\program files\Lexmark 2600 Series\lxdnamon.exe
MSConfigStartUp-Spotify - c:\documents and settings\Administrator\Application Data\Spotify\Spotify.exe
AddRemove-CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1 - c:\program files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-02 23:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,46,9b,77,1c,6d,83,42,8f,1b,06,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,36,bc,8d,8b,90,21,43,88,81,b2,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,46,9b,77,1c,6d,83,42,8f,1b,06,\
.
[HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,36,bc,8d,8b,90,21,43,88,81,b2,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,36,bc,8d,8b,90,21,43,88,81,b2,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(916)
c:\program files\Frontier\Security\FSPS\program\FSLSP.DLL
.
- - - - - - - > 'explorer.exe'(2456)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Frontier\Security\FSPS\program\FSLSP.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\frontier\security\scanner-interface\fsgkiapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\windows\system32\lxdncoms.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-09-02 23:27:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-03 03:27
.
Pre-Run: 1,621,151,744 bytes free
Post-Run: 3,374,657,536 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 634D80E040BBBAABE211330C83A1D205

thank you very much !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


----------



## Cookiegal (Aug 27, 2003)

You have both F-Secure Anti-virus and Microsoft Security Essentials. You need to uninstall one of them as it's not good to have two on the machine at the same time because they will conflict and cause problems.

Open Notepad and copy and paste the text in the code box below into it:


```
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"=-

DDS::
uInternet Settings,ProxyServer = 127.0.0.1:5555
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

*Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.*


----------



## sjajdld (Jan 25, 2007)

I did uninstall F secure as it was too big... I just recently got it last week and had MSE to begin with. I had to uninstall MSE when I got F secure. I uninstalled F secure and reinstalled MSE. F secure does not show up in control panel add/remove programs...


----------



## sjajdld (Jan 25, 2007)

okay, so i uni9nstalled MSE and ran the combo with the cfscript. below are the results. thank you again for helping me  please let me know what you need next.

ComboFix 12-09-03.07 - Administrator 09/03/2012 23:11:04.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.653 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\puppy.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: F-Secure Anti-Virus 9.20.17320 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-04 to 2012-09-04 )))))))))))))))))))))))))))))))
.
.
2012-09-01 15:40 . 2012-09-01 17:07	--------	d-----w-	C:\d80e6c2efb9c4c9564
2012-08-29 17:07 . 2012-08-29 17:11	--------	d-----w-	c:\documents and settings\All Users\Application Data\Tarma Installer
2012-08-26 02:48 . 2012-08-26 02:57	44240	----a-w-	c:\windows\system32\drivers\fsbts.sys
2012-08-26 02:47 . 2011-09-26 15:52	82160	----a-w-	c:\windows\system32\drivers\fsdfw.sys
2012-08-26 01:44 . 2012-08-26 01:44	--------	d-----w-	c:\windows\system32\wbem\Repository
2012-08-25 18:29 . 2012-08-25 18:29	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\F-Secure
2012-08-25 18:27 . 2012-08-25 18:27	--------	d-----w-	c:\program files\Frontier
2012-08-25 18:24 . 2012-08-25 19:09	--------	d-----w-	c:\documents and settings\All Users\Application Data\fssg
2012-08-25 17:26 . 2012-08-25 17:26	388096	----a-r-	c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-25 16:45 . 2012-08-26 02:47	--------	d-----w-	c:\documents and settings\All Users\Application Data\f-secure
2012-08-15 19:36 . 2012-08-15 19:36	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Virtual Prophecy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 13:58 . 2004-08-04 12:00	78336	----a-w-	c:\windows\system32\browser.dll
2012-07-06 02:07 . 2011-09-25 01:21	143872	----a-w-	c:\windows\system32\javacpl.cpl
2012-07-06 02:06 . 2012-07-14 16:35	772544	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-07-06 02:06 . 2010-12-01 13:40	687544	----a-w-	c:\windows\system32\deployJava1.dll
2012-07-04 14:05 . 2007-04-12 14:07	139784	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2004-08-04 12:00	1866112	----a-w-	c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2004-08-04 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-04 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2004-08-04 12:00	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 12:00	385024	----a-w-	c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( [email protected]_03.21.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-04 03:04 . 2012-09-04 03:04	16384 c:\windows\Temp\Perflib_Perfdata_1c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51	919008	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 11:22	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-06 01:05	344064	-c--a-w-	c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-12-19 22:08	1347584	----a-w-	c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2010-02-04 04:05	107176	----a-w-	c:\program files\Lexmark 2600 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
2011-09-26 15:53	201392	----a-w-	c:\program files\Frontier\Security\Common\FSM32.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
2011-09-26 15:52	1655472	----a-w-	c:\program files\Frontier\Security\FSGUI\tnbutil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-09-09 20:33	136176	----atw-	c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnmon.exe]
2010-02-04 04:05	660136	----a-w-	c:\program files\Lexmark 2600 Series\lxdnmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 18:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 15:07	252296	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 00:12	143360	----a-w-	c:\windows\system32\mobsync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"seclogon"=2 (0x2)
"mnmsrvc"=3 (0x3)
"Messenger"=2 (0x2)
"McComponentHostService"=3 (0x3)
"FSORSPClient"=3 (0x3)
"FSMA"=2 (0x2)
"FSDFWD"=3 (0x3)
"F-Secure Gatekeeper Handler Starter"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\Diagnostics\\LXDNdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [8/25/2012 10:48 PM 44240]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [8/25/2012 10:47 PM 82160]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/11/2010 9:53 PM 135664]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [1/14/2012 8:44 PM 94208]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Frontier\Security\Anti-Virus\minifilter\fsgk.sys [8/25/2012 10:46 PM 149672]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/11/2010 9:53 PM 135664]
S4 FSORSPClient;F-Secure ORSP Client;c:\program files\Frontier\Security\ORSP Client\fsorsp.exe [8/25/2012 10:47 PM 61088]
S4 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 01:53]
.
2012-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 01:53]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-963248029-2652404320-3942384350-500Core1cc902a60d0ab00.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-10 20:33]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
mStart Page = hxxp://search.searchonme.com/
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki...
LSP: c:\program files\Frontier\Security\FSPS\program\FSLSP.DLL
Trusted Zone: mydrivefm.com\rewards
TCP: DhcpNameServer = 192.168.254.254
DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxps://members.ladiesauxvfw.org/EWEBREPORTSERVER/Reserved.ReportViewerWebControl.axd?ExecutionID=idpqch45rkbyrkfgjvf2rrjo&ControlID=79beb4c6385b404d9f2d7e368b1a9fd6&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-03 23:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,46,9b,77,1c,6d,83,42,8f,1b,06,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,36,bc,8d,8b,90,21,43,88,81,b2,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,46,9b,77,1c,6d,83,42,8f,1b,06,\
.
[HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,36,bc,8d,8b,90,21,43,88,81,b2,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,36,bc,8d,8b,90,21,43,88,81,b2,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(908)
c:\program files\Frontier\Security\FSPS\program\FSLSP.DLL
.
- - - - - - - > 'explorer.exe'(3460)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Frontier\Security\FSPS\program\FSLSP.DLL
c:\program files\frontier\security\scanner-interface\fsgkiapi.dll
.
Completion time: 2012-09-03 23:24:47
ComboFix-quarantined-files.txt 2012-09-04 03:24
ComboFix2.txt 2012-09-03 03:27
.
Pre-Run: 3,336,732,672 bytes free
Post-Run: 3,393,286,144 bytes free
.
- - End Of File - - 5CC77F0BED394B25F0C817CEBBFCCC16


----------



## Cookiegal (Aug 27, 2003)

Is F-Secure working? You don't want to be unprotected so you may have to reinstall it.

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
At the top put a check mark in the box beside "Scan All Users".
Under the *Additional Scans *section put a check in the box next to Disabled MS Config Items, NetSvcs and EventViewer logs (Last 10 errors)
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## sjajdld (Jan 25, 2007)

sorry, it's hard to read/see this all while shining a flashlight... my eyes are shot !!! I thought I had uninstalled F secure as it doesn't show in mu control panel under add/remove anymore. I did uninstall the MSE again though, so it appears as i have no anti virus running right now. The F secure seemed huge compared to the MSE... that's why I uninstalled it. I'll reinstall if you think I should... or is there a way to see if it's really gone or not? I recently purchase F secure through my internet provider and they sent me the link with codes to enter to install, but right around that time is whne I started having the troubles with my computer and thought maybe it was related to the F secure...?!?


----------



## Cookiegal (Aug 27, 2003)

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## sjajdld (Jan 25, 2007)

32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.4)
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Broadcom 440x 10/100 Integrated Controller
C-Major Audio
Dell Wireless WLAN Card
F-Secure PSC Prerequisites
Google Update Helper
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Java(TM) 6 Update 29
Java(TM) 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
Lexmark 2600 Series
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Live Add-in 1.4
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
neroxml
Nokia Connectivity Adapter Cable DKU-5
OGA Notifier 2.0.0048.0
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923789)
Segoe UI
Trusted Software Assistant
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB971029)
VC80CRTRedist - 8.0.50727.6195
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Imaging Component
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Photo Gallery
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
Word Free


----------



## Cookiegal (Aug 27, 2003)

There is also a lot of stuff related to AVG still on the computer.

Please run the AVG removal tool:

http://www.avg.com/ca-en/utilities

Then reboot the machine.

Also, uninstall:

*F-Secure PSC Prerequisites*

If you don't need JavaFX 2.1.1 (you don't develop applications) then uninstall it as well.

Your *Java* is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of *Java* components and upgrade the application.

*Upgrading Java*:


Download the latest version of *Java Runtime Environment (JRE) 6 Update 35*.
Accept the License Agreement and then select the option to download the *Windows x86 Offline* version 
Save the executable file to your desktop.
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with * Java Runtime Environment, JRE, J2SE or Java(TM)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download and follow the prompts to install the newest version.

These are the two versions of Java that should be uninstalled as they contain vulnerabilities that can be exploited:

Java(TM) 6 Update 29
Java(TM) 7 Update 5

Reboot after uninstalling and then run OTS again and post the new log please.


----------



## sjajdld (Jan 25, 2007)

one question... where do i uninstall the f secure psc prereq from? it's not showing up in my add/remove programs. sorry, this is making me dizzy(er)?! on the hijack this program?


----------



## sjajdld (Jan 25, 2007)

Below is the new OTS scan log. Just a few things before... I didn't uninstall the F Secure PSC Prerequisites because i could not find it to uninstall in my control panel add/remove list. It only showed on the hijack this page/scan. Also a new item has appeared on my desktop that I am not sure of... Thumbs.db... perhaps something from a scan I did? Hard for me to tell when the screen is pretty much black most of the time. I think I'm going blind... Anywhoooo, one last thing I have noticed upon starting up is after the DELL page a screen flashes up that says:
Please select the operating system to start:
Microsoft Windows recovery Console
do not select this [debugger enabled}
Microsoft Windows XP Professional

Use the up and down arrow keys to move the highlight to your choice.
Seconds until highlighted choice will be started automatically:

For trouble shooting and advance start up options for windows, press F8

Then it goes into the Windows loading page and desktop.
Is this because you have me starting in a different way or is this something new to add to this? i hope not... not nothing "new" to add :/ lol WHEWWWWW

Also should I reinstall the MSE as i stated I have no anti virus running as of now...(that I know of) ! TYTYTYTYTYTYTYTYTYTY and Thank You again !!!!


```
OTS logfile created on: 9/5/2012 6:34:58 PM - Run 2
OTS by OldTimer - Version 3.1.47.2     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,023.00 Mb Total Physical Memory | 677.00 Mb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 2.89 Gb Free Space | 5.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SJD
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2012/09/04 16:24:36 | 000,646,656 | ---- | M] (OldTimer Tools)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
lxdncoms.exe -> C:\WINDOWS\system32\lxdncoms.exe -> [2007/11/28 06:12:40 | 000,589,824 | ---- | M] ( )
 
[Modules - No Company Name]
lxdndrpp.dll -> C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdndrpp.dll -> [2009/08/13 04:02:21 | 000,147,968 | ---- | M] ()
lxdndrs.dll -> C:\WINDOWS\system32\lxdndrs.dll -> [2009/07/23 11:49:04 | 000,782,336 | ---- | M] ()
lxdncaps.dll -> C:\WINDOWS\system32\lxdncaps.dll -> [2009/05/14 05:46:40 | 000,081,920 | ---- | M] ()
lxdncnv4.dll -> C:\WINDOWS\system32\lxdncnv4.dll -> [2007/10/02 06:51:09 | 000,069,632 | ---- | M] ()
bcm1xsup.dll -> C:\WINDOWS\system32\bcm1xsup.dll -> [2005/12/19 18:08:04 | 000,757,760 | ---- | M] ()
 
[Win32 Services - Safe List]
(McComponentHostService) McAfee Security Scan Component Host Service [Disabled | Stopped] ->  -> File not found
(HidServ) Human Interface Device Access [Auto | Stopped] ->  -> File not found
(FSORSPClient) F-Secure ORSP Client [Disabled | Stopped] -> C:\Program Files\Frontier\Security\ORSP Client\fsorsp.exe -> [2012/08/25 22:56:25 | 000,061,088 | ---- | M] (F-Secure Corporation)
(FSMA) F-Secure Management Agent [Disabled | Stopped] -> C:\Program Files\Frontier\Security\Common\FSMA32.EXE -> [2011/09/26 11:53:24 | 000,189,104 | ---- | M] (F-Secure Corporation)
(FSDFWD) F-Secure Anti-Virus Firewall Daemon [Disabled | Stopped] -> C:\Program Files\Frontier\Security\FWES\Program\fsdfwd.exe -> [2011/09/26 11:52:38 | 000,524,976 | ---- | M] (F-Secure Corporation)
(F-Secure Gatekeeper Handler Starter) FSGKHS [Disabled | Stopped] -> C:\Program Files\Frontier\Security\Anti-Virus\fsgk32st.exe -> [2011/09/26 11:52:10 | 000,221,872 | ---- | M] (F-Secure Corporation)
(lxdnCATSCustConnectService) lxdnCATSCustConnectService [Auto | Stopped] -> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -> [2009/04/28 01:58:24 | 000,094,208 | ---- | M] ()
(lxdn_device) lxdn_device [Auto | Running] -> C:\WINDOWS\System32\lxdncoms.exe -> [2007/11/28 06:12:40 | 000,589,824 | ---- | M] ( )
 
[Driver Services - Safe List]
(fsbts) fsbts [Kernel | Boot | Running] -> C:\WINDOWS\system32\Drivers\fsbts.sys -> [2012/08/25 22:57:56 | 000,044,240 | ---- | M] ()
(F-Secure Gatekeeper) F-Secure Gatekeeper [Kernel | On_Demand | Stopped] -> C:\Program Files\Frontier\Security\Anti-Virus\minifilter\fsgk.sys -> [2012/08/25 22:55:21 | 000,149,672 | ---- | M] ()
(FSFW) F-Secure Firewall Driver [Kernel | Boot | Running] -> C:\WINDOWS\System32\drivers\fsdfw.sys -> [2011/09/26 11:52:38 | 000,082,160 | ---- | M] (F-Secure Corporation)
(GTPTSER) GT PT SER [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\gtptser.sys -> [2006/01/26 19:09:38 | 000,008,064 | ---- | M] (Option N.V.)
(GTF32BUS) GT F32 BUS [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\gtf32bus.sys -> [2006/01/26 19:09:34 | 000,032,640 | ---- | M] (Option N.V.)
(BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\BCMWL5.SYS -> [2005/11/02 13:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2005/08/03 23:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.)
(STAC97) Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\stac97.sys -> [2004/11/15 15:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\bcm4sbxp.sys -> [2003/09/26 10:41:10 | 000,044,032 | ---- | M] (Broadcom Corporation)
(OMCI) OMCI [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -> [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://search.searchonme.com/ -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\] > -> -> 
HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\: Main\\"Start Page" -> https://www.google.com/ -> 
HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-us -> 
HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\: "ProxyOverride" -> <local> -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\Frontier\Security\NRS\[email protected] [C:\PROGRAM FILES\FRONTIER\SECURITY\NRS\[email protected]] -> [2012/08/27 21:31:29 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions -> [2010/04/29 01:13:48 | 000,000,000 | ---D | M]
< HOSTS File > ([2012/09/02 23:20:47 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2012/08/28 20:49:56 | 000,329,712 | ---- | M] (Sun Microsystems, Inc.)
{C6867EB7-8350-4856-877F-93CF8AE3DC9C} [HKLM] -> C:\Program Files\Frontier\Security\NRS\iescript\baselitmus.dll [Browsing Protection Class] -> [2012/08/27 21:31:24 | 000,556,600 | ---- | M] (F-Secure Corporation)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{265EEE8E-3228-44D3-AEA5-F7FDF5860049}" [HKLM] -> C:\Program Files\Frontier\Security\NRS\iescript\baselitmus.dll [Browsing Protection Toolbar] -> [2012/08/27 21:31:24 | 000,556,600 | ---- | M] (F-Secure Corporation)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\] > -> HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Admin Startup Folder > -> C:\Documents and Settings\Admin\Start Menu\Programs\Startup -> 
< Admin.SJD Startup Folder > -> C:\Documents and Settings\Admin.SJD\Start Menu\Programs\Startup -> 
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500] > -> HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500] > -> HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500] > -> HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel ->  [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel ->  [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\] > -> HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\] > -> HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\] > -> HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
rewards_mydrivefm.com [http] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\] > -> HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{01A88BB1-1174-41EC-ACCB-963509EAE56B} [HKLM] -> http://support.dell.com/systemprofiler/SysPro.CAB [SysProWmi Class] -> 
{0742B9EF-8C83-41CA-BFBA-830A59E23533} [HKLM] -> https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab [Reg Error: Key error.] -> 
{0D221D00-A6ED-477C-8A91-41F3B660A832} [HKLM] -> https://members.ladiesauxvfw.org/EWEBREPORTSERVER/Reserved.ReportViewerWebControl.axd?ExecutionID=idpqch45rkbyrkfgjvf2rrjo&ControlID=79beb4c6385b404d9f2d7e368b1a9fd6&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab [RSClientPrint 2005 Class] -> 
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{5AE58FCF-6F6A-49B2-B064-02492C66E3F4} [HKLM] -> http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1326218597187 [MUCatalogWebControl Class] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267219565705 [WUWebControl Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343793071963 [MUWebControl Class] -> 
{8100D56A-5661-482C-BEE8-AFECE305D968} [HKLM] -> http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab [Reg Error: Key error.] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab [Java Plug-in 1.6.0_35] -> 
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab [Java Plug-in 1.6.0_35] -> 
{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab [Java Plug-in 1.6.0_35] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.254.254 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{76313147-6AC4-43F5-BE56-F3429732AA9D}\\DhcpNameServer -> 192.168.254.254   (Dell TrueMobile 1400 Dual Band WLAN Mini-PCI Card) -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
"Use My Stylesheet" -> Reg Error: Invalid data type.
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> C:\WINDOWS\System32\ati2evxx.dll -> [2005/08/03 23:04:18 | 000,046,080 | ---- | M] (ATI Technologies Inc.)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [] -> [2009/05/24 23:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" -> C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit] -> [2011/09/27 07:22:50 | 000,014,184 | ---- | M] (Apple Inc.)
"C:\Program Files\Lexmark 2600 Series\Diagnostics\LXDNdiag.exe" -> C:\Program Files\Lexmark 2600 Series\Diagnostics\LXDNdiag.exe [C:\Program Files\Lexmark 2600 Series\Diagnostics\LXDNdiag.exe:*:Enabled: ] -> [2009/07/14 03:35:12 | 000,213,672 | ---- | M] ()
"C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe" -> C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe [C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe:*:Enabled: ] -> [2010/02/04 00:05:55 | 000,529,064 | ---- | M] ()
"C:\Program Files\Lexmark 2600 Series\lxdnmon.exe" -> C:\Program Files\Lexmark 2600 Series\lxdnmon.exe [C:\Program Files\Lexmark 2600 Series\lxdnmon.exe:*:Enabled:Printer Device Monitor] -> [2010/02/04 00:05:54 | 000,660,136 | ---- | M] ()
"C:\WINDOWS\system32\lxdncoms.exe" -> C:\WINDOWS\System32\lxdncoms.exe [C:\WINDOWS\system32\lxdncoms.exe:*:Enabled:2600 Series Server] -> [2007/11/28 06:12:40 | 000,589,824 | ---- | M] ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe" -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdnjswx.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe:*:Enabled:Job Status Window Interface] -> [2009/07/13 23:25:03 | 000,700,416 | ---- | M] ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe" -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdnpswx.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe:*:Enabled:Printer Status Window Interface] -> [2009/07/13 23:24:21 | 000,745,472 | ---- | M] ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe" -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdntime.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe:*:Enabled:Lexmark Connect Time Executable] -> [2009/04/28 01:58:19 | 000,077,824 | ---- | M] (Lexmark International, Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2007/04/12 10:12:22 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services -> 
"FSDFWD" -> -> 
"F-Secure Gatekeeper Handler Starter" -> -> 
"FSMA" -> -> 
"FSORSPClient" -> -> 
"McComponentHostService" -> -> 
"Messenger" -> -> 
"mnmsrvc" -> -> 
"seclogon" -> -> 
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe -> [2008/05/26 23:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation)
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
Adobe ARM hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe -> [2012/07/27 16:51:26 | 000,919,008 | ---- | M] (Adobe Systems Incorporated)
APSDaemon hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe -> [2011/09/27 07:22:28 | 000,059,240 | ---- | M] (Apple Inc.)
ATIPTA hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe -> [2005/08/05 21:05:00 | 000,344,064 | ---- | M] (ATI Technologies, Inc.)
Broadcom Wireless Manager UI hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
ctfmon.exe hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
EzPrint hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Lexmark 2600 Series\ezprint.exe -> [2010/02/04 00:05:56 | 000,107,176 | ---- | M] (Lexmark International Inc.)
F-Secure Manager hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Frontier\Security\Common\FSM32.EXE -> [2011/09/26 11:53:24 | 000,201,392 | ---- | M] (F-Secure Corporation)
F-Secure TNB hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Frontier\Security\FSGUI\TNBUtil.exe -> [2011/09/26 11:52:22 | 001,655,472 | ---- | M] (F-Secure Corporation)
Google Update hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> [2011/09/09 16:33:07 | 000,136,176 | ---- | M] (Google Inc.)
lxdnmon.exe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Lexmark 2600 Series\lxdnmon.exe -> [2010/02/04 00:05:54 | 000,660,136 | ---- | M] ()
QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\QuickTime\QTTask.exe -> [2011/10/24 14:28:52 | 000,421,888 | ---- | M] (Apple Inc.)
SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Java\Java Update\jusched.exe -> [2012/01/18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.)
Synchronization Manager hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 2 -> 
"startup" -> 1 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 ->  -> File not found
HidServ ->  -> File not found
Ias ->  -> File not found
Iprip ->  -> File not found
Irmon ->  -> File not found
NWCWorkstation ->  -> File not found
Nwsapagent ->  -> File not found
WmdmPmSp ->  -> File not found
*MultiFile Done* -> -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 9/1/2012 5:49:28 PM Computer Name = SJD | Source = NativeWrapper | ID = 5000 -> Description = 
Application [ Error ] 9/1/2012 5:49:36 PM Computer Name = SJD | Source = MsiInstaller | ID = 1023 -> Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '{BEEBFC3C-48B1-4A38-A3C5-81BA19DF5F40}' could not be installed. Error code 1635. Additional information is available in the log file C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Microsoft .NET Framework 2.0-KB958481_20120901_214935812-Msi0.txt.
Application [ Error ] 9/1/2012 5:49:36 PM Computer Name = SJD | Source = HotFixInstaller | ID = 5000 -> Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481, P2 1033, P3 1635, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10 0.
Application [ Error ] 9/1/2012 5:49:56 PM Computer Name = SJD | Source = MsiInstaller | ID = 10005 -> Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2721. The arguments are: CA_ScheduleUpdateAssemblyRB.3643236F_FC70_11D3_A536_0090278A1BB8, , 
Application [ Error ] 9/1/2012 5:49:56 PM Computer Name = SJD | Source = MsiInstaller | ID = 1023 -> Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB2604092' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Microsoft .NET Framework 2.0-KB2604092_20120901_214951415-Msi0.txt.
Application [ Error ] 9/1/2012 5:49:57 PM Computer Name = SJD | Source = HotFixInstaller | ID = 5000 -> Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2604092, P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10 2721.
Application [ Error ] 9/1/2012 5:50:07 PM Computer Name = SJD | Source = MsiInstaller | ID = 10005 -> Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2721. The arguments are: CA_ScheduleUpdateAssemblyRB.3643236F_FC70_11D3_A536_0090278A1BB8, , 
Application [ Error ] 9/1/2012 5:50:07 PM Computer Name = SJD | Source = MsiInstaller | ID = 1023 -> Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB2656369v2' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Microsoft .NET Framework 2.0-KB2656369_20120901_215003141-Msi0.txt.
Application [ Error ] 9/1/2012 5:50:08 PM Computer Name = SJD | Source = HotFixInstaller | ID = 5000 -> Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2656369, P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10 2721.
Application [ Error ] 9/1/2012 5:51:50 PM Computer Name = SJD | Source = Windows Search Service | ID = 3024 -> Description = The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.  Context:  Application, SystemIndex Catalog 
System [ Error ] 9/5/2012 5:19:47 PM Computer Name = SJD | Source = Service Control Manager | ID = 7000 -> Description = The lxdnCATSCustConnectService service failed to start due to the following error:   %%1053
System [ Error ] 9/5/2012 5:19:57 PM Computer Name = SJD | Source = RemoteAccess | ID = 20106 -> Description = Unable to add the interface {EA18F0EF-BADD-4E03-9854-45690377F1BA} with the Router Manager for the IP protocol. The  following error occurred: Cannot complete this function.  
System [ Error ] 9/5/2012 6:14:25 PM Computer Name = SJD | Source = Service Control Manager | ID = 7023 -> Description = The Human Interface Device Access service terminated with the following error:   %%126
System [ Error ] 9/5/2012 6:14:25 PM Computer Name = SJD | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService service to connect.
System [ Error ] 9/5/2012 6:14:25 PM Computer Name = SJD | Source = Service Control Manager | ID = 7000 -> Description = The lxdnCATSCustConnectService service failed to start due to the following error:   %%1053
System [ Error ] 9/5/2012 6:14:35 PM Computer Name = SJD | Source = RemoteAccess | ID = 20106 -> Description = Unable to add the interface {EA18F0EF-BADD-4E03-9854-45690377F1BA} with the Router Manager for the IP protocol. The  following error occurred: Cannot complete this function.  
System [ Error ] 9/5/2012 6:26:15 PM Computer Name = SJD | Source = Service Control Manager | ID = 7023 -> Description = The Human Interface Device Access service terminated with the following error:   %%126
System [ Error ] 9/5/2012 6:26:15 PM Computer Name = SJD | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService service to connect.
System [ Error ] 9/5/2012 6:26:15 PM Computer Name = SJD | Source = Service Control Manager | ID = 7000 -> Description = The lxdnCATSCustConnectService service failed to start due to the following error:   %%1053
System [ Error ] 9/5/2012 6:26:25 PM Computer Name = SJD | Source = RemoteAccess | ID = 20106 -> Description = Unable to add the interface {EA18F0EF-BADD-4E03-9854-45690377F1BA} with the Router Manager for the IP protocol. The  following error occurred: Cannot complete this function.  
 
[Files/Folders - Created Within 30 Days]
 javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2012/09/05 18:22:06 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.)
 javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2012/09/05 18:22:06 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.)
 java.exe -> C:\WINDOWS\System32\java.exe -> [2012/09/05 18:22:06 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.)
 Java -> C:\Program Files\Common Files\Java -> [2012/09/05 17:22:08 | 000,000,000 | ---D | C]
 javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2012/09/05 17:21:37 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.)
 HijackThis (2).exe -> C:\Documents and Settings\Administrator\Desktop\HijackThis (2).exe -> [2012/09/05 16:54:28 | 000,388,608 | ---- | C] (Trend Micro Inc.)
 jre-6u34-windows-i586.exe -> C:\Documents and Settings\Administrator\Desktop\jre-6u34-windows-i586.exe -> [2012/09/05 16:32:07 | 016,992,248 | ---- | C] (Sun Microsystems, Inc.)
 RECYCLER -> C:\RECYCLER -> [2012/09/04 16:58:48 | 000,000,000 | -HSD | C]
 OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2012/09/04 16:24:32 | 000,646,656 | ---- | C] (OldTimer Tools)
 puppy.exe -> C:\Documents and Settings\Administrator\Desktop\puppy.exe -> [2012/09/02 23:29:26 | 004,742,575 | R--- | C] (Swearware)
 cmdcons -> C:\cmdcons -> [2012/09/02 22:43:47 | 000,000,000 | RHSD | C]
 SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2012/09/02 22:40:16 | 000,518,144 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2012/09/02 22:40:16 | 000,406,528 | ---- | C] (SteelWerX)
 SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2012/09/02 22:40:16 | 000,212,480 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2012/09/02 22:40:16 | 000,060,416 | ---- | C] (NirSoft)
 Qoobox -> C:\Qoobox -> [2012/09/02 22:40:00 | 000,000,000 | ---D | C]
 erdnt -> C:\WINDOWS\erdnt -> [2012/09/02 22:39:22 | 000,000,000 | ---D | C]
 d80e6c2efb9c4c9564 -> C:\d80e6c2efb9c4c9564 -> [2012/09/01 11:40:44 | 000,000,000 | ---D | C]
 Tarma Installer -> C:\Documents and Settings\All Users\Application Data\Tarma Installer -> [2012/08/29 13:07:15 | 000,000,000 | ---D | C]
 fsdfw.sys -> C:\WINDOWS\System32\drivers\fsdfw.sys -> [2012/08/25 22:47:54 | 000,082,160 | ---- | C] (F-Secure Corporation)
 coupon sites -> C:\Documents and Settings\Administrator\Desktop\coupon sites -> [2012/08/25 14:36:42 | 000,000,000 | ---D | C]
 F-Secure -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure -> [2012/08/25 14:29:46 | 000,000,000 | ---D | C]
 Frontier -> C:\Program Files\Frontier -> [2012/08/25 14:27:22 | 000,000,000 | ---D | C]
 fssg -> C:\Documents and Settings\All Users\Application Data\fssg -> [2012/08/25 14:24:35 | 000,000,000 | ---D | C]
 f-secure -> C:\Documents and Settings\All Users\Application Data\f-secure -> [2012/08/25 12:45:57 | 000,000,000 | ---D | C]
 Virtual Prophecy -> C:\Documents and Settings\Administrator\Application Data\Virtual Prophecy -> [2012/08/15 15:36:34 | 000,000,000 | ---D | C]
 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2012/09/05 18:26:22 | 000,001,158 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2012/09/05 18:25:57 | 000,000,896 | ---- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2012/09/05 18:25:47 | 000,002,048 | --S- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2012/09/05 17:58:02 | 000,000,900 | ---- | M] ()
 HijackThis (2).exe -> C:\Documents and Settings\Administrator\Desktop\HijackThis (2).exe -> [2012/09/05 16:52:34 | 000,388,608 | ---- | M] (Trend Micro Inc.)
 jre-6u34-windows-i586.exe -> C:\Documents and Settings\Administrator\Desktop\jre-6u34-windows-i586.exe -> [2012/09/05 16:28:08 | 016,992,248 | ---- | M] (Sun Microsystems, Inc.)
 GoogleUpdateTaskUserS-1-5-21-963248029-2652404320-3942384350-500Core1cc902a60d0ab00.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-963248029-2652404320-3942384350-500Core1cc902a60d0ab00.job -> [2012/09/05 15:53:00 | 000,000,958 | ---- | M] ()
 OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2012/09/04 16:24:36 | 000,646,656 | ---- | M] (OldTimer Tools)
 cfscript log 9.3.12 -> C:\Documents and Settings\Administrator\Desktop\cfscript log 9.3.12 -> [2012/09/03 23:31:33 | 000,013,194 | ---- | M] ()
 puppy.exe -> C:\Documents and Settings\Administrator\Desktop\puppy.exe -> [2012/09/03 23:08:04 | 004,742,575 | R--- | M] (Swearware)
 epplauncher.mif -> C:\WINDOWS\epplauncher.mif -> [2012/09/03 22:18:49 | 000,001,945 | ---- | M] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2012/09/02 23:20:47 | 000,000,027 | ---- | M] ()
 boot.ini -> C:\boot.ini -> [2012/09/02 22:43:55 | 000,000,327 | RHS- | M] ()
 Dell Insprion 6000 black screen - Tech Support Guy Forums.url -> C:\Documents and Settings\Administrator\Desktop\Dell Insprion 6000 black screen - Tech Support Guy Forums.url -> [2012/09/01 23:19:27 | 000,000,107 | ---- | M] ()
 Netdiag 31082012 183423.htm -> C:\Documents and Settings\Administrator\Desktop\Netdiag 31082012 183423.htm -> [2012/08/31 18:34:23 | 000,310,926 | ---- | M] ()
 Boot.bak -> C:\Boot.bak -> [2012/08/31 17:20:11 | 000,000,211 | ---- | M] ()
 ntuser.pol -> C:\Documents and Settings\Administrator\ntuser.pol -> [2012/08/29 13:07:07 | 000,000,660 | RHS- | M] ()
 javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2012/08/28 20:10:12 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.)
 javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2012/08/28 20:10:07 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.)
 java.exe -> C:\WINDOWS\System32\java.exe -> [2012/08/28 20:09:57 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.)
 javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2012/08/28 18:39:23 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.)
 GMER - Rootkit Detector and Remover.url -> C:\Documents and Settings\Administrator\Desktop\GMER - Rootkit Detector and Remover.url -> [2012/08/26 12:42:01 | 000,000,046 | ---- | M] ()
 attach  8.26.zip -> C:\Documents and Settings\Administrator\Desktop\attach  8.26.zip -> [2012/08/26 10:27:24 | 000,004,289 | ---- | M] ()
 attach  8.26.12 -> C:\Documents and Settings\Administrator\Desktop\attach  8.26.12 -> [2012/08/26 10:26:56 | 000,017,432 | ---- | M] ()
 dds 8.26.12 -> C:\Documents and Settings\Administrator\Desktop\dds 8.26.12 -> [2012/08/26 10:25:03 | 000,010,868 | ---- | M] ()
 hijackthis scan 8.26.12 -> C:\Documents and Settings\Administrator\Desktop\hijackthis scan 8.26.12 -> [2012/08/26 10:08:39 | 000,008,371 | ---- | M] ()
 census.cache -> C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache -> [2012/08/26 01:50:46 | 000,206,507 | ---- | M] ()
 ars.cache -> C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache -> [2012/08/26 01:50:18 | 000,168,552 | ---- | M] ()
 fsbts.sys -> C:\WINDOWS\System32\drivers\fsbts.sys -> [2012/08/25 22:57:56 | 000,044,240 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2012/08/25 22:47:58 | 000,574,416 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2012/08/25 22:47:58 | 000,118,930 | ---- | M] ()
 hijackthis 2 8.25.12 -> C:\Documents and Settings\Administrator\Desktop\hijackthis 2 8.25.12 -> [2012/08/25 14:16:10 | 000,006,089 | ---- | M] ()
 Tech Support Guy.url -> C:\Documents and Settings\Administrator\Desktop\Tech Support Guy.url -> [2012/08/25 12:29:46 | 000,000,049 | ---- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2012/08/20 20:57:04 | 000,185,816 | ---- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2012/08/20 20:42:26 | 000,001,374 | ---- | M] ()
 Hotmail - [email protected] -> C:\Documents and Settings\Administrator\Desktop\Hotmail - [email protected] -> [2012/08/16 18:31:23 | 000,000,118 | ---- | M] ()
 d3dx.dat -> C:\WINDOWS\d3dx.dat -> [2012/08/15 15:36:30 | 000,004,096 | ---- | M] ()
 AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2012/08/15 09:44:00 | 000,000,284 | ---- | M] ()
 8 C:\Documents and Settings\Administrator\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\temp\*.tmp -> 
 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 
[Files - No Company Name]
 vubasibi -> C:\Documents and Settings\All Users\Application Data\vubasibi -> [2099/01/01 12:00:00 | 000,006,456 | -H-- | C] ()
 cfscript log 9.3.12 -> C:\Documents and Settings\Administrator\Desktop\cfscript log 9.3.12 -> [2012/09/03 23:31:33 | 000,013,194 | ---- | C] ()
 Boot.bak -> C:\Boot.bak -> [2012/09/02 22:43:55 | 000,000,211 | ---- | C] ()
 cmldr -> C:\cmldr -> [2012/09/02 22:43:51 | 000,260,272 | RHS- | C] ()
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2012/09/02 22:40:16 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2012/09/02 22:40:16 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\WINDOWS\sed.exe -> [2012/09/02 22:40:16 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\WINDOWS\grep.exe -> [2012/09/02 22:40:16 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\WINDOWS\zip.exe -> [2012/09/02 22:40:16 | 000,068,096 | ---- | C] ()
 Dell Insprion 6000 black screen - Tech Support Guy Forums.url -> C:\Documents and Settings\Administrator\Desktop\Dell Insprion 6000 black screen - Tech Support Guy Forums.url -> [2012/09/01 23:19:27 | 000,000,107 | ---- | C] ()
 Netdiag 31082012 183423.htm -> C:\Documents and Settings\Administrator\Desktop\Netdiag 31082012 183423.htm -> [2012/08/31 18:34:23 | 000,310,926 | ---- | C] ()
 ntuser.pol -> C:\Documents and Settings\Administrator\ntuser.pol -> [2012/08/29 13:07:06 | 000,000,660 | RHS- | C] ()
 GMER - Rootkit Detector and Remover.url -> C:\Documents and Settings\Administrator\Desktop\GMER - Rootkit Detector and Remover.url -> [2012/08/26 12:42:01 | 000,000,046 | ---- | C] ()
 attach  8.26.zip -> C:\Documents and Settings\Administrator\Desktop\attach  8.26.zip -> [2012/08/26 10:27:24 | 000,004,289 | ---- | C] ()
 attach  8.26.12 -> C:\Documents and Settings\Administrator\Desktop\attach  8.26.12 -> [2012/08/26 10:26:55 | 000,017,432 | ---- | C] ()
 dds 8.26.12 -> C:\Documents and Settings\Administrator\Desktop\dds 8.26.12 -> [2012/08/26 10:25:03 | 000,010,868 | ---- | C] ()
 hijackthis scan 8.26.12 -> C:\Documents and Settings\Administrator\Desktop\hijackthis scan 8.26.12 -> [2012/08/26 10:08:39 | 000,008,371 | ---- | C] ()
 census.cache -> C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache -> [2012/08/26 01:50:46 | 000,206,507 | ---- | C] ()
 ars.cache -> C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache -> [2012/08/26 01:50:18 | 000,168,552 | ---- | C] ()
 fsbts.sys -> C:\WINDOWS\System32\drivers\fsbts.sys -> [2012/08/25 22:48:42 | 000,044,240 | ---- | C] ()
 hijackthis 2 8.25.12 -> C:\Documents and Settings\Administrator\Desktop\hijackthis 2 8.25.12 -> [2012/08/25 14:16:10 | 000,006,089 | ---- | C] ()
 Tech Support Guy.url -> C:\Documents and Settings\Administrator\Desktop\Tech Support Guy.url -> [2012/08/25 12:29:46 | 000,000,049 | ---- | C] ()
 Hotmail - [email protected] -> C:\Documents and Settings\Administrator\Desktop\Hotmail - [email protected] -> [2012/08/16 18:31:23 | 000,000,118 | ---- | C] ()
 d3dx.dat -> C:\WINDOWS\d3dx.dat -> [2012/08/15 15:36:30 | 000,004,096 | ---- | C] ()
 popcinfot.dat -> C:\WINDOWS\popcinfot.dat -> [2012/02/23 23:56:17 | 000,000,066 | ---- | C] ()
 popcreg.dat -> C:\WINDOWS\popcreg.dat -> [2012/02/23 23:56:17 | 000,000,000 | ---- | C] ()
 iacenc.dll -> C:\WINDOWS\System32\iacenc.dll -> [2012/02/15 20:59:09 | 000,003,072 | ---- | C] ()
 lxdnvs.dll -> C:\WINDOWS\System32\lxdnvs.dll -> [2012/01/14 20:45:07 | 000,040,960 | ---- | C] ()
 lxdncoin.dll -> C:\WINDOWS\System32\lxdncoin.dll -> [2012/01/14 20:45:02 | 000,409,600 | ---- | C] ( )
 lxdndrs.dll -> C:\WINDOWS\System32\lxdndrs.dll -> [2012/01/14 20:42:37 | 000,782,336 | ---- | C] ()
 lxdncaps.dll -> C:\WINDOWS\System32\lxdncaps.dll -> [2012/01/14 20:42:37 | 000,081,920 | ---- | C] ()
 lxdncnv4.dll -> C:\WINDOWS\System32\lxdncnv4.dll -> [2012/01/14 20:42:36 | 000,069,632 | ---- | C] ()
 lxdnrwrd.ini -> C:\WINDOWS\System32\lxdnrwrd.ini -> [2012/01/14 20:41:47 | 000,000,044 | ---- | C] ()
 LXDNinst.dll -> C:\WINDOWS\System32\LXDNinst.dll -> [2012/01/14 20:41:35 | 000,348,160 | ---- | C] ()
 LXDNhcp.dll -> C:\WINDOWS\System32\LXDNhcp.dll -> [2012/01/14 20:41:34 | 000,438,272 | ---- | C] ( )
 lxdninpa.dll -> C:\WINDOWS\System32\lxdninpa.dll -> [2012/01/14 20:41:34 | 000,364,544 | ---- | C] ( )
 lxdniesc.dll -> C:\WINDOWS\System32\lxdniesc.dll -> [2012/01/14 20:41:34 | 000,339,968 | ---- | C] ( )
 lxdnusb1.dll -> C:\WINDOWS\System32\lxdnusb1.dll -> [2012/01/14 20:41:33 | 000,843,776 | ---- | C] ( )
 lxdnserv.dll -> C:\WINDOWS\System32\lxdnserv.dll -> [2012/01/14 20:41:32 | 001,101,824 | ---- | C] ( )
 lxdnprox.dll -> C:\WINDOWS\System32\lxdnprox.dll -> [2012/01/14 20:41:32 | 000,053,248 | ---- | C] ( )
 lxdnpmui.dll -> C:\WINDOWS\System32\lxdnpmui.dll -> [2012/01/14 20:41:31 | 000,647,168 | ---- | C] ( )
 lxdnlmpm.dll -> C:\WINDOWS\System32\lxdnlmpm.dll -> [2012/01/14 20:41:31 | 000,569,344 | ---- | C] ( )
 lxdnhbn3.dll -> C:\WINDOWS\System32\lxdnhbn3.dll -> [2012/01/14 20:41:29 | 000,663,552 | ---- | C] ( )
 lxdnih.exe -> C:\WINDOWS\System32\lxdnih.exe -> [2012/01/14 20:41:29 | 000,315,392 | ---- | C] ( )
 lxdngrd.dll -> C:\WINDOWS\System32\lxdngrd.dll -> [2012/01/14 20:41:28 | 000,208,896 | ---- | C] ()
 lxdncoms.exe -> C:\WINDOWS\System32\lxdncoms.exe -> [2012/01/14 20:41:26 | 000,589,824 | ---- | C] ( )
 lxdncomm.dll -> C:\WINDOWS\System32\lxdncomm.dll -> [2012/01/14 20:41:25 | 000,376,832 | ---- | C] ( )
 lxdncomc.dll -> C:\WINDOWS\System32\lxdncomc.dll -> [2012/01/14 20:41:24 | 000,851,968 | ---- | C] ( )
 lxdncfg.exe -> C:\WINDOWS\System32\lxdncfg.exe -> [2012/01/14 20:41:23 | 000,360,448 | ---- | C] ( )
 Lagarith.dll -> C:\WINDOWS\System32\Lagarith.dll -> [2011/12/07 15:32:24 | 000,216,064 | ---- | C] ( )
 housecall.guid.cache -> C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache -> [2011/03/23 09:31:48 | 000,000,036 | ---- | C] ()
 zllictbl.dat -> C:\WINDOWS\System32\zllictbl.dat -> [2010/09/30 12:20:03 | 000,004,212 | -H-- | C] ()
 lexstat.ini -> C:\WINDOWS\lexstat.ini -> [2010/09/17 17:31:54 | 000,000,417 | ---- | C] ()
< End of report >
```


----------



## Cookiegal (Aug 27, 2003)

Is there anything in the Control Panel - Add or Remove Programs that says Frontier or Max Security?

The thumbs.db is only showing because we've unhidden files with the tools we're using. It will disappear again when we're finished.

The other boot option is because we installed the Recovery Console, which is good to have as it can be useful in recovering the system if it crashes.


----------



## sjajdld (Jan 25, 2007)

Nothing at all in control panel, add/remove that says Frontier or max... this is what i have in there:


----------



## sjajdld (Jan 25, 2007)

not sure if this last one posted or not. if so, sorry for duplicating


----------



## sjajdld (Jan 25, 2007)

here are 2 more without updates included... hope this helps


----------



## sjajdld (Jan 25, 2007)

now today on start up, i got a pop up on task bar sayinf f secure was off and computer may be at risk, i clicked on it and this is what pops up:


so, not sure where this f secure is lurking because its not showing in control panel, add/remove...?!


----------



## sjajdld (Jan 25, 2007)

ok try this again...


----------



## Cookiegal (Aug 27, 2003)

```
[Kill All Processes]
[Unregister Dlls]
[Win32 Services - Safe List]
YN -> (McComponentHostService) McAfee Security Scan Component Host Service [Disabled | Stopped] -> 
YY -> (FSORSPClient) F-Secure ORSP Client [Disabled | Stopped] -> C:\Program Files\Frontier\Security\ORSP Client\fsorsp.exe
YY -> (FSMA) F-Secure Management Agent [Disabled | Stopped] -> C:\Program Files\Frontier\Security\Common\FSMA32.EXE
YY -> (FSDFWD) F-Secure Anti-Virus Firewall Daemon [Disabled | Stopped] -> C:\Program Files\Frontier\Security\FWES\Program\fsdfwd.exe
YY -> (F-Secure Gatekeeper Handler Starter) FSGKHS [Disabled | Stopped] -> C:\Program Files\Frontier\Security\Anti-Virus\fsgk32st.exe
[Driver Services - Safe List]
YY -> (fsbts) fsbts [Kernel | Boot | Running] -> C:\WINDOWS\system32\Drivers\fsbts.sys
YY -> (F-Secure Gatekeeper) F-Secure Gatekeeper [Kernel | On_Demand | Stopped] -> C:\Program Files\Frontier\Security\Anti-Virus\minifilter\fsgk.sys
YY -> (FSFW) F-Secure Firewall Driver [Kernel | Boot | Running] -> C:\WINDOWS\System32\drivers\fsdfw.sys
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
YN -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> [url]http://search.searchonme.com/[/url]
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
YY -> HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\Frontier\Security\NRS\[email protected] [C:\PROGRAM FILES\FRONTIER\SECURITY\NRS\[email protected]]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YY -> {C6867EB7-8350-4856-877F-93CF8AE3DC9C} [HKLM] -> C:\Program Files\Frontier\Security\NRS\iescript\baselitmus.dll [Browsing Protection Class]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> "{265EEE8E-3228-44D3-AEA5-F7FDF5860049}" [HKLM] -> C:\Program Files\Frontier\Security\NRS\iescript\baselitmus.dll [Browsing Protection Toolbar]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\] > -> HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
YN -> "FSDFWD" -> 
YN -> "F-Secure Gatekeeper Handler Starter" -> 
YN -> "FSMA" -> 
YN -> "FSORSPClient" -> 
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YY -> F-Secure Manager hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Frontier\Security\Common\FSM32.EXE
YY -> F-Secure TNB hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Frontier\Security\FSGUI\TNBUtil.exe
[Files/Folders - Created Within 30 Days]
NY ->  fsdfw.sys -> C:\WINDOWS\System32\drivers\fsdfw.sys
NY ->  F-Secure -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure
NY ->  fssg -> C:\Documents and Settings\All Users\Application Data\fssg
NY ->  f-secure -> C:\Documents and Settings\All Users\Application Data\f-secure
NY ->  4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY ->  1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Files - No Company Name]
NY ->  vubasibi -> C:\Documents and Settings\All Users\Application Data\vubasibi
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Start Explorer]
[Reboot]
```


----------



## sjajdld (Jan 25, 2007)

not really sure what you just sent, but looks like the same thing i sent to you... code. there wasnt anything else typed from you just the code, then box full of apps, numbers etc like i sent to you on post # 24

also, new thing now is when i went to check my email to see if you posted anything, i got a warning page. i think whatever it is i have came through my yahoo mail?! I have had some trouble with it lately, but nothing where I thought it was virus related. Having to reclick on messages or double clicking them to get them to open or just shut mail right out then reopen the page. Though it was just yahoo being picky...attaching screen shots of what i got plus another f secure warning...bet you are wishing i'd just go away eh ?!  sorry... :/ well nevermind the screen shots because its not letting me do it... keeps saving as notepad and not jpeg.... not sure why. but its a red screen ssl error saying this is probably not the site you were looking for. i was trying to reach login.yahoo.com but instead reached login.yahoo.net


----------



## Cookiegal (Aug 27, 2003)

Whoops sorry. I forgot to post the instructions. 

Start *OTS*. Copy/Paste the information in the code box into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here please.


----------



## sjajdld (Jan 25, 2007)

All Processes Killed
[Win32 Services - Safe List]
Service McComponentHostService stopped successfully!
Service FSORSPClient stopped successfully!
Service FSORSPClient deleted successfully!
C:\Program Files\Frontier\Security\ORSP Client\fsorsp.exe moved successfully.
Service FSMA stopped successfully!
Service FSMA deleted successfully!
C:\Program Files\Frontier\Security\Common\FSMA32.EXE moved successfully.
Service FSDFWD stopped successfully!
Service FSDFWD deleted successfully!
C:\Program Files\Frontier\Security\FWES\Program\fsdfwd.exe moved successfully.
Service F-Secure Gatekeeper Handler Starter stopped successfully!
Service F-Secure Gatekeeper Handler Starter deleted successfully!
C:\Program Files\Frontier\Security\Anti-Virus\fsgk32st.exe moved successfully.
[Driver Services - Safe List]
Service fsbts stopped successfully!
Service fsbts deleted successfully!
C:\WINDOWS\system32\Drivers\fsbts.sys moved successfully.
Service F-Secure Gatekeeper stopped successfully!
Service F-Secure Gatekeeper deleted successfully!
C:\Program Files\Frontier\Security\Anti-Virus\minifilter\fsgk.sys moved successfully.
Error: Unable to stop service FSFW!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FSFW deleted successfully.
C:\WINDOWS\System32\drivers\fsdfw.sys moved successfully.
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
C:\Program Files\Frontier\Security\NRS\[email protected]\skin(2)\small(2) folder moved successfully.
C:\Program Files\Frontier\Security\NRS\[email protected]\skin(2)\bp(2) folder moved successfully.
C:\Program Files\Frontier\Security\NRS\[email protected]\skin(2)\big(2) folder moved successfully.
C:\Program Files\Frontier\Security\NRS\[email protected]\skin(2) folder moved successfully.
C:\Program Files\Frontier\Security\NRS\[email protected]\skin\small folder moved successfully.
C:\Program Files\Frontier\Security\NRS\[email protected]\skin\bp folder moved successfully.
C:\Program Files\Frontier\Security\NRS\[email protected]\skin\big folder moved successfully.
C:\Program Files\Frontier\Security\NRS\[email protected]\skin folder moved successfully.
C:\Program Files\Frontier\Security\NRS\[email protected]\locale(2)\en-US(2) folder moved successfully.
C:\Program Files\Frontier\Security\NRS\[email protected]\locale(2) folder moved successfully.
C:\Program Files\Frontier\Security\NRS\[email protected]-secure.com\locale\en-US folder moved successfully.
C:\Program Files\Frontier\Security\NRS\[email protected]\locale folder moved successfully.
C:\Program Files\Frontier\Security\NRS\[email protected]\content(2) folder moved successfully.
C:\Program Files\Frontier\Security\NRS\[email protected]\content folder moved successfully.
C:\Program Files\Frontier\Security\NRS\[email protected]\components folder moved successfully.
C:\Program Files\Frontier\Security\NRS\[email protected] folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6867EB7-8350-4856-877F-93CF8AE3DC9C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6867EB7-8350-4856-877F-93CF8AE3DC9C}\ deleted successfully.
C:\Program Files\Frontier\Security\NRS\iescript\baselitmus.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{265EEE8E-3228-44D3-AEA5-F7FDF5860049} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{265EEE8E-3228-44D3-AEA5-F7FDF5860049}\ deleted successfully.
File C:\Program Files\Frontier\Security\NRS\iescript\baselitmus.dll not found.
Registry value HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
[Registry - Additional Scans - Safe List]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\\FSDFWD deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\\F-Secure Gatekeeper Handler Starter deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\\FSMA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\\FSORSPClient deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\F-Secure Manager hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
C:\Program Files\Frontier\Security\Common\FSM32.EXE moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\F-Secure TNB hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
C:\Program Files\Frontier\Security\FSGUI\TNBUtil.exe moved successfully.
[Files/Folders - Created Within 30 Days]
File C:\WINDOWS\System32\drivers\fsdfw.sys not found!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure\Orsp folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure folder moved successfully.
C:\Documents and Settings\All Users\Application Data\fssg folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\setup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\Quarantine(2)\Repository(2)\TAR(2) folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\Quarantine(2)\Repository(2)\Info(2) folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\Quarantine(2)\Repository(2)\Index(2) folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\Quarantine(2)\Repository(2) folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\Quarantine(2) folder moved successfully.
Folder move failed. C:\Documents and Settings\All Users\Application Data\f-secure\Quarantine\Repository\TAR scheduled to be moved on reboot.
C:\Documents and Settings\All Users\Application Data\f-secure\Quarantine\Repository\Samples folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\Quarantine\Repository\Info folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\Quarantine\Repository\Index folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\Quarantine\Repository folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\Quarantine folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\logs\Setup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\logs\ORSP Client folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\logs\NRS folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\logs\HIPS folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\logs\fstnb folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\logs\FSPC folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\logs\FSMA folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\logs\FSFW folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\logs\FSAV\Users folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\logs\FSAV folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\logs\ExploitShield folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\logs\DAAS2 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\logs\custom folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\logs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\Daas2\revocation folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\Daas2\keys folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\Daas2\crl folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\Daas2\cert folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\Daas2\acl folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure\Daas2 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\f-secure folder moved successfully.
C:\WINDOWS\003379_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
[Files - No Company Name]
C:\Documents and Settings\All Users\Application Data\vubasibi moved successfully.
[Empty Temp Folders]

User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Admin.SJD
->Temp folder emptied: 2359772227 bytes
->Temporary Internet Files folder emptied: 57936721 bytes
->Flash cache emptied: 121602 bytes

User: Administrator
->Temp folder emptied: 17009615 bytes
->Temporary Internet Files folder emptied: 54631396 bytes
->Java cache emptied: 462573 bytes
->Google Chrome cache emptied: 239071783 bytes
->Flash cache emptied: 148698 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 540806 bytes
->Google Chrome cache emptied: 1642864 bytes
->Flash cache emptied: 10139 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1736838 bytes
->Java cache emptied: 4377645 bytes
->Flash cache emptied: 84928 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8925 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 202292 bytes

Total Files Cleaned = 2,611.00 mb

[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: Admin.SJD
->Flash cache emptied: 0 bytes

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Admin

User: Admin.SJD

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 09062012_183625

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\All Users\Application Data\f-secure\Quarantine\Repository\TAR not found!

Registry entries deleted on Reboot...


----------



## Cookiegal (Aug 27, 2003)

Are you still getting alerts about F-Secure?

Can you install MSE now?


----------



## sjajdld (Jan 25, 2007)

no warnings from f secure so far and yes, i will try to install MSE right now and let you know asap tytytyty


----------



## Cookiegal (Aug 27, 2003)

:up:


----------



## sjajdld (Jan 25, 2007)

installed mse and it's running a quick scan as i type


----------



## sjajdld (Jan 25, 2007)

scan is done and nothing shows up. so, now where do we stand?!?!


----------



## Cookiegal (Aug 27, 2003)

Please run the following on-line scanner. Note that you must use Internet Explorer to perform the scan.

Note: If you're running a 64-bit system you have to choose the 32-bit option in IE. To do that, go to the Start Menu and right-click the Internet Explorer (32-bit) icon and then select 'Run as administrator' from the right-click menu.

http://www.eset.com/online-scanner

Accept the Terms of Use and then press the Start button

Allow the ActiveX control to be installed.

Put a check by Remove found threats and then run the scan.

When the scan is finished, you will see the results in a window.

A log.txt file is created here: C:\Program Files\ESET\ESET Online Scanner\log.txt.

Open the log file with Notepad and copy and paste the contents here please.


----------



## sjajdld (Jan 25, 2007)

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c456b30842068541856984059f8e58bc
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-07 02:09:43
# local_time=2012-09-06 10:09:43 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 60453766 60453766 0 0
# compatibility_mode=768 16777215 100 0 64384113 64384113 0 0
# compatibility_mode=1029 16777214 0 1 58813324 58813324 0 0
# compatibility_mode=2304 16777191 100 0 0 0 0 0
# compatibility_mode=5891 16776533 42 92 0 14096163 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=76138
# found=2
# cleaned=2
# scan_time=5557
C:\Documents and Settings\Administrator\My Documents\Downloads\Setup (1).exe	a variant of Win32/Adware.iBryte.C application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Documents and Settings\Administrator\My Documents\Downloads\Setup.exe	a variant of Win32/Adware.iBryte.C application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C


----------



## Cookiegal (Aug 27, 2003)

How are things with the computer now?


----------



## sjajdld (Jan 25, 2007)

um, still the same as far as the black screen....


----------



## sjajdld (Jan 25, 2007)

i also got a pop up from zone alarm upon restart which said that the firewall was off, which is true.


----------



## Cookiegal (Aug 27, 2003)

Download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Under Custom Scans/Fixes type in *Netsvcs*
Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## sjajdld (Jan 25, 2007)

OTL logfile created on: 9/7/2012 8:09:29 PM - Run 1
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.23 Mb Total Physical Memory | 624.00 Mb Available Physical Memory | 60.98% Memory free
2.41 Gb Paging File | 1.99 Gb Available in Paging File | 82.78% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 3.47 Gb Free Space | 6.21% Space Free | Partition Type: NTFS

Computer Name: SJD | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/07 20:06:01 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/28 06:12:40 | 000,589,824 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdncoms.exe

========== Modules (No Company Name) ==========

MOD - [2009/08/13 04:03:03 | 000,162,304 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdndrui.dll
MOD - [2009/08/13 04:02:21 | 000,147,968 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdndrpp.dll
MOD - [2009/08/13 04:02:00 | 000,230,400 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdndr.dll
MOD - [2009/07/23 11:49:04 | 000,782,336 | ---- | M] () -- C:\WINDOWS\system32\lxdndrs.dll
MOD - [2009/05/27 00:58:54 | 000,811,008 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnptpc.dll
MOD - [2009/05/14 05:46:40 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\lxdncaps.dll
MOD - [2007/11/13 13:55:26 | 001,339,392 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnhpec.dll
MOD - [2007/10/02 06:51:09 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\lxdncnv4.dll
MOD - [2007/05/28 23:39:08 | 000,589,824 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdndatr.dll
MOD - [2005/12/19 18:08:04 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/04/28 01:58:24 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV - [2007/11/28 06:12:40 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxdncoms.exe -- (lxdn_device)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSFHWICH.sys -- (HSFHWICH)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_DPV.SYS -- (HSF_DPV)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2006/01/26 19:09:38 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2006/01/26 19:09:34 | 000,032,640 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtf32bus.sys -- (GTF32BUS)
DRV - [2005/11/02 13:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/08/03 23:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/15 15:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97)
DRV - [2003/09/26 10:41:10 | 000,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.searchonme.com/?q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {9A27518F-387B-40CC-AC3B-D70DD34D4666}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{9A27518F-387B-40CC-AC3B-D70DD34D4666}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7RNSN_en
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.searchonme.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{D454D349-B791-44CD-9988-99345C267029}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110937,6901,0,8,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

[2010/04/29 01:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Weather Window by WeatherBug = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\1.0.12_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/02 23:20:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKCU\..Trusted Domains: mydrivefm.com ([rewards] http in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Reg Error: Key error.)
O16 - DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} https://members.ladiesauxvfw.org/EW...033&UICulture=9&ReportStack=1&OpType=PrintCab (RSClientPrint 2005 Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1326218597187 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267219565705 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1343793071963 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CF38442-E0F6-4221-89B5-D3EC4BEF932B}: DhcpNameServer = 192.168.10.24 192.168.10.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76313147-6AC4-43F5-BE56-F3429732AA9D}: DhcpNameServer = 192.168.254.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/12 10:12:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/09/07 20:05:54 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/09/06 20:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/06 19:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/06 18:36:25 | 000,000,000 | ---D | C] -- C:\_OTS
[2012/09/05 19:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\hijack this info
[2012/09/05 18:22:06 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/09/05 18:22:06 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/09/05 18:22:06 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/09/05 17:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/05 17:21:37 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/09/05 16:32:07 | 016,992,248 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u34-windows-i586.exe
[2012/09/04 16:58:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/04 16:24:32 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTS.exe
[2012/09/02 23:29:26 | 004,742,575 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\puppy.exe
[2012/09/02 22:43:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/09/02 22:40:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/09/02 22:40:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/09/02 22:40:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/09/02 22:40:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/09/02 22:40:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/02 22:39:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/09/01 11:40:44 | 000,000,000 | ---D | C] -- C:\d80e6c2efb9c4c9564
[2012/08/29 13:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/08/25 14:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\coupon sites
[2012/08/25 14:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\Frontier
[2012/08/15 15:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Virtual Prophecy

========== Files - Modified Within 30 Days ==========

[2012/09/07 20:11:46 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/09/07 20:11:37 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/09/07 20:06:01 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/09/07 20:02:12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/07 20:01:49 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/07 20:01:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/07 11:58:01 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/06 22:24:05 | 000,001,365 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\log eset 9.6.12
[2012/09/06 20:04:07 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/06 19:09:32 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/09/06 18:46:05 | 000,025,492 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\09062012_183625 ots fix scan 9.6.12
[2012/09/06 17:41:06 | 000,003,927 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\txt from cookiegal 9.6.12
[2012/09/05 16:28:08 | 016,992,248 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u34-windows-i586.exe
[2012/09/05 15:53:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-963248029-2652404320-3942384350-500Core1cc902a60d0ab00.job
[2012/09/04 16:24:36 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTS.exe
[2012/09/03 23:31:33 | 000,013,194 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cfscript log 9.3.12
[2012/09/03 23:08:04 | 004,742,575 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\puppy.exe
[2012/09/02 23:20:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/09/02 22:43:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/09/01 23:19:27 | 000,000,107 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Dell Insprion 6000 black screen - Tech Support Guy Forums.url
[2012/08/31 18:34:23 | 000,310,926 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Netdiag 31082012 183423.htm
[2012/08/31 17:20:11 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/08/29 13:07:07 | 000,000,660 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2012/08/28 20:10:12 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/08/28 20:10:07 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/08/28 20:09:57 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/08/28 18:39:23 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/08/26 12:42:01 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GMER - Rootkit Detector and Remover.url
[2012/08/26 10:27:24 | 000,004,289 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\attach 8.26.zip
[2012/08/26 10:26:56 | 000,017,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\attach 8.26.12
[2012/08/26 10:25:03 | 000,010,868 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds 8.26.12
[2012/08/26 01:50:46 | 000,206,507 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2012/08/26 01:50:18 | 000,168,552 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2012/08/25 22:47:58 | 000,574,416 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/25 22:47:58 | 000,118,930 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/25 12:29:46 | 000,000,049 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Tech Support Guy.url
[2012/08/20 20:57:04 | 000,185,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/20 20:42:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/16 18:31:23 | 000,000,118 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Hotmail - [email protected]
[2012/08/15 15:36:30 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2012/08/15 09:44:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2012/09/06 22:24:04 | 000,001,365 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\log eset 9.6.12
[2012/09/06 20:04:11 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/09/06 20:04:07 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2012/09/06 20:04:06 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/06 20:04:05 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2012/09/06 19:19:14 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/09/06 19:19:13 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/09/06 19:09:16 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/06 18:46:04 | 000,025,492 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\09062012_183625 ots fix scan 9.6.12
[2012/09/06 17:41:06 | 000,003,927 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\txt from cookiegal 9.6.12
[2012/09/03 23:31:33 | 000,013,194 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\cfscript log 9.3.12
[2012/09/02 22:43:55 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/09/02 22:43:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/09/02 22:40:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/09/02 22:40:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/09/02 22:40:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/09/02 22:40:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/09/02 22:40:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/09/01 23:19:27 | 000,000,107 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Dell Insprion 6000 black screen - Tech Support Guy Forums.url
[2012/08/31 18:34:23 | 000,310,926 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Netdiag 31082012 183423.htm
[2012/08/29 13:07:06 | 000,000,660 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2012/08/26 12:42:01 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GMER - Rootkit Detector and Remover.url
[2012/08/26 10:27:24 | 000,004,289 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\attach 8.26.zip
[2012/08/26 10:26:55 | 000,017,432 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\attach 8.26.12
[2012/08/26 10:25:03 | 000,010,868 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds 8.26.12
[2012/08/26 01:50:46 | 000,206,507 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2012/08/26 01:50:18 | 000,168,552 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2012/08/25 12:29:46 | 000,000,049 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Tech Support Guy.url
[2012/08/16 18:31:23 | 000,000,118 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Hotmail - [email protected]
[2012/08/15 15:36:30 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/02/23 23:56:17 | 000,000,066 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2012/02/23 23:56:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2012/02/15 20:59:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/14 20:45:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll
[2012/01/14 20:45:02 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoin.dll
[2012/01/14 20:42:37 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll
[2012/01/14 20:42:37 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll
[2012/01/14 20:42:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll
[2012/01/14 20:41:47 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdnrwrd.ini
[2012/01/14 20:41:35 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll
[2012/01/14 20:41:34 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll
[2012/01/14 20:41:34 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll
[2012/01/14 20:41:34 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll
[2012/01/14 20:41:33 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll
[2012/01/14 20:41:32 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll
[2012/01/14 20:41:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll
[2012/01/14 20:41:31 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll
[2012/01/14 20:41:31 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll
[2012/01/14 20:41:29 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll
[2012/01/14 20:41:29 | 000,315,392 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnih.exe
[2012/01/14 20:41:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll
[2012/01/14 20:41:26 | 000,589,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoms.exe
[2012/01/14 20:41:25 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll
[2012/01/14 20:41:24 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll
[2012/01/14 20:41:23 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncfg.exe
[2011/12/07 15:32:24 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll
[2011/03/23 09:31:48 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/09/30 12:20:03 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/09/17 17:31:54 | 000,000,417 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010/03/29 23:33:43 | 000,014,408 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\PqC8sw32avv
[2010/03/29 23:33:43 | 000,014,408 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PqC8sw32avv
[2010/03/04 19:42:37 | 000,000,173 | ---- | C] () -- C:\Documents and Settings\Administrator\default.pls
[2010/03/02 00:47:13 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/12 11:43:40 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2003/10/19 04:42:08 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

< End of report >

************************************************************************************************

OTL Extras logfile created on: 9/7/2012 8:09:29 PM - Run 1
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.23 Mb Total Physical Memory | 624.00 Mb Available Physical Memory | 60.98% Memory free
2.41 Gb Paging File | 1.99 Gb Available in Paging File | 82.78% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 3.47 Gb Free Space | 6.21% Space Free | Partition Type: NTFS

Computer Name: SJD | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*isabledxpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*isabledxpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\lxdncoms.exe" = C:\WINDOWS\system32\lxdncoms.exe:*:Enabled:2600 Series Server -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe:*:Enabledrinter Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\Program Files\Lexmark 2600 Series\lxdnmon.exe" = C:\Program Files\Lexmark 2600 Series\lxdnmon.exe:*:Enabledrinter Device Monitor -- ()
"C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe" = C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\Lexmark 2600 Series\Diagnostics\LXDNdiag.exe" = C:\Program Files\Lexmark 2600 Series\Diagnostics\LXDNdiag.exe:*:Enabled: -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 35
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D719E8F1-6931-40b4-AC0B-5FE2C097F995}" = C4200_doccd
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"ESET Online Scanner" = ESET Online Scanner v3
"F-Secure Product 444" = 
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Lexmark 2600 Series" = Lexmark 2600 Series
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Trusted Software Assistant_is1" = Trusted Software Assistant
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"wordfree" = Word Free
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/6/2012 11:16:22 PM | Computer Name = SJD | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '{BEEBFC3C-48B1-4A38-A3C5-81BA19DF5F40}'
could not be installed. Error code 1635. Additional information is available in
the log file C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Microsoft .NET Framework 2.0-KB958481_20120907_031622302-Msi0.txt.

Error - 9/6/2012 11:16:23 PM | Computer Name = SJD | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
P2 1033, P3 1635, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10 
0.

Error - 9/6/2012 11:17:50 PM | Computer Name = SJD | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.5 SP1 - Update '{B2AE9C82-DC7B-3641-BFC8-87275C4F3607}'
could not be installed. Error code 1635. Additional information is available in
the log file C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Microsoft .NET Framework 3.5-KB963707_20120907_031750289-Msi0.txt.

Error - 9/6/2012 11:17:51 PM | Computer Name = SJD | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb963707,
P2 1033, P3 1635, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10 
0.

Error - 9/6/2012 11:18:08 PM | Computer Name = SJD | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 1.1 -- Internal Error 2705. Directory

Error - 9/6/2012 11:18:08 PM | Computer Name = SJD | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{0213C6AF-5562-4D09-884C-2ADCFC8C2F35}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NDP1.1sp1-KB2656353-X86\NDP1.1sp1-KB2656353-X86-msi.0.log.

Error - 9/6/2012 11:18:09 PM | Computer Name = SJD | Source = NativeWrapper | ID = 5000
Description =

Error - 9/6/2012 11:18:16 PM | Computer Name = SJD | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- The installer
has encountered an unexpected error installing this package. This may indicate 
a problem with this package. The error code is 2721. The arguments are: CA_ScheduleUpdateAssemblyRB.3643236F_FC70_11D3_A536_0090278A1BB8,
,

Error - 9/6/2012 11:18:16 PM | Computer Name = SJD | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB2656369v2'
could not be installed. Error code 1603. Additional information is available in
the log file C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Microsoft .NET Framework 2.0-KB2656369_20120907_031813852-Msi0.txt.

Error - 9/6/2012 11:18:17 PM | Computer Name = SJD | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2656369,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10 
2721.

[ System Events ]
Error - 9/7/2012 10:40:21 AM | Computer Name = SJD | Source = Service Control Manager | ID = 7000
Description = The lxdnCATSCustConnectService service failed to start due to the 
following error: %%1053

Error - 9/7/2012 10:40:38 AM | Computer Name = SJD | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {EA18F0EF-BADD-4E03-9854-45690377F1BA}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 9/7/2012 11:50:41 AM | Computer Name = SJD | Source = Service Control Manager | ID = 7023
Description = The Human Interface Device Access service terminated with the following
error: %%126

Error - 9/7/2012 11:50:41 AM | Computer Name = SJD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService
service to connect.

Error - 9/7/2012 11:50:41 AM | Computer Name = SJD | Source = Service Control Manager | ID = 7000
Description = The lxdnCATSCustConnectService service failed to start due to the 
following error: %%1053

Error - 9/7/2012 11:50:56 AM | Computer Name = SJD | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {EA18F0EF-BADD-4E03-9854-45690377F1BA}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 9/7/2012 8:02:03 PM | Computer Name = SJD | Source = Service Control Manager | ID = 7023
Description = The Human Interface Device Access service terminated with the following
error: %%126

Error - 9/7/2012 8:02:03 PM | Computer Name = SJD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService
service to connect.

Error - 9/7/2012 8:02:03 PM | Computer Name = SJD | Source = Service Control Manager | ID = 7000
Description = The lxdnCATSCustConnectService service failed to start due to the 
following error: %%1053

Error - 9/7/2012 8:02:17 PM | Computer Name = SJD | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {EA18F0EF-BADD-4E03-9854-45690377F1BA}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

< End of report >


----------



## Cookiegal (Aug 27, 2003)

This fix assumes you are no longer running ZoneAlarm. If that's not the case then please before running it so I can amend it.

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.searchonme.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.searchonme.com/?q={searchTerms}
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
[2010/09/30 12:20:03 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/03/29 23:33:43 | 000,014,408 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\PqC8sw32avv
[2010/03/29 23:33:43 | 000,014,408 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PqC8sw32avv
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


----------



## sjajdld (Jan 25, 2007)

OTL logfile created on: 9/8/2012 12:35:06 PM - Run 2
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.23 Mb Total Physical Memory | 627.81 Mb Available Physical Memory | 61.36% Memory free
2.41 Gb Paging File | 2.10 Gb Available in Paging File | 87.24% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 3.30 Gb Free Space | 5.91% Space Free | Partition Type: NTFS

Computer Name: SJD | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/07 20:06:01 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/28 06:12:40 | 000,589,824 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdncoms.exe

========== Modules (No Company Name) ==========

MOD - [2009/08/13 04:02:21 | 000,147,968 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdndrpp.dll
MOD - [2005/12/19 18:08:04 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/04/28 01:58:24 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV - [2007/11/28 06:12:40 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxdncoms.exe -- (lxdn_device)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSFHWICH.sys -- (HSFHWICH)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_DPV.SYS -- (HSF_DPV)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2006/01/26 19:09:38 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2006/01/26 19:09:34 | 000,032,640 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtf32bus.sys -- (GTF32BUS)
DRV - [2005/11/02 13:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/08/03 23:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/15 15:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97)
DRV - [2003/09/26 10:41:10 | 000,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {9A27518F-387B-40CC-AC3B-D70DD34D4666}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{9A27518F-387B-40CC-AC3B-D70DD34D4666}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7RNSN_en
IE - HKCU\..\SearchScopes\{D454D349-B791-44CD-9988-99345C267029}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110937,6901,0,8,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

[2010/04/29 01:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Weather Window by WeatherBug = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\1.0.12_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/02 23:20:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKCU\..Trusted Domains: mydrivefm.com ([rewards] http in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Reg Error: Key error.)
O16 - DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} https://members.ladiesauxvfw.org/EW...033&UICulture=9&ReportStack=1&OpType=PrintCab (RSClientPrint 2005 Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1326218597187 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267219565705 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1343793071963 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CF38442-E0F6-4221-89B5-D3EC4BEF932B}: DhcpNameServer = 192.168.10.24 192.168.10.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76313147-6AC4-43F5-BE56-F3429732AA9D}: DhcpNameServer = 192.168.254.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/12 10:12:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/08 12:27:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/07 20:05:54 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/09/06 20:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/06 19:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/06 18:36:25 | 000,000,000 | ---D | C] -- C:\_OTS
[2012/09/05 19:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\hijack this info
[2012/09/05 17:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/04 16:58:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/04 16:24:32 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTS.exe
[2012/09/02 23:29:26 | 004,742,575 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\puppy.exe
[2012/09/02 22:43:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/09/02 22:40:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/09/02 22:40:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/09/02 22:40:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/09/02 22:40:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/09/02 22:40:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/02 22:39:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/09/01 11:40:44 | 000,000,000 | ---D | C] -- C:\d80e6c2efb9c4c9564
[2012/08/29 13:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/08/25 14:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\coupon sites
[2012/08/25 14:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\Frontier
[2012/08/15 15:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Virtual Prophecy

========== Files - Modified Within 30 Days ==========

[2012/09/08 12:32:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/08 12:32:26 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/08 12:32:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/08 12:27:07 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/09/08 12:26:56 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/09/07 22:58:01 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/07 20:06:01 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/09/06 22:24:05 | 000,001,365 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\log eset 9.6.12
[2012/09/06 20:04:07 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/06 19:09:32 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/09/06 18:46:05 | 000,025,492 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\09062012_183625 ots fix scan 9.6.12
[2012/09/06 17:41:06 | 000,003,927 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\txt from cookiegal 9.6.12
[2012/09/05 15:53:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-963248029-2652404320-3942384350-500Core1cc902a60d0ab00.job
[2012/09/04 16:24:36 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTS.exe
[2012/09/03 23:31:33 | 000,013,194 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cfscript log 9.3.12
[2012/09/03 23:08:04 | 004,742,575 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\puppy.exe
[2012/09/02 23:20:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/09/02 22:43:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/09/01 23:19:27 | 000,000,107 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Dell Insprion 6000 black screen - Tech Support Guy Forums.url
[2012/08/31 18:34:23 | 000,310,926 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Netdiag 31082012 183423.htm
[2012/08/31 17:20:11 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/08/29 13:07:07 | 000,000,660 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2012/08/26 12:42:01 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GMER - Rootkit Detector and Remover.url
[2012/08/26 10:27:24 | 000,004,289 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\attach 8.26.zip
[2012/08/26 10:26:56 | 000,017,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\attach 8.26.12
[2012/08/26 10:25:03 | 000,010,868 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds 8.26.12
[2012/08/26 01:50:46 | 000,206,507 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2012/08/26 01:50:18 | 000,168,552 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2012/08/25 22:47:58 | 000,574,416 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/25 22:47:58 | 000,118,930 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/25 12:29:46 | 000,000,049 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Tech Support Guy.url
[2012/08/20 20:57:04 | 000,185,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/20 20:42:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/16 18:31:23 | 000,000,118 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Hotmail - [email protected]
[2012/08/15 15:36:30 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2012/08/15 09:44:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2012/09/06 22:24:04 | 000,001,365 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\log eset 9.6.12
[2012/09/06 20:04:11 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/09/06 20:04:07 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2012/09/06 20:04:06 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/06 20:04:05 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2012/09/06 19:19:14 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/09/06 19:19:13 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/09/06 19:09:16 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/06 18:46:04 | 000,025,492 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\09062012_183625 ots fix scan 9.6.12
[2012/09/06 17:41:06 | 000,003,927 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\txt from cookiegal 9.6.12
[2012/09/03 23:31:33 | 000,013,194 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\cfscript log 9.3.12
[2012/09/02 22:43:55 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/09/02 22:43:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/09/02 22:40:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/09/02 22:40:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/09/02 22:40:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/09/02 22:40:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/09/02 22:40:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/09/01 23:19:27 | 000,000,107 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Dell Insprion 6000 black screen - Tech Support Guy Forums.url
[2012/08/31 18:34:23 | 000,310,926 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Netdiag 31082012 183423.htm
[2012/08/29 13:07:06 | 000,000,660 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2012/08/26 12:42:01 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GMER - Rootkit Detector and Remover.url
[2012/08/26 10:27:24 | 000,004,289 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\attach 8.26.zip
[2012/08/26 10:26:55 | 000,017,432 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\attach 8.26.12
[2012/08/26 10:25:03 | 000,010,868 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds 8.26.12
[2012/08/26 01:50:46 | 000,206,507 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2012/08/26 01:50:18 | 000,168,552 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2012/08/25 12:29:46 | 000,000,049 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Tech Support Guy.url
[2012/08/16 18:31:23 | 000,000,118 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Hotmail - [email protected]
[2012/08/15 15:36:30 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/02/23 23:56:17 | 000,000,066 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2012/02/23 23:56:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2012/02/15 20:59:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/14 20:45:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll
[2012/01/14 20:45:02 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoin.dll
[2012/01/14 20:42:37 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll
[2012/01/14 20:42:37 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll
[2012/01/14 20:42:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll
[2012/01/14 20:41:47 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdnrwrd.ini
[2012/01/14 20:41:35 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll
[2012/01/14 20:41:34 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll
[2012/01/14 20:41:34 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll
[2012/01/14 20:41:34 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll
[2012/01/14 20:41:33 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll
[2012/01/14 20:41:32 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll
[2012/01/14 20:41:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll
[2012/01/14 20:41:31 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll
[2012/01/14 20:41:31 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll
[2012/01/14 20:41:29 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll
[2012/01/14 20:41:29 | 000,315,392 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnih.exe
[2012/01/14 20:41:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll
[2012/01/14 20:41:26 | 000,589,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoms.exe
[2012/01/14 20:41:25 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll
[2012/01/14 20:41:24 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll
[2012/01/14 20:41:23 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncfg.exe
[2011/12/07 15:32:24 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll
[2011/03/23 09:31:48 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/09/17 17:31:54 | 000,000,417 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010/03/04 19:42:37 | 000,000,173 | ---- | C] () -- C:\Documents and Settings\Administrator\default.pls
[2010/03/02 00:47:13 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/12 11:43:40 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2003/10/19 04:42:08 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

========== LOP Check ==========

[2011/01/03 21:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ActiSku
[2010/10/18 22:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG
[2010/10/16 11:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2012/01/25 10:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG2012
[2010/09/30 12:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CheckPoint
[2010/03/03 23:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/25 16:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.kodakgallery.AirUploader
[2011/10/08 22:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.Shutterfly.ExpressUploader
[2012/01/05 15:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GIMP
[2011/12/29 14:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GO Games
[2012/01/05 15:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2010/08/11 20:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Image Zone Express
[2010/07/06 23:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Namco
[2012/08/15 15:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oberon Media
[2012/07/14 12:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oracle
[2010/10/21 12:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PDF Reading
[2010/10/06 00:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PlayFirst
[2010/07/14 15:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Printer Info Cache
[2011/02/16 12:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Skinux
[2012/03/07 22:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SoftGrid Client
[2012/08/15 15:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Virtual Prophecy
[2011/03/24 14:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010/07/26 10:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Live Writer
[2010/02/26 20:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2010/10/19 22:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Zeon
[2010/08/13 00:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/10 23:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2010/10/16 11:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/01/29 20:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bafekefe
[2010/03/09 01:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bajibuli
[2010/03/09 01:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\benituyo
[2010/03/09 01:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bulawasi
[2010/02/25 12:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cingular
[2010/10/16 11:39:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/03/09 01:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dayoyadu
[2010/01/29 20:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dimadadu
[2010/01/27 19:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dovazibo
[2010/10/19 22:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/02/10 17:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dulosilo
[2010/03/09 01:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fapumoke
[2010/01/29 15:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fawuruvo
[2010/03/09 01:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fevahiva
[2010/11/06 00:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Friends Games
[2010/01/29 20:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gahejeyu
[2010/01/27 19:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gavewuwu
[2010/03/09 01:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gigivada
[2010/03/09 01:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hamehalu
[2010/03/09 01:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hobokuzu
[2010/03/09 01:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hufovora
[2012/07/07 21:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/02/10 17:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jadikure
[2010/03/09 01:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jopiroka
[2010/03/09 01:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kemaniwu
[2010/02/05 23:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kevusowe
[2010/03/09 01:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kumiberu
[2010/03/09 01:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\lagoguze
[2012/03/10 18:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 2600 Series
[2010/02/04 12:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mehoguhi
[2012/09/05 16:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/03/09 01:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mijejabe
[2010/01/27 19:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\monigula
[2010/10/06 23:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2012/03/07 22:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyToolsApp
[2010/02/05 11:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nakonaze
[2010/03/09 01:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nobibipo
[2010/02/11 10:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nunayeta
[2010/03/09 01:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nunoloje
[2012/08/15 15:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2010/01/29 20:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pilabuma
[2010/03/09 01:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pivumuwe
[2010/10/06 00:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2012/02/23 23:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2012/03/11 22:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2010/01/27 11:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pujorila
[2010/01/27 19:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\raramuge
[2010/03/09 01:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rudadiza
[2012/08/29 13:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/01/27 11:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tazofehu
[2011/04/13 21:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2010/01/27 19:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vopuvemi
[2010/01/27 19:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vozafiwu
[2010/03/09 01:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wazuloro
[2010/02/05 11:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wuduzuli
[2010/03/09 01:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yawiziga
[2010/02/10 17:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yefanopa
[2010/03/09 01:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yejimoya
[2010/03/09 01:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yelesato
[2010/02/08 15:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yihovepe
[2010/03/09 01:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yikiduta
[2010/01/26 22:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yujetata
[2010/03/09 01:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zelokore
[2010/02/04 12:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zogadeli
[2010/02/10 17:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zorotahi
[2012/09/08 12:42:12 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job

========== Purity Check ==========

< End of report >


----------



## Cookiegal (Aug 27, 2003)

We're going to use ComboFix again. It may ask to update to a later version. If it does, allow it to do so.

Open Notepad and copy and paste the text in the code box below into it:


```
Folder::
C:\Documents and Settings\All Users\Application Data\Avg7
C:\Documents and Settings\All Users\Application Data\avg9
C:\Documents and Settings\Administrator\Application Data\AVG
C:\Documents and Settings\Administrator\Application Data\AVG10
C:\Documents and Settings\Administrator\Application Data\AVG2012
C:\Documents and Settings\Administrator\Application Data\CheckPoint
C:\Documents and Settings\All Users\Application Data\bafekefe
C:\Documents and Settings\All Users\Application Data\bajibuli
C:\Documents and Settings\All Users\Application Data\benituyo
C:\Documents and Settings\All Users\Application Data\bulawasi
C:\Documents and Settings\All Users\Application Data\dayoyadu
C:\Documents and Settings\All Users\Application Data\dimadadu
C:\Documents and Settings\All Users\Application Data\dovazibo
C:\Documents and Settings\All Users\Application Data\dulosilo
C:\Documents and Settings\All Users\Application Data\fapumoke
C:\Documents and Settings\All Users\Application Data\fawuruvo
C:\Documents and Settings\All Users\Application Data\fevahiva
C:\Documents and Settings\All Users\Application Data\gahejeyu
C:\Documents and Settings\All Users\Application Data\gavewuwu
C:\Documents and Settings\All Users\Application Data\gigivada
C:\Documents and Settings\All Users\Application Data\hamehalu
C:\Documents and Settings\All Users\Application Data\hobokuzu
C:\Documents and Settings\All Users\Application Data\hufovora
C:\Documents and Settings\All Users\Application Data\jadikure
C:\Documents and Settings\All Users\Application Data\jopiroka
C:\Documents and Settings\All Users\Application Data\kemaniwu
C:\Documents and Settings\All Users\Application Data\kevusowe
C:\Documents and Settings\All Users\Application Data\kumiberu
C:\Documents and Settings\All Users\Application Data\lagoguze
C:\Documents and Settings\All Users\Application Data\mehoguhi
C:\Documents and Settings\All Users\Application Data\mijejabe
C:\Documents and Settings\All Users\Application Data\monigula
C:\Documents and Settings\All Users\Application Data\nakonaze
C:\Documents and Settings\All Users\Application Data\nobibipo
C:\Documents and Settings\All Users\Application Data\nunayeta
C:\Documents and Settings\All Users\Application Data\nunoloje
C:\Documents and Settings\All Users\Application Data\pilabuma
C:\Documents and Settings\All Users\Application Data\pivumuwe
C:\Documents and Settings\All Users\Application Data\pujorila
C:\Documents and Settings\All Users\Application Data\raramuge
C:\Documents and Settings\All Users\Application Data\rudadiza
C:\Documents and Settings\All Users\Application Data\tazofehu
C:\Documents and Settings\All Users\Application Data\vopuvemi
C:\Documents and Settings\All Users\Application Data\vozafiwu
C:\Documents and Settings\All Users\Application Data\wazuloro
C:\Documents and Settings\All Users\Application Data\wuduzuli
C:\Documents and Settings\All Users\Application Data\yawiziga
C:\Documents and Settings\All Users\Application Data\yefanopa
C:\Documents and Settings\All Users\Application Data\yejimoya
C:\Documents and Settings\All Users\Application Data\yelesato
C:\Documents and Settings\All Users\Application Data\yihovepe
C:\Documents and Settings\All Users\Application Data\yikiduta
C:\Documents and Settings\All Users\Application Data\yujetata
C:\Documents and Settings\All Users\Application Data\zelokore
C:\Documents and Settings\All Users\Application Data\zogadeli
C:\Documents and Settings\All Users\Application Data\zorotahi
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.


----------



## sjajdld (Jan 25, 2007)

ComboFix 12-09-09.02 - Administrator 09/09/2012 16:13:12.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.617 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\puppy.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: F-Secure Anti-Virus 9.20.17320 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\AVG
c:\documents and settings\Administrator\Application Data\AVG\Integrator\DiskDoctor.log
c:\documents and settings\Administrator\Application Data\AVG\PC Tuneup 2011\User Reports\Integrator_report.html
c:\documents and settings\Administrator\Application Data\AVG\PC Tuneup 2011\User Reports\Integrator_report.xml
c:\documents and settings\Administrator\Application Data\AVG\Rescue\PC Tuneup 2011\101018215406084.rsc
c:\documents and settings\Administrator\Application Data\AVG\Rescue\PC Tuneup 2011\101018215418832.rsc
c:\documents and settings\Administrator\Application Data\AVG\Rescue\PC Tuneup 2011\101018220033241.rsc
c:\documents and settings\Administrator\Application Data\AVG\Track Eraser\TrackEraser.igl
c:\documents and settings\Administrator\Application Data\AVG10
c:\documents and settings\Administrator\Application Data\AVG10\cfgall\usergui.cfg
c:\documents and settings\Administrator\Application Data\AVG2012
c:\documents and settings\Administrator\Application Data\AVG2012\cfgall\userawacs.cfg
c:\documents and settings\Administrator\Application Data\AVG2012\cfgall\usergui.cfg
c:\documents and settings\Administrator\Application Data\CheckPoint
c:\documents and settings\Administrator\Application Data\CheckPoint\ZoneAlarm Toolbar\.version
c:\documents and settings\Administrator\Application Data\CheckPoint\ZoneAlarm Toolbar\ExceptionsSites.ptp
c:\documents and settings\Administrator\Application Data\CheckPoint\ZoneAlarm Toolbar\PTPCACHE\3512EA53567234CB57EDF6FA7BCBB1DD
c:\documents and settings\Administrator\Application Data\CheckPoint\ZoneAlarm Toolbar\PTPCACHE\5B40DBFD11868CBCDD088228DBF1EE63
c:\documents and settings\Administrator\Application Data\CheckPoint\ZoneAlarm Toolbar\PTPCACHE\86D670050DA6EE1ECBF1607CF04571D4
c:\documents and settings\Administrator\Application Data\CheckPoint\ZoneAlarm Toolbar\PTPCACHE\A3E75D1A6128C290181B832ED642BE69
c:\documents and settings\Administrator\Application Data\CheckPoint\ZoneAlarm Toolbar\PTPCACHE\EDF17C4FE201853537E9B49E9C8C1CEC
c:\documents and settings\Administrator\Application Data\CheckPoint\ZoneAlarm Toolbar\sites
c:\documents and settings\Administrator\Application Data\CheckPoint\ZoneAlarm Toolbar\TrustChecker\tcdomain.cache
c:\documents and settings\Administrator\Application Data\CheckPoint\ZoneAlarm Toolbar\TrustChecker\tcip.cache
c:\documents and settings\All Users\Application Data\Avg7
c:\documents and settings\All Users\Application Data\avg9
c:\documents and settings\All Users\Application Data\avg9\Cfg\changecfgreg.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\krnl.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\mail.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\malrep.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\scan.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\sched.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\update.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\user.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\falsealarm.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\krnlall.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\updateall.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\userall.cfg
c:\documents and settings\All Users\Application Data\avg9\Log\avgcfg.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgcfg.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgfrw.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgfrw.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgldr.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgldr.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgldr.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgsrm.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgsrm.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgtdi.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgtdi.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\commonpriv.log
c:\documents and settings\All Users\Application Data\avg9\Log\commonpriv.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\fixcfg.log
c:\documents and settings\All Users\Application Data\avg9\Log\fixcfg.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\history.xml
c:\documents and settings\All Users\Application Data\avg9\Log\vault.log
c:\documents and settings\All Users\Application Data\avg9\Log\vault.log.lock
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000001.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000003.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000005.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000006.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000007.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000008.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000009.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000010.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000011.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000012.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000013.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000014.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000015.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000016.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000017.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000018.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000019.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000020.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000021.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000022.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000023.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000024.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000025.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000026.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000027.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000028.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000029.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000030.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000031.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000032.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000033.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000034.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000035.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000036.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000037.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000038.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000039.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000040.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000041.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000042.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000043.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000044.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000045.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000046.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000047.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000048.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000049.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000050.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000051.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000052.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000053.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000054.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000055.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000056.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000057.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000058.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000059.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000060.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000061.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000062.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000063.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000064.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000065.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000066.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\srm.idx
c:\documents and settings\All Users\Application Data\avg9\Temp\003ee4c0-f27e-424f-aa65-7d48e19a9813-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0060baab-89cb-44ab-92d6-4b9d4b47700d-550-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\00dd4a6a-7fd2-48b8-afb2-e3d80f162ecf-530-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\00e137b8-58fd-430f-b311-c62a23b7b01a-560-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\00edb8d0-8ef0-49d3-864a-d46598fbcc9c-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0201cebe-d705-4cc3-9cf3-f6c6bae7b9e7-598-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0419d1f3-1e98-49aa-bc30-075a49710c34-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\042886f7-3345-4fc4-bba2-f97b93e7c396-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0458955d-fbf7-41e5-8e73-d476b1489e7d-594-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\048341ca-92fe-4175-af0c-c462ed09a95e-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\050e0423-317a-456e-b387-547fbe6e076e-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\058106f8-51a8-4fe7-8549-d598cab88f97-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\05b05dfc-1ee8-4707-80f3-b126a9a98313-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\06594aaa-1e79-45cc-92ce-23f5408bd082-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\066b726b-42a6-4506-88cf-88e525923539-640-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\07a19dfd-d0b0-489b-ae2b-063360e89864-53c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0800441e-0894-45a3-a6f4-b36dcfab0076-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\082021f0-017e-4838-8ef0-8aa687775758-568-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0860df7a-56ee-4199-9b73-43fc47318502-598-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0ab0cd7d-c888-400e-8634-590816506703-530-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0c682f77-39d3-4026-ac33-c6478537d125-518-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0cb7624c-00fd-4bdb-8fd9-790f1cf51c84-58c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0d00b59f-b235-4eaa-ac36-5b4e3c51e466-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0eec95bd-0a41-44c7-bc02-7539c21cde16-56c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0f33ad3e-7b22-4508-ae9b-6aaebe278c31-594-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0fc691cb-f7d6-434e-a6e3-cce4d25deb23-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0fe66d9d-f0c0-47e2-8edf-a41d8a2a4205-51c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\105e52cc-8b3b-44bf-8a74-45d352cb3373-574-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\106fc032-9a59-45da-a10c-3660dbb0d140-564-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\107b0092-2d59-47d7-8bf7-4cecde835414-564-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\10fd76b9-9aef-4502-aca7-be9568d41539-534-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1195fce1-1250-4386-acaa-539c1fee2879-51c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\12050b88-d264-41cf-b64c-de9d6f79cab9-578-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\12d2c836-2bf8-4e59-b742-1fbc7ce754f2-580-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\14f1a6d4-d6e1-4aad-8e33-5bcc2ca55a0d-560-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\162851ef-37a4-4ad3-aa33-5fb3a0cb6a5b-550-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\162c3d3d-10d0-452a-ad92-4206b46ceca6-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1756a7f3-05e5-42f3-a5dd-3a427ebc5ed8-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\17758aaa-606b-47c0-8b64-1b6085a835a1-530-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\17956c62-bcf1-4c8d-b1eb-fc7d8c950b69-598-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\17b25be0-0101-426c-9bbd-fb458abec5b8-594-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1800d073-46cb-4246-a07c-9bdb3aefc50e-554-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\18810bc8-710b-4ee3-9868-1ebaa0ef6c6b-5a8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\18b062cb-3e4b-4504-9312-f9497fe060e8-578-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\196bf9b2-8e50-4671-a64a-4b6ec3f965ea-560-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1a913561-0647-441e-b1e7-68a90737bb24-54c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1b4b9075-15f6-43fe-985b-cb0428ffa65f-57c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1c042d42-c897-46a4-a91d-260ebb372b48-578-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1c04f26a-ac93-43b6-858e-4325f1e4f538-51c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1c19463e-0dee-4f4e-9bc6-033fe74cb1b0-5b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1cb7b2c9-2131-4591-a5d3-7d94bde6ab0b-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1cd79480-7db7-4a5e-8b59-5eb1c4d382d4-530-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1d304f59-b61d-4d6e-b98e-1db8c5f784e4-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1d8f3833-92f4-4e3d-9aa6-c2a0a62b86a5-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1def97b6-c44a-4745-ab97-6e46545dd521-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1e0aced8-ea97-4482-b60d-64bfb819c34e-574-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1e4b4ba3-c167-47be-a176-2f48605f3c02-53c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1ea7ff90-be84-4837-9655-f04b6c62a4e2-530-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1ea9f3ca-d3f9-4625-930a-d2a17525c05c-56c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1ef63266-84ae-43eb-b9fb-a2130320ef40-578-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1f72c22a-5462-4858-90a1-2f6d6df1c84b-570-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1f871dde-3cab-44c9-aa99-044c0b78e862-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1fa21348-bf06-4e3f-8dc1-0118fdc33de0-58c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\202d1759-0174-46ff-b98a-89e44099349f-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\20ad9466-d0a6-4563-9ac5-0471180974ab-58c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\20bb0f98-a4fd-49ee-ae73-09c73f2e1146-56c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\20c03d9e-201a-480c-9a21-e4c8c5402c3f-560-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\20e2d1d1-1475-46a1-9a44-ba6ebd7c6b8b-5b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\214b00f6-bf96-4c05-9e9c-74e695a58a4f-5b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\21b6292f-2d6d-40d0-a99f-2f5a79ac0ee3-594-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\22c2eb05-e100-4aba-9ff1-2a620664df5c-560-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\22d218b3-4d2c-480e-8c3b-23401dd8e47a-5b4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\22ef49ef-11dd-4313-9926-0fd6337552c0-540-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\233e3a0c-3414-4b01-937e-caef58c20470-57c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\236a9edc-c68d-4592-8c3e-b847d4f2f7bb-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\23dda0b7-c168-406a-98ca-2f7f863e9a2c-568-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\23eb5ca1-38b1-48bc-95c7-2b831ed3d076-56c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\23fb884f-a4dd-4610-8311-25613648d594-598-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2464b873-4ffe-4c74-876a-ded90e71f457-530-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2482e2c9-b012-4640-95ca-c18ad5eee3b6-50c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2485d5fd-ecda-42cf-97b4-aec138afe5e8-564-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\24e53480-1e30-4bd8-a8a4-5a67e7e13464-530-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\252106bc-9a74-48e3-b1c8-2f6b92f9e0c4-568-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\25317422-a992-49fd-8860-20f81bde7e90-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\253f3012-fb89-42af-bf28-111c5976d023-570-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\25600cdd-1ac5-44e4-ac59-f3366b410cbc-51c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\25efbc84-916c-4334-b333-66a55047eb16-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\28cda2c6-a690-4698-93dd-fc951efba9be-534-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\29f8069b-12b6-4288-8668-e00c402eb752-51c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2ae1b8b3-eea5-4988-a986-1ff63fe6960a-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2ae2b1cd-8c09-4750-aafb-1511f1c71722-520-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2ae2b1cd-8c09-4750-aafb-1511f1c71722-534-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2ae3abe7-2a6c-4517-ac71-0c2da2a7973b-520-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2b3a738c-280b-4c99-98bb-defc400b981a-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2b6cfe7c-d406-440e-bf9e-9e71f42e2776-5b8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2c063520-e43c-4b5b-973d-29ff9c98a13a-568-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2c33d4c2-b70b-477a-bbc0-06223b1aae4c-570-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2c7744c2-c9a2-4844-a714-bee145202831-53c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2c85b913-150a-4cf7-b702-ae72c328612e-5ac-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2ca80e7c-bf01-4da3-a28e-8136da54ab84-4cc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2d84bff9-78a6-4d2f-b58d-b7561147e015-560-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2d9dc129-e48c-49b7-9b00-d3cbfbd01819-57c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2d9fb563-fa01-47a6-98b5-b52104923593-5ac-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2db023c9-091f-48c0-af4d-a6ae8d78d360-578-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2f76bf36-c66c-4dbc-88ed-948cccc421ef-63c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2f971d7f-ec9d-44bf-ba44-e62c4dc1cbad-580-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3020ed9d-74a4-4aca-810a-94f314640b43-58c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\308e022b-9654-4a4c-8937-27d8b20e2d6a-520-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\311948f3-7cb4-45d2-9f4f-a7536755bed7-56c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\316740f6-0188-4ef8-9732-6c51dac2ef6e-594-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\32648e7b-69b3-4530-be96-76c9e97287eb-560-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\32a4112c-a21f-4aa4-a78a-4b36dfd87f85-578-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\32f051cd-2d82-48ca-8746-11c713d5c9b2-518-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\333b9754-1a80-4728-a68d-e13c96f292c6-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\33aaee9a-e023-4b70-9809-6cd1a60e4d9b-56c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\33fbd9d1-a0be-4025-93d5-1e057d3b8064-598-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\34036e9b-fe86-4b93-a2af-48edddde1a9c-5b8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3417c854-c07d-4863-b672-12ec216755fb-584-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\34a3cd5f-283d-4fc4-a971-a499bd3b3171-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\35a2d345-8ada-41fc-a8fb-ae7d0c5bb058-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\35b04897-d642-45af-b7ea-9e0e8962e954-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\35c1f7b5-8952-4990-b7d1-864984b820cf-560-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\35f00d01-b3a0-4de9-892c-6a2af1387a9e-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\37149154-0bd3-41f4-b66e-7e189c0905b5-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\380db1d2-f7e0-490f-b024-ae8f25a78239-588-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\386d510d-cc29-45de-a963-51e4454b6b64-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\38ad1096-2198-4d3f-b7e6-0a3a0404990f-5b4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3908c484-1eb5-4eb8-acc5-ca3c100600ef-550-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3a4f1dbd-3288-42c0-88ad-b6607f8247b8-5ac-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3b9d5778-5b4f-4ead-a9de-730c646012fe-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3bd82f93-5e82-4c91-b8c1-5cd6b89621fd-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3ca7e55c-567a-47e2-ba2d-941076e32c4e-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3d101481-019b-4e45-be85-4e884e0d4b12-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3d217c06-88ca-4e87-905e-2a4f2fd48540-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3dc0e1b1-151e-44f0-95aa-90df5d511cfd-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3e7a3cc0-4a1f-4270-8353-fe1bd816ebef-56c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3ec6a516-432d-40b0-a53d-7f4aeaf54477.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3f528172-17f0-4856-8fd8-4c784fe92cda-530-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3f755658-d390-4852-be7e-24ad1294e98c-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\404c9b09-a061-4e38-8b04-720a89682977-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4070abc7-7805-4222-9d38-2e2916661b39-564-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4081d875-e431-4f76-8b82-27072ddb2057-520-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\40bca9b0-6075-4c81-95a6-fc0bd8f3ccb7-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\411a57b8-faf6-4bc1-8bfa-b32996d6b4b0-58c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\42513ca5-9d0f-4d75-91be-a5db2c4dddc6-594-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\437aad40-f3c0-4b77-8894-a6fc45bccfdf-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4406ac65-ed30-451d-bd14-9ada54242737-604-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\44354327-44c5-4ce5-9acb-f82189d5d4e1-53c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4479b326-565c-4db0-871f-b0e194dc4ec6-534-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4494ea48-7ca9-4aed-9295-a55af8983cf3-55c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\44d56714-5279-4d29-bdfe-71e3a0deb5a7-534-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4502ffd5-9d59-496f-9bc2-394096435e1b-5d8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\452e63a5-2fd2-4400-9482-289812735166-574-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\453cded7-0328-488b-a830-2cee3898ed01-588-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\45428387-d7c5-4fe3-84b6-0ead8ca956b5-55c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\45deb539-c44f-47b6-ac40-0f2f5ba217ca-62c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\47472422-d372-4d21-8b71-417e308d0a04-534-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\47625c44-f9bf-4b5e-96e7-36f89449f931-560-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4929f0d2-39d2-4b02-a9ba-a6fa6ac4e758-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\49372b45-83d4-4fe6-9c5b-2798392acac5-62c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\49714458-22a1-4e0d-993a-f88d1596f794-c24-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4ac27014-4f97-474e-aa32-311cd2bf7ab2-58c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4b9cafd4-f9bc-4eb9-85a3-f56c6f2201ee-61c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4bbb9092-3aa4-4f68-a4e9-61935b5df736-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4c27b2eb-218d-425b-aa2b-08419647172b-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4d23c59d-4861-4604-a7cc-25ef82a695e1-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4d83a1b0-39ad-45c1-8499-ac2d6b9db41b-55c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4e894346-5bad-439f-9189-eadf697f4d22-580-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4fa7ea2c-76dd-46de-8d4c-dc324c1a0923-55c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\51d63735-0a92-45ac-b5a0-ffee2cc0c953-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\51e764e3-76bd-4200-a2ea-f8cc4434cd71-5a8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\52d151cd-9303-4b8e-b0cb-2580663fc6f0-564-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\53cb29ac-7981-4ea9-82a9-54642f4c2ade-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\540502ce-5762-4ced-8a57-324d28845525-554-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5465a209-2daa-48bc-8496-d6a149273e50-520-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\548778f5-c4f7-4a18-ac07-a4f6b3d4164b-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\559dc9ae-73b5-4e37-b3a8-bf02510f0214-560-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\56cdd814-3a67-4058-8679-9afe6f70ddfb-520-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\56eeb4e6-3451-43ed-ad75-7137283d34dd-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\57d3b481-786a-4124-b7f7-bb9836a6ab11-51c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\57e1eefb-a9cf-42e9-a357-c740eb59aefe-568-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\583021d1-6ff9-4c9e-85fd-7a088218f95c-534-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5b8ad88f-f7c2-4735-a59c-95002c0e2bbe-5a8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5cc66812-d014-417a-8571-725665b53d6f-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5d90318d-eee1-4174-847d-c63e0f61c677-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5daf1444-4a67-4641-aa04-a75b164e9c40-56c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5f1163e7-e095-44bf-a813-914a77153888-568-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5f24cb67-8d17-44a1-8020-78f2b2db576d-540-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5ff18715-e7ab-412a-8017-b911bf48e1a6-518-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5ff66d7d-5e3b-4b48-85eb-937e85cae409-50c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\602e536b-0154-4cfd-8baf-85301b410e1f-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\607fc012-08d4-4940-9819-26c2d6507345-520-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\61987baa-49d8-4128-907d-35c3a54aadfc-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6231fbec-5f9d-4d73-91f5-c1e60d454155-598-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\626fc63c-9e98-47e6-a2c3-97e6c43b5285-560-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6275aca4-1527-4104-a797-71548abd55e9-55c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\62948e5c-70ad-46d1-8d1e-527191a92bb1-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\64e57678-80ac-430e-b954-5f9811a88dcc-530-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\661c5b66-23c5-45c2-bf18-504aa81fb7e1-530-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\663a4403-e0e7-4bc8-a42a-3b4cfd2b0d91-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\67514d1f-8a16-4ae8-82f2-55c5dbd6e0c5-598-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\67f7d404-ce4f-4bfd-b7d6-838df32593ac-564-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\681288b5-adb8-41ad-b0af-88a973ff4e7c-598-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\682e7e19-5565-49c4-990c-9155c04887b2-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\69656306-f87e-4b79-9fd0-820757bfb1c8-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\698973c4-d021-4f63-b105-3e26e4bea38a-55c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6ad2c031-20bc-40fa-8fd7-1780b5faec85-55c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6cb785fb-2380-4ca3-af95-7317a01249f2-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6e270e18-eb12-4ae6-9804-69adb68de826-5a8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6e2cf480-61a1-4404-9dd8-431b7c0eea8a-584-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6e8a9ca7-7433-436b-8f6d-e57491d36ee4-594-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6f936b49-edfe-40c6-82d5-f345baca3e2c-564-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\705ef305-8d2b-4c9a-9ec8-5b5f4c04123c-564-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\707fcfd7-8615-4f2f-85c4-329805d1691e-580-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\71382beb-96c4-4f0e-ad38-95f326985459-598-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7166c98d-6992-4b2e-90bb-7215c51a606b-568-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\72000131-79c9-427a-a95a-fda46d84db2f-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\721462cb-c4af-4023-82dc-da68592a7b2d-574-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\727344c4-1797-4119-9e34-6b8b9141184f-578-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\734b47b8-66c8-42d8-88a1-cc1af0a1a443-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\73de2b45-e27b-401e-80e9-2f5003d70334-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\741458d1-8a23-47d1-ae86-22955adf46e0-564-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7437ecfe-a3d1-4407-b4de-021cac1969e3-518-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\74479c22-318f-4a48-ad90-e1764d71bca7-574-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\74a7fba5-63e4-4251-be80-8d1cfba30c23-56c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\74f53461-8cab-4f3e-9fb1-49c9e181d668-538-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\74f62e7b-290e-4d05-a026-3fe493625781-578-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\75417402-170d-4d63-bf6d-0f5a157f2095-5b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\754fef34-eb64-41ef-941b-13b03ca3bc30-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\762733e6-b835-47d4-a0a1-610db277fd1b-5b4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\76578404-22d9-4dbc-9dc0-33b7424872b0-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\76c7d463-85df-4fcb-90b0-b5670444ae9f-570-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\77673327-b097-43fc-9772-1112e3a1c574-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\77e28814-6447-457b-8989-ba83841f696f-58c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\78ec58b0-0365-4177-8327-d33608131d6e-538-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\78feb950-28f8-4080-9675-a6199abbd8b4-514-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\790aff96-1d94-44b6-bfea-c689ecaeda6f-58c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\791874e7-69fc-4868-8ed8-b61a6ab5126c-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\796cd5c3-ac44-423a-9e2c-44e3878579c3-560-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7988896f-b1ff-478b-9d3a-54e0625e194a-560-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7ac35baa-2d43-4396-a75e-29e40d76c4aa-568-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7af5a5e2-354b-4845-a4f2-f1aa4e28ba58-588-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7b0ea131-1a42-43f4-86a5-f95a8f938ebe-598-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7b5cdaec-4308-40e1-a7d6-b50675705804-58c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7baa13a8-6bce-4cce-8907-71b35b4e2349-57c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7c689dc2-f79b-4acb-9d28-b00f0228297d-5bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7cf9467d-32f8-4782-abad-247bf20c6ea7-55c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7d3fa69c-a868-4dc3-861f-1a83afa83458-580-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7e39c12e-4c77-47c3-888c-b50b04d81276-680-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7e7b79d1-3e4a-4dec-9784-647d7571c139-60c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7ea8d5c1-5389-4326-8978-d4fa87d1531c-598-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7ee79a2b-30e7-4b61-9cbb-a016efa7e565-570-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7fe4e8b5-73c0-43f8-bcea-a1ada45a992b-578-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8050c950-db08-41c4-9f13-5a8ec7d00429-520-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\806db8d3-fbc7-4a02-83b0-4e746bfcdac0-570-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\80ef70b2-0b4f-4bf4-8eae-b8cc67be3494-560-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\81189f96-be0d-4530-9b35-c23f0ebd8cff-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\81bbf18e-248d-46f0-a5e1-0b2151daa406-574-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\81e94892-f1cd-4e10-a08b-e6b030cb9882-530-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8210c6fa-0cb7-4f83-9476-fb9ae57a886a-5b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\82e4622a-7b3e-44f2-9bb6-0d426a4a951f-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\837b2910-713f-469b-bdd3-8f1739d75d57-564-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8444f96b-17fb-476f-819f-f8c48ba24afd-598-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\855039d0-85a9-4acb-a554-036f3477e819-538-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\860a94e5-9457-4aab-8cc8-66ca553ed354-5b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\86c8dc41-a184-4382-bed0-b758e4a52491-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\87330580-ea08-48ad-839e-68eb6eaec46d-568-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\879699ef-fb18-400b-bfc7-f977f113aeca-5b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\87c6e90d-66bc-46f3-bce6-ca2181e4235f-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\87f35478-a8f5-4540-9b74-1eadcac4d8c4-140-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\88107152-d15b-4b77-be46-87651c74a16a-5f4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\887e4b07-d807-470b-a2e5-3761f1cb8d81-534-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\890a4f12-3fc8-4e6c-95e3-ca0e8d9f69f7-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\89475c20-fc62-4d05-88ca-8ddc5b092f1f-570-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\894a0e9c-9438-46cd-a266-82644c5997a2-568-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8a82f383-5ca3-4722-ae5f-7ef73dcda56f-54c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8b6b9fbb-b1a4-4d49-8cbd-a91b94692088-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8b888e39-f6b4-4428-b68f-a8e39292dad6-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8d8d30d4-f362-4365-bd4a-dab435778e25-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8e371d7d-1845-40cb-945a-57632757c04b-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8eac128c-4ee8-4832-a3d0-bbd13c6365ee-564-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8efd3e7b-b276-41af-87ec-64b485023165-578-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8f23bce3-ce5f-4222-bbd7-799f3bb1214d-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8f41a580-8b81-4927-a0e9-64a190bd76fd-534-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8ff65ff9-9e83-49c9-81a2-942b0ea0ade9-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\90ad5bab-5e4e-43f7-a0d6-1375b1c17426-3bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9117f018-bbef-4045-abf9-bbe355b037cf-578-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9136d8b0-9e63-45eb-9640-b0c505ba7137-5b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9155bb68-fae9-4ab8-bcc7-91e30ca64800-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9233e57c-639c-485c-9456-c38fa2f97005-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9240a16c-b592-410d-8b1e-b5b2e091c197-50c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\92c0e3a7-426e-4fe3-8194-417695b0e8dc-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9330f24e-0282-4d2c-8b37-cc77e53b8a1c-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9456b16d-c15d-4166-a871-d8100d5b13b3-55c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\94d5f3a8-4e39-4f3b-9fe8-65d4c27a3af8-538-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\94fabcc8-204e-4d27-8a43-205f8fe71324-594-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\95d00c40-d8aa-451d-9a13-8c66fcf83794-56c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\961c4ce1-630d-4343-bacf-51f731f581c1-588-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9722e797-fd1e-4048-82ff-7be386bab629-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9762ac00-d97c-4983-9441-47ffee914772-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9793f151-7433-4177-9557-70f6a2d7b902-608-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\985dc0b8-dbfe-4f8c-8bad-59cc7ff2e170-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\99142e73-5c27-4156-bb2c-ef963f1413d0-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\994ad6c7-e1be-4bdb-8288-b7d142a48d12-bb4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9979b51c-83ac-47a3-b30a-6178cc3b1aa6-580-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\99882388-6d77-4a1d-846d-4824fb23d3bb-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\99882388-6d77-4a1d-846d-4824fb23d3bb-558-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\99b7bb43-ddaa-4504-a866-1b614c8561e6-584-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9a01c7f8-8a52-42d4-9de9-fc0dab511033-560-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9a53ed02-8b44-4a17-8279-9c0ca5cf5cc3-578-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9a833d1f-f6e8-40ff-bf99-6eb635a1d158-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9a843739-944c-4ec6-800e-64d1e7825171-598-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9b0a969a-031d-402e-9151-0aded547df7a-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9b0b55dc-857e-4b09-ae38-1d11bdd42a83-510-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9bcd8a8d-4683-4195-9d6a-471007de1953-598-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9c330736-59cf-4e31-8727-0c00eeb7d194-558-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9c38ace6-2c6b-4488-a3ad-eebf42c83a49-530-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9c456eb6-0651-4d13-9f35-f3a8287def79-558-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9cb929f3-fb9d-43ec-84e8-694c1b387a55-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9d602367-e5b9-43c3-980e-f9c5a957aa49-558-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9e2ce6fb-a1e9-4284-988f-44c805e4b469-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9f549855-763a-45ac-b27e-33b736c75a7a-554-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9fa4896c-bec5-4b3b-b10b-f8b1b512f0e1-594-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9fe154c1-d86d-460e-bca4-c4d1110b1d5a-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a04d771a-be55-4900-83e6-6b7f4cf43d50-530-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a0ad1756-949d-45cf-bc25-0fd46d98267a-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a0af5228-d5f3-475e-a6e9-fd9e90e94042-53c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a0e05ba7-3a09-4846-bb2e-cdb5602a9c41-518-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a0ec1e7d-ee9c-4230-b181-c8beece26dbb-58c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a0fb92c9-6056-4583-86a4-c32fc4e78a6e-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a148d26a-ebb8-43a9-a760-89c0f8e4d49b-574-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a221ce78-d84d-4330-9242-e06b0825e1a8-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a2b0bfd7-f3e7-4646-826a-4b895f9c5ab0-568-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a2e5fc43-36b6-4784-82e9-0086030f5090-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a2f4718f-a871-4ad7-970c-fbf7db146d44-580-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a30e6dde-8d68-4586-b9bf-02a71c7f41aa-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a32d4f96-e8ee-4a53-9f46-e3c5236b1872-598-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a37f75a0-eadf-4197-84d6-82c31dea6502-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a4266f14-d4fb-426d-98fc-133bac0995f6-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a465763b-2ff9-4fce-8e58-cc252c53dc37-560-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a4c5d5bf-614f-47d7-9e48-78cbda862bb3-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a5adc98f-e130-429d-aab5-af644cafa319-540-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a7623855-17b3-4626-8ec9-2f6d58d60c0a-55c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a7652b89-527b-43b5-91b3-1ca3bb960e3b-564-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a87dec06-f61c-4cd6-88a2-3489d9b0c7d9-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a8c0e55c-b134-4566-851e-e68a15b8f403-568-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a8ea4f12-a549-4130-bd69-dec7e0096635-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a9e94f17-80f6-428f-b733-d3e6860b817d-560-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\aa23ed61-42d3-4ee5-9b53-cee6b6ef77b5-56c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\aa63abea-9743-4647-a9d6-863c75a8a55f-594-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ab1c0ddf-2ee1-4600-950a-fe5d3f8df439-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ab78c1cc-2bfd-4679-8be9-be5f4b905b19-534-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ad8f05bf-f030-4886-8e40-bcc1f28d635d-570-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ae5bc853-ac61-4748-8ec1-07c54e1a6d7e-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ae6bfbe7-7a29-46d4-ba96-0a87b4aef083-520-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\aec8a8ee-15aa-4514-b1ea-c1a57191d87c-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\aeebb9ac-ec4d-49ff-841f-7dc4fe90ca3e-560-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b01d7679-75e5-4dce-9cc0-9d595d145842-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b0bcdc24-0239-4338-a10c-02e98b90eefe-578-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b1081cc5-8d9b-415d-81c8-c87ac08e382b-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b195fff4-283d-4b9b-bf9a-2a45424f4965-374-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b1dbbfdc-5dbf-4805-8793-e307927dc5c7-574-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b2714bea-38bc-47c1-8521-82f298b757ef-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b29327b6-57f8-49f6-b352-640caa819388-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b31c7365-9ef5-46b5-87f5-ed6bade8a3dc-558-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b36a6b68-24c9-4fdb-bfd7-b2692155d473-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b38a8fd8-2342-476f-8ead-8b359ab244ea-574-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b3cc05bd-9775-4972-ba8b-4cd9f2d93eb7-53c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b466c0d2-ee90-474b-a5c7-c7c57e25ecd7-558-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b4c36dd9-8811-468b-9c1b-7ee33b07d3d0-568-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b4d68dc1-0ab2-42ce-861a-59175c3ff469-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b4f37c3f-50c3-49ac-afec-58df5a68aeb7-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b503eaab-3a8e-4b26-804f-3e8b895068cc-564-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b5106cc2-7081-41ea-9388-4cc5fe94844f-5bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b5b0cb87-9a39-451b-994a-a871def09b24-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b5b10659-db8f-47a9-840d-963b0142b5eb-55c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b5d2a173-3186-4677-82bb-76c5479e731e-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b64a859c-f154-43f5-8485-225d693c4844-558-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b7088c46-363c-4a64-870a-715b2d341c1b-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b83003c8-ef89-499f-bc6a-7c6194c48c1c-5ac-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b8304480-937b-4d65-a5b9-7410063526ca-55c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b850df99-e873-4d33-a366-539a4d90e4fd-594-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b8fd012e-ec10-4aef-a6af-b52f13a2b003-574-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b917fd7d-d107-459e-8762-bcde540d8469-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b94512c9-fb55-49f7-9abe-a0bfc18ede37-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ba233ddd-6407-479b-b14d-d26a57e0063d-594-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ba41e6bc-99d5-4ef8-b451-3ab4562da3bf-628-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\baa0cd9c-5a0e-4ba8-8e28-6aa61bafc5ff-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\bac2a388-f15b-4d04-b799-38fa855d9df9-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\bb5e15ff-42e8-46df-bafb-b05351183284-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\bc25eb45-25ed-4a4a-b61d-18049804b95a-58c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\bc355ab0-0fb9-4cc4-8680-feb0c7ec736f-58c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\bc77114e-27de-418e-9bad-b803928306ea-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\bcd9aca3-9a8a-4c24-9561-527363076f2d-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\bd0ddf15-a5ce-4410-8289-4e9d092e32c0-504-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\bd3dee7a-6d80-4631-965a-2998278f0da7-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\bea817b9-b505-4b5c-9b28-d92cb198ac84-534-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c1086c42-afcf-4b13-97c2-ccff617fc8b3-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c1a7d2ed-3b23-407c-9d0e-328f8ffb5e6f-598-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c1c8ef76-d8ff-47d7-ad58-0176b9394fff-568-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c216e77a-5dd3-40fe-a53b-c6742da68096-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c2719b67-5af0-4176-9b1a-867639a8e777-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c2f50ba8-64e9-4d69-be3f-ee3b75d928b5-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c34d1f87-2966-4569-969f-87b1fd6e0b95-2f0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c35e3acd-0f0a-43cd-8297-a8b34d024779-58c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c3ed320c-b292-46bc-b780-28964c972420-5b4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c4066f13-3a7c-4532-8181-27f5ff739234-55c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c648a12c-35ce-4c55-af46-41fc35fc3dec-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c82e5a30-4e06-46ec-8bba-7fea2ad7b7d3-594-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c87f8619-d7e7-4e09-b50a-33aecc736702-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c8a0a4a3-74c3-4564-8554-0295f7b15892-51c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c9cacca1-c5e5-4d67-9451-02234f903016-56c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c9d74db9-fbd8-432b-a78a-105ec4d44c98-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cae1d5bc-6e15-4c87-b219-1d9c2d3a034a-534-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cce57d3e-cd5e-4cfd-b85e-59511f3e3680-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cd4eac63-787f-4261-bcb7-13c9f8685544-534-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ce4807b3-a5e2-4c0a-a031-310aa457ec8f-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cf524efe-752d-419f-8371-469a9b4c0993-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cf63bc64-844b-42b9-990a-37272431a75f-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d0dd59ef-3f8a-4a38-b4fb-e22b864064f0-530-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d17ac57f-2e7a-41d9-b8d2-51a003dc7a93-598-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d1a72269-5d56-4a32-b207-361330ededf7-530-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d1da66bb-03c2-4da9-b211-f5f4237f63be-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d1e722ab-55b8-465a-a9d8-e6186117b550-5e0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d2835369-0353-4b6e-83ec-67c2bb61b02c-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d448367b-ab90-424a-bc24-e13d9f8d36d1-530-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d475d51d-7e5f-4e69-a0a7-be5f3e0e43e3-540-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d48836bd-a3f2-4d72-b3f5-9142d0b7fe2a-560-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d4e69c26-38e4-47b3-8270-47cccd09cd8d-580-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d51106db-2cf9-447d-babb-3f0997593fbf-594-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d59183e8-fb2b-43e1-9af6-ba9770c97fcc-530-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d59e45b8-d510-4c6b-967d-c080577e34fd-56c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d5ff9f5b-7f77-449b-a2ad-58615d9320da-568-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d6d8dc22-0fff-47e8-b6dd-a7badf45c695-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d7b455ba-e0dc-4cc4-b4d0-e4de84488618-5dc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d7e55d39-46f1-4dac-8916-b4f55389e218-580-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d7f2d971-f4f5-4297-978f-ae6a20b09afb-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d9d69e3b-f7b9-4e40-b64e-09020bc8f768-5a8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d9d89855-951d-4d08-b8c3-001dbca87881-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d9d89855-951d-4d08-b8c3-001dbca87881-5ac-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\da503bc6-b2f8-45be-913f-b4066cd6b4f9-534-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\db0e8328-9ad2-40f5-bc12-fbb3a23f217e-56c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\db3a28b0-cf3d-4e4c-9e21-e1ba8fe0ad78-568-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\dc1a46fe-4e65-4adf-b265-f6bc2ef6f2f7-568-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\dc56d67b-4c09-43c4-996f-ddf2c19be960-580-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\dca451ef-18c2-4378-a4ee-924d19ea4d54-570-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\dcf72f5a-1425-45bc-a1a5-30b953d8804e-5a8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\dda15ebb-ddfa-46e8-a104-a516b6294b23-58c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ddce7aec-69e5-4b7a-b2eb-92db71c925d8-520-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\dde1e16c-1666-4b5d-8af8-7984ac8f44bd-564-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\de0858ee-cfb4-4a97-8059-8589131eb4be-534-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\dec8d542-70f5-4682-9030-a53bc4bbd76c-558-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\df02b343-d6c5-459f-9e9e-98ea66106752-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e17957ba-cd4d-4fb5-b1e5-42f2bc40be12-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e198fe9a-0dd0-4195-b3dd-3f26f9d95fcb-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e232b8ae-64eb-4f6e-9e19-b91285250dec-560-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e2525aae-1d7e-4074-9b51-a2811aa04a06-560-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e37bca49-7330-4e76-9127-a4a233103c1f-51c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e5dd19ec-0a5e-4cf4-8f36-8e9194d7d767-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e5dd19ec-0a5e-4cf4-8f36-8e9194d7d767-584-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e647422b-53e2-411f-9403-3e241ee17744-520-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e66b1131-8793-4143-bee9-0394396ed057-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e6adc9cf-9fb9-460d-9216-bce7040663d2-58c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e6adc9cf-9fb9-460d-9216-bce7040663d2-5a8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e82d010f-f40a-4b90-b537-90d7bad955ca-54c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e8918f98-a37d-42b6-b2d5-177eef1ec03f-568-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e8adbfd4-662e-4dbb-bfc0-031405ba2f85-568-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e90a6de1-db5c-4e5a-b0df-af51689f32c7-560-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ea30a990-5353-4b07-bb7c-cd8cacdd8800-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ea450444-3b9d-4878-9574-a16c4a64a817-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ea61f3c8-5b5b-40b6-b911-9552ee8f7dae-520-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\eb5f0094-2094-4327-b627-a81b8bcf7c7d-538-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ebc96a8b-0c0a-4b18-a443-505d8749b508-568-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\eca84c01-702e-44bd-94f8-81765c0bc578-5ac-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ece4241d-7362-41a1-a2dc-6a3fb041d477-5b4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ecf686bd-98f5-40aa-b629-3d2242e98fbd-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ed315ede-76d5-4fee-bed8-1c0b3c21ba05-588-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\edc24951-5425-4f6c-b5ab-88259e7698de-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ee27cce0-ca0d-4e40-9ef2-57f9d36fcf06-55c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ee2a7e5c-62e2-4708-b88e-4c82c4bf3789-554-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ee8b18b1-d58e-419f-b242-e6f29643a1cc-520-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ef21a5bf-b08c-405b-b1d0-85dd9c7d33f4-578-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ef833f15-2338-4bf2-ab83-1f4d6d009d38-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f02e20f7-5f90-4646-bf49-7e5268a3ebd7-588-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f0dfed22-9866-4b91-9ca3-cc8ad1e5a079-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f15a83c7-f009-41d7-b809-6daae4d4de22-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f2a5ca4e-de07-4035-9750-3d2067f1a736-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f3deea0d-c276-4478-87d7-1c9c21b9eb13-54c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f3e93053-b713-48ae-b04d-3c0c72acedce-530-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f4032ca3-9c0a-435d-91ff-43bcb317c134-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f50ef55e-b239-4f7f-86dd-47a98fee1194-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f5e38ba9-be24-43b6-8e92-4f6cc49e9f62-534-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f6593be6-a037-4fdd-a523-171f110bdaa8-54c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f698bf97-d9a4-4451-8e18-ec8c0771d243-51c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f6bb8e9d-0d55-4475-b8fe-b0fc23fe2b56-540-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f7e3051e-c6a2-43af-ad5f-bb028a8e9c57-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f7e5fe38-6406-4277-aed4-b21d3b6e1c70-598-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f80d6fda-9565-41d8-9f74-a85dfae029d2-574-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f841ac45-d934-4216-9ff3-5e5a9f531fb1-570-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f8afc8b3-82d3-4271-ade0-0605e51ba577-538-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f9cabe1c-052d-4ce8-8f07-03d0d866faf6-534-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fa4f1d7d-74ff-4d50-a04b-a9ddc62c88ff-56c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fbfdb6bb-ce1b-4246-916c-12305a3ca2c1-58c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fd2fb540-fba5-4adc-935c-29742b32c974-574-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fd9fc4e7-bab9-4825-9cfe-b4757bbc6bb3-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fdaf79eb-cf65-4f3f-9b70-a695c4322216-534-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fe38432a-d07e-4470-9d76-4097e3b7ff0d-57c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fe7afbc8-e8a4-4a3a-b2a3-f9e9ae4f9287-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fea858b1-1780-4393-acd8-de5ddb6005eb-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\feac45ff-f0ac-4ee9-af37-c1aff0018736-598-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ff335dc2-59ef-4b52-98a1-66291d36fcaa-590-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ff429349-5cf2-421c-94f9-53d9ba2d41b0-4ac-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ffc34e1b-9adb-4d09-8eff-dc28ceab5a6a-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ffe565bf-d41b-422c-a0bf-a12baac9cb13-580-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\file9514.tmp
c:\documents and settings\All Users\Application Data\avg9\update\backup\avg9us.lng
c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfree_us.mht
c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
c:\documents and settings\All Users\Application Data\avg9\update\backup\cf.dat
c:\documents and settings\All Users\Application Data\avg9\update\backup\cty.cty
c:\documents and settings\All Users\Application Data\avg9\update\backup\incavi.avm
c:\documents and settings\All Users\Application Data\avg9\update\backup\sb.dat
c:\documents and settings\All Users\Application Data\avg9\update\backup\sc.dat
c:\documents and settings\All Users\Application Data\avg9\update\backup\sc.dat.xcd
c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.dat
c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
c:\documents and settings\All Users\Application Data\avg9\update\prepare\temp\cty.cty
c:\documents and settings\All Users\Application Data\bafekefe
c:\documents and settings\All Users\Application Data\bajibuli
c:\documents and settings\All Users\Application Data\benituyo
c:\documents and settings\All Users\Application Data\bulawasi
c:\documents and settings\All Users\Application Data\dayoyadu
c:\documents and settings\All Users\Application Data\dimadadu
c:\documents and settings\All Users\Application Data\dovazibo
c:\documents and settings\All Users\Application Data\dulosilo
c:\documents and settings\All Users\Application Data\fapumoke
c:\documents and settings\All Users\Application Data\fawuruvo
c:\documents and settings\All Users\Application Data\fevahiva
c:\documents and settings\All Users\Application Data\gahejeyu
c:\documents and settings\All Users\Application Data\gavewuwu
c:\documents and settings\All Users\Application Data\gigivada
c:\documents and settings\All Users\Application Data\hamehalu
c:\documents and settings\All Users\Application Data\hobokuzu
c:\documents and settings\All Users\Application Data\hufovora
c:\documents and settings\All Users\Application Data\jadikure
c:\documents and settings\All Users\Application Data\jopiroka
c:\documents and settings\All Users\Application Data\kemaniwu
c:\documents and settings\All Users\Application Data\kevusowe
c:\documents and settings\All Users\Application Data\kumiberu
c:\documents and settings\All Users\Application Data\lagoguze
c:\documents and settings\All Users\Application Data\mehoguhi
c:\documents and settings\All Users\Application Data\mijejabe
c:\documents and settings\All Users\Application Data\monigula
c:\documents and settings\All Users\Application Data\nakonaze
c:\documents and settings\All Users\Application Data\nobibipo
c:\documents and settings\All Users\Application Data\nunayeta
c:\documents and settings\All Users\Application Data\nunoloje
c:\documents and settings\All Users\Application Data\pilabuma
c:\documents and settings\All Users\Application Data\pivumuwe
c:\documents and settings\All Users\Application Data\pujorila
c:\documents and settings\All Users\Application Data\raramuge
c:\documents and settings\All Users\Application Data\rudadiza
c:\documents and settings\All Users\Application Data\tazofehu
c:\documents and settings\All Users\Application Data\vopuvemi
c:\documents and settings\All Users\Application Data\vozafiwu
c:\documents and settings\All Users\Application Data\wazuloro
c:\documents and settings\All Users\Application Data\wuduzuli
c:\documents and settings\All Users\Application Data\yawiziga
c:\documents and settings\All Users\Application Data\yefanopa
c:\documents and settings\All Users\Application Data\yejimoya
c:\documents and settings\All Users\Application Data\yelesato
c:\documents and settings\All Users\Application Data\yihovepe
c:\documents and settings\All Users\Application Data\yikiduta
c:\documents and settings\All Users\Application Data\yujetata
c:\documents and settings\All Users\Application Data\zelokore
c:\documents and settings\All Users\Application Data\zogadeli
c:\documents and settings\All Users\Application Data\zorotahi
c:\windows\EventSystem.log
.
.
((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))
.
.
2012-09-09 20:08 . 2012-09-09 20:08	29904	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C96723ED-6EA1-47F6-B616-1A48E86730CB}\MpKsl552ba320.sys
2012-09-09 15:26 . 2012-08-23 04:15	7022536	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C96723ED-6EA1-47F6-B616-1A48E86730CB}\mpengine.dll
2012-09-08 16:27 . 2012-09-08 16:27	--------	d-----w-	C:\_OTL
2012-09-08 00:14 . 2012-08-23 04:15	7022536	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-07 00:21 . 2012-09-07 00:21	--------	d-----w-	c:\program files\ESET
2012-09-06 23:08 . 2012-09-06 23:09	--------	d-----w-	c:\program files\Microsoft Security Client
2012-09-06 22:36 . 2012-09-06 22:36	--------	d-----w-	C:\_OTS
2012-09-05 21:22 . 2012-09-05 21:22	--------	d-----w-	c:\program files\Common Files\Java
2012-09-05 21:21 . 2012-08-28 22:39	73728	----a-w-	c:\windows\system32\javacpl.cpl
2012-09-01 15:40 . 2012-09-01 17:07	--------	d-----w-	C:\d80e6c2efb9c4c9564
2012-08-29 17:07 . 2012-08-29 17:11	--------	d-----w-	c:\documents and settings\All Users\Application Data\Tarma Installer
2012-08-26 01:44 . 2012-08-26 01:44	--------	d-----w-	c:\windows\system32\wbem\Repository
2012-08-25 18:27 . 2012-08-25 18:27	--------	d-----w-	c:\program files\Frontier
2012-08-25 17:26 . 2012-08-25 17:26	388096	----a-r-	c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-15 19:36 . 2012-08-15 19:36	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Virtual Prophecy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 13:58 . 2004-08-04 12:00	78336	----a-w-	c:\windows\system32\browser.dll
2012-07-06 02:06 . 2012-07-14 16:35	772544	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-07-06 02:06 . 2010-12-01 13:40	687544	----a-w-	c:\windows\system32\deployJava1.dll
2012-07-04 14:05 . 2007-04-12 14:07	139784	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2004-08-04 12:00	1866112	----a-w-	c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2004-08-04 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-04 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2004-08-04 12:00	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 12:00	385024	----a-w-	c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( [email protected]_03.21.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-09 19:59 . 2012-09-09 19:59	16384 c:\windows\Temp\Perflib_Perfdata_7ec.dat
+ 2012-09-05 22:22 . 2012-08-29 00:10	157680 c:\windows\system32\javaws.exe
+ 2012-09-05 22:22 . 2012-08-29 00:10	149488 c:\windows\system32\javaw.exe
+ 2012-09-05 22:22 . 2012-08-29 00:09	149488 c:\windows\system32\java.exe
+ 2012-09-05 21:22 . 2012-09-05 21:22	203776 c:\windows\Installer\1fced.msi
+ 2012-09-05 21:21 . 2012-09-05 21:21	900608 c:\windows\Installer\1fce8.msi
+ 2012-04-22 01:55 . 2012-04-22 01:55	980480 c:\windows\Installer\1e4809.msp
+ 2012-04-22 01:55 . 2012-04-22 01:55	980480 c:\windows\Installer\1e47e4.msp
+ 2012-04-22 01:55 . 2012-04-22 01:55	980480 c:\windows\Installer\1e47d8.msp
+ 2012-09-06 23:08 . 2012-09-06 23:08	301056 c:\windows\Installer\18261c.msi
+ 2012-04-28 17:13 . 2012-09-06 23:09	109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\SCEP.exe
- 2012-04-28 17:13 . 2012-09-01 17:30	109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\SCEP.exe
- 2012-09-01 17:30 . 2012-09-01 17:30	123352 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\MSE.exe
+ 2012-09-06 23:09 . 2012-09-06 23:09	123352 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\MSE.exe
- 2012-04-28 17:13 . 2012-09-01 17:30	109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\INTUNE.exe
+ 2012-04-28 17:13 . 2012-09-06 23:09	109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\INTUNE.exe
- 2012-04-28 17:13 . 2012-09-01 17:30	109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\FEP.exe
+ 2012-04-28 17:13 . 2012-09-06 23:09	109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\FEP.exe
- 2012-04-28 17:13 . 2012-09-01 17:30	109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\EPP.exe
+ 2012-04-28 17:13 . 2012-09-06 23:09	109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\EPP.exe
+ 2012-03-21 03:57 . 2012-03-21 03:57	6188544 c:\windows\Installer\1e47f8.msp
+ 2012-04-25 23:32 . 2012-04-25 23:32	7069184 c:\windows\Installer\1e47e7.msp
+ 2012-04-25 23:32 . 2012-04-25 23:32	7069184 c:\windows\Installer\1e47c8.msp
+ 2012-03-21 03:57 . 2012-03-21 03:57	6188544 c:\windows\Installer\1e47c5.msp
+ 2012-09-06 23:09 . 2012-09-06 23:09	1826304 c:\windows\Installer\182621.msi
+ 2011-12-26 13:02 . 2011-12-26 13:02	19677184 c:\windows\Installer\1e4807.msp
+ 2012-01-04 06:25 . 2012-01-04 06:25	17751552 c:\windows\Installer\1e47e9.msp
+ 2011-12-26 13:02 . 2011-12-26 13:02	19677184 c:\windows\Installer\1e47e2.msp
+ 2012-01-04 06:25 . 2012-01-04 06:25	17751552 c:\windows\Installer\1e47d5.msp
+ 2011-12-26 13:02 . 2011-12-26 13:02	19677184 c:\windows\Installer\1e47d2.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51	919008	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 11:22	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-06 01:05	344064	-c--a-w-	c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-12-19 22:08	1347584	----a-w-	c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2010-02-04 04:05	107176	----a-w-	c:\program files\Lexmark 2600 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-09-09 20:33	136176	----atw-	c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnmon.exe]
2010-02-04 04:05	660136	----a-w-	c:\program files\Lexmark 2600 Series\lxdnmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 18:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 00:12	143360	----a-w-	c:\windows\system32\mobsync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"seclogon"=2 (0x2)
"mnmsrvc"=3 (0x3)
"Messenger"=2 (0x2)
"McComponentHostService"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\Diagnostics\\LXDNdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009
.
R1 MpKsl552ba320;MpKsl552ba320;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C96723ED-6EA1-47F6-B616-1A48E86730CB}\MpKsl552ba320.sys [9/9/2012 4:08 PM 29904]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/11/2010 9:53 PM 135664]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [1/14/2012 8:44 PM 94208]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/11/2010 9:53 PM 135664]
S4 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL552BA320
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 01:53]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 01:53]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-963248029-2652404320-3942384350-500Core1cc902a60d0ab00.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-10 20:33]
.
2012-09-09 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki...
LSP: c:\program files\Frontier\Security\FSPS\program\FSLSP.DLL
Trusted Zone: mydrivefm.com\rewards
TCP: DhcpNameServer = 192.168.254.254
DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxps://members.ladiesauxvfw.org/EWEBREPORTSERVER/Reserved.ReportViewerWebControl.axd?ExecutionID=idpqch45rkbyrkfgjvf2rrjo&ControlID=79beb4c6385b404d9f2d7e368b1a9fd6&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-F-Secure Manager - c:\program files\Frontier\Security\Common\FSM32.EXE
MSConfigStartUp-F-Secure TNB - c:\program files\Frontier\Security\FSGUI\TNBUtil.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-09 16:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,46,9b,77,1c,6d,83,42,8f,1b,06,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,36,bc,8d,8b,90,21,43,88,81,b2,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,46,9b,77,1c,6d,83,42,8f,1b,06,\
.
[HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,36,bc,8d,8b,90,21,43,88,81,b2,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,36,bc,8d,8b,90,21,43,88,81,b2,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(928)
c:\program files\Frontier\Security\FSPS\program\FSLSP.DLL
.
Completion time: 2012-09-09 16:28:40
ComboFix-quarantined-files.txt 2012-09-09 20:28
ComboFix2.txt 2012-09-04 03:24
ComboFix3.txt 2012-09-03 03:27
.
Pre-Run: 3,399,659,520 bytes free
Post-Run: 3,349,725,184 bytes free
.
- - End Of File - - DCA9CF1726973B65EFB92B3011B5BE35


----------



## Cookiegal (Aug 27, 2003)

Do you use PC Tuneup 2011? Because I had you delete the AVG folder and didn't realize that was in there. If you use it we can restore it.


----------



## Cookiegal (Aug 27, 2003)

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## sjajdld (Jan 25, 2007)

no, i don't use the PC tuneup 2011. The first error that appears under application is on 9/6/12 Do you want those and how far back if so ?


----------



## sjajdld (Jan 25, 2007)

this is the system one for all of 9.7.12 through 9.9.12

Event Type:	Error
Event Source:	RemoteAccess
Event Category:	None
Event ID:	20106
Date: 9/9/2012
Time: 7:13:43 PM
User: N/A
Computer:	SJD
Description:
Unable to add the interface {EA18F0EF-BADD-4E03-9854-45690377F1BA} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: eb 03 00 00 ë...

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 9/9/2012
Time: 7:13:32 PM
User: N/A
Computer:	SJD
Description:
The lxdnCATSCustConnectService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 9/9/2012
Time: 7:13:32 PM
User: N/A
Computer:	SJD
Description:
Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 9/9/2012
Time: 7:13:32 PM
User: N/A
Computer:	SJD
Description:
The Human Interface Device Access service terminated with the following error: 
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7034
Date: 9/9/2012
Time: 4:12:32 PM
User: N/A
Computer:	SJD
Description:
The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	RemoteAccess
Event Category:	None
Event ID:	20106
Date: 9/9/2012
Time: 3:59:22 PM
User: N/A
Computer:	SJD
Description:
Unable to add the interface {EA18F0EF-BADD-4E03-9854-45690377F1BA} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: eb 03 00 00 ë...

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 9/9/2012
Time: 3:59:05 PM
User: N/A
Computer:	SJD
Description:
The lxdnCATSCustConnectService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 9/9/2012
Time: 3:59:05 PM
User: N/A
Computer:	SJD
Description:
Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 9/9/2012
Time: 3:59:05 PM
User: N/A
Computer:	SJD
Description:
The Human Interface Device Access service terminated with the following error: 
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	RemoteAccess
Event Category:	None
Event ID:	20106
Date: 9/9/2012
Time: 1:31:22 PM
User: N/A
Computer:	SJD
Description:
Unable to add the interface {EA18F0EF-BADD-4E03-9854-45690377F1BA} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: eb 03 00 00 ë...

Event Type:	Error
Event Source:	RemoteAccess
Event Category:	None
Event ID:	20106
Date: 9/9/2012
Time: 11:16:12 AM
User: N/A
Computer:	SJD
Description:
Unable to add the interface {EA18F0EF-BADD-4E03-9854-45690377F1BA} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: eb 03 00 00 ë...

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 9/9/2012
Time: 11:15:59 AM
User: N/A
Computer:	SJD
Description:
The lxdnCATSCustConnectService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 9/9/2012
Time: 11:15:59 AM
User: N/A
Computer:	SJD
Description:
Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 9/9/2012
Time: 11:15:59 AM
User: N/A
Computer:	SJD
Description:
The Human Interface Device Access service terminated with the following error: 
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	RemoteAccess
Event Category:	None
Event ID:	20106
Date: 9/9/2012
Time: 1:22:48 AM
User: N/A
Computer:	SJD
Description:
Unable to add the interface {EA18F0EF-BADD-4E03-9854-45690377F1BA} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: eb 03 00 00 ë...

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 9/9/2012
Time: 1:22:33 AM
User: N/A
Computer:	SJD
Description:
The lxdnCATSCustConnectService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 9/9/2012
Time: 1:22:33 AM
User: N/A
Computer:	SJD
Description:
Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 9/9/2012
Time: 1:22:33 AM
User: N/A
Computer:	SJD
Description:
The Human Interface Device Access service terminated with the following error: 
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	RemoteAccess
Event Category:	None
Event ID:	20106
Date: 9/8/2012
Time: 6:05:55 PM
User: N/A
Computer:	SJD
Description:
Unable to add the interface {EA18F0EF-BADD-4E03-9854-45690377F1BA} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: eb 03 00 00 ë...

Event Type:	Error
Event Source:	RemoteAccess
Event Category:	None
Event ID:	20106
Date: 9/8/2012
Time: 5:57:40 PM
User: N/A
Computer:	SJD
Description:
Unable to add the interface {EA18F0EF-BADD-4E03-9854-45690377F1BA} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: eb 03 00 00 ë...

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 9/8/2012
Time: 5:57:30 PM
User: N/A
Computer:	SJD
Description:
The lxdnCATSCustConnectService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 9/8/2012
Time: 5:57:30 PM
User: N/A
Computer:	SJD
Description:
Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 9/8/2012
Time: 5:57:30 PM
User: N/A
Computer:	SJD
Description:
The Human Interface Device Access service terminated with the following error: 
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	RemoteAccess
Event Category:	None
Event ID:	20106
Date: 9/8/2012
Time: 5:50:36 PM
User: N/A
Computer:	SJD
Description:
Unable to add the interface {EA18F0EF-BADD-4E03-9854-45690377F1BA} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: eb 03 00 00 ë...

Event Type:	Error
Event Source:	RemoteAccess
Event Category:	None
Event ID:	20106
Date: 9/8/2012
Time: 12:32:50 PM
User: N/A
Computer:	SJD
Description:
Unable to add the interface {EA18F0EF-BADD-4E03-9854-45690377F1BA} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: eb 03 00 00 ë...

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 9/8/2012
Time: 12:32:38 PM
User: N/A
Computer:	SJD
Description:
The lxdnCATSCustConnectService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 9/8/2012
Time: 12:32:38 PM
User: N/A
Computer:	SJD
Description:
Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 9/8/2012
Time: 12:32:38 PM
User: N/A
Computer:	SJD
Description:
The Human Interface Device Access service terminated with the following error: 
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	RemoteAccess
Event Category:	None
Event ID:	20106
Date: 9/8/2012
Time: 12:17:35 PM
User: N/A
Computer:	SJD
Description:
Unable to add the interface {EA18F0EF-BADD-4E03-9854-45690377F1BA} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: eb 03 00 00 ë...

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 9/8/2012
Time: 12:17:20 PM
User: N/A
Computer:	SJD
Description:
The lxdnCATSCustConnectService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 9/8/2012
Time: 12:17:20 PM
User: N/A
Computer:	SJD
Description:
Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 9/8/2012
Time: 12:17:20 PM
User: N/A
Computer:	SJD
Description:
The Human Interface Device Access service terminated with the following error: 
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	RemoteAccess
Event Category:	None
Event ID:	20106
Date: 9/7/2012
Time: 8:02:17 PM
User: N/A
Computer:	SJD
Description:
Unable to add the interface {EA18F0EF-BADD-4E03-9854-45690377F1BA} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: eb 03 00 00 ë...

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 9/7/2012
Time: 8:02:03 PM
User: N/A
Computer:	SJD
Description:
The lxdnCATSCustConnectService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 9/7/2012
Time: 8:02:03 PM
User: N/A
Computer:	SJD
Description:
Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 9/7/2012
Time: 8:02:03 PM
User: N/A
Computer:	SJD
Description:
The Human Interface Device Access service terminated with the following error: 
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	RemoteAccess
Event Category:	None
Event ID:	20106
Date: 9/7/2012
Time: 11:50:56 AM
User: N/A
Computer:	SJD
Description:
Unable to add the interface {EA18F0EF-BADD-4E03-9854-45690377F1BA} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: eb 03 00 00 ë...

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 9/7/2012
Time: 11:50:41 AM
User: N/A
Computer:	SJD
Description:
The lxdnCATSCustConnectService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 9/7/2012
Time: 11:50:41 AM
User: N/A
Computer:	SJD
Description:
Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 9/7/2012
Time: 11:50:41 AM
User: N/A
Computer:	SJD
Description:
The Human Interface Device Access service terminated with the following error: 
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	RemoteAccess
Event Category:	None
Event ID:	20106
Date: 9/7/2012
Time: 10:40:38 AM
User: N/A
Computer:	SJD
Description:
Unable to add the interface {EA18F0EF-BADD-4E03-9854-45690377F1BA} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: eb 03 00 00 ë...

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 9/7/2012
Time: 10:40:21 AM
User: N/A
Computer:	SJD
Description:
The lxdnCATSCustConnectService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 9/7/2012
Time: 10:40:21 AM
User: N/A
Computer:	SJD
Description:
Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 9/7/2012
Time: 10:40:21 AM
User: N/A
Computer:	SJD
Description:
The Human Interface Device Access service terminated with the following error: 
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	RemoteAccess
Event Category:	None
Event ID:	20106
Date: 9/7/2012
Time: 9:37:20 AM
User: N/A
Computer:	SJD
Description:
Unable to add the interface {EA18F0EF-BADD-4E03-9854-45690377F1BA} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: eb 03 00 00 ë...

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 9/7/2012
Time: 9:37:04 AM
User: N/A
Computer:	SJD
Description:
The lxdnCATSCustConnectService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 9/7/2012
Time: 9:37:04 AM
User: N/A
Computer:	SJD
Description:
Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 9/7/2012
Time: 9:37:04 AM
User: N/A
Computer:	SJD
Description:
The Human Interface Device Access service terminated with the following error: 
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

Can you post a screenshot of the black screen you're getting please. Also. when you get the next one, check the Event Viewer and see if an error is generated.


----------



## sjajdld (Jan 25, 2007)

wouldnt let me do a screenshot... it kept saving in notepad and not as a jpeg....? 
but yeah, i shut it down 2x and both times it gave the following errors:

Event Type:	Error
Event Source:	RemoteAccess
Event Category:	None
Event ID:	20106
Date: 9/9/2012
Time: 10:38:03 PM
User: N/A
Computer:	SJD
Description:
Unable to add the interface {EA18F0EF-BADD-4E03-9854-45690377F1BA} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: eb 03 00 00 ë...

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 9/9/2012
Time: 10:37:51 PM
User: N/A
Computer:	SJD
Description:
The lxdnCATSCustConnectService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 9/9/2012
Time: 10:37:51 PM
User: N/A
Computer:	SJD
Description:
Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 9/9/2012
Time: 10:37:51 PM
User: N/A
Computer:	SJD
Description:
The Human Interface Device Access service terminated with the following error: 
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	RemoteAccess
Event Category:	None
Event ID:	20106
Date: 9/9/2012
Time: 10:29:34 PM
User: N/A
Computer:	SJD
Description:
Unable to add the interface {EA18F0EF-BADD-4E03-9854-45690377F1BA} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: eb 03 00 00 ë...

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 9/9/2012
Time: 10:29:22 PM
User: N/A
Computer:	SJD
Description:
The lxdnCATSCustConnectService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 9/9/2012
Time: 10:29:22 PM
User: N/A
Computer:	SJD
Description:
Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 9/9/2012
Time: 10:29:22 PM
User: N/A
Computer:	SJD
Description:
The Human Interface Device Access service terminated with the following error: 
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## sjajdld (Jan 25, 2007)

okay an update, I finally got a screenshot of the page when it goes black, although I'm not quite sure how this will look to you, LOL as it is black to me unless I'm shining a flashlight sideways on the screen, then I can barely see what's there. also, I noticed that the above system errors occur BEFORE the screen goes black... I'm assuming on startup. also I used to be able to get on without the power cord plugged in on just battery and have the screen stay normal for up to 45 minutes. Now it goes black within a minute of startup... sameas when started with power cord plugged in.... sooo it seems to be getting worse. Before it would be fine for the length of the battery which was only about 45 minutes. Sorry if I am rambling...  Thank You again for all of your help with this. It's frustrating to me so I can only imagine the headache it's giving you !!!!


----------



## Cookiegal (Aug 27, 2003)

Please go  here and download the *TDSSKiller.exe* to your desktop.

Double-click to TDSSKiller.exe on your desktop to run it.
Click on *Start Scan*
As we don't want to fix anything yet, if any malicious objects are detected, *do NOT select Cure* but select *Skip* instead.
It will produce a log once it finishes in the root drive which should look like this example:

C:\TDSSKiller.<version_date_time>log.txt

Please copy and paste the contents of that log in your next reply.


----------



## sjajdld (Jan 25, 2007)

2012/09/10 15:00:51.0643	TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2012/09/10 15:00:51.0643	================================================================================
2012/09/10 15:00:51.0653	SystemInfo:
2012/09/10 15:00:51.0653	
2012/09/10 15:00:51.0653	OS Version: 5.1.2600 ServicePack: 3.0
2012/09/10 15:00:51.0653	Product type: Workstation
2012/09/10 15:00:51.0653	ComputerName: SJD
2012/09/10 15:00:51.0653	UserName: Administrator
2012/09/10 15:00:51.0653	Windows directory: C:\WINDOWS
2012/09/10 15:00:51.0653	System windows directory: C:\WINDOWS
2012/09/10 15:00:51.0653	Processor architecture: Intel x86
2012/09/10 15:00:51.0653	Number of processors: 1
2012/09/10 15:00:51.0653	Page size: 0x1000
2012/09/10 15:00:51.0653	Boot type: Normal boot
2012/09/10 15:00:51.0653	================================================================================
2012/09/10 15:00:52.0875	Initialize success
2012/09/10 15:01:06.0364	================================================================================
2012/09/10 15:01:06.0364	Scan started
2012/09/10 15:01:06.0374	Mode: Manual;
2012/09/10 15:01:06.0374	================================================================================
2012/09/10 15:01:06.0945	ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2012/09/10 15:01:07.0065	ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2012/09/10 15:01:07.0186	aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2012/09/10 15:01:07.0266	AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
2012/09/10 15:01:07.0326	agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2012/09/10 15:01:07.0576	Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2012/09/10 15:01:07.0837	AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2012/09/10 15:01:07.0897	atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2012/09/10 15:01:08.0137	ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2012/09/10 15:01:08.0277	Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2012/09/10 15:01:08.0387	audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2012/09/10 15:01:08.0498	BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2012/09/10 15:01:08.0778	bcm4sbxp (e727776a56a51b7e6b7c87c02ea8b405) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2012/09/10 15:01:08.0868	Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2012/09/10 15:01:09.0148	cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2012/09/10 15:01:09.0209	Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2012/09/10 15:01:09.0299	Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2012/09/10 15:01:09.0389	Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2012/09/10 15:01:09.0529	cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2012/09/10 15:01:09.0880	CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2012/09/10 15:01:09.0950	Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2012/09/10 15:01:10.0110	Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2012/09/10 15:01:10.0250	dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2012/09/10 15:01:10.0350	dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2012/09/10 15:01:10.0480	dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2012/09/10 15:01:10.0530	DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2012/09/10 15:01:10.0671	drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2012/09/10 15:01:10.0791	Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2012/09/10 15:01:10.0911	Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2012/09/10 15:01:11.0101	Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2012/09/10 15:01:11.0131	Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2012/09/10 15:01:11.0171	FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2012/09/10 15:01:11.0221	Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2012/09/10 15:01:11.0262	Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2012/09/10 15:01:11.0292	Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2012/09/10 15:01:11.0402	GTF32BUS (583aeb5ee5fae764740a36193ffd8032) C:\WINDOWS\system32\DRIVERS\gtf32bus.sys
2012/09/10 15:01:11.0492	GTPTSER (0e9b40364c589e6215dfc55b1d84aae7) C:\WINDOWS\system32\DRIVERS\gtptser.sys
2012/09/10 15:01:11.0612	HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2012/09/10 15:01:11.0772	HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2012/09/10 15:01:11.0872	HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2012/09/10 15:01:12.0063	HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2012/09/10 15:01:12.0263	HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2012/09/10 15:01:12.0453	i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2012/09/10 15:01:12.0523	Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2012/09/10 15:01:12.0623	IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2012/09/10 15:01:12.0654	intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2012/09/10 15:01:12.0704	Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2012/09/10 15:01:12.0804	IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2012/09/10 15:01:12.0834	IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2012/09/10 15:01:12.0894	IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2012/09/10 15:01:12.0944	IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2012/09/10 15:01:13.0064	IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2012/09/10 15:01:13.0104	isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2012/09/10 15:01:13.0144	Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2012/09/10 15:01:13.0204	kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2012/09/10 15:01:13.0314	KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2012/09/10 15:01:13.0575	mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2012/09/10 15:01:13.0675	Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2012/09/10 15:01:13.0715	Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2012/09/10 15:01:13.0815	mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2012/09/10 15:01:13.0965	MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2012/09/10 15:01:14.0076	MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2012/09/10 15:01:14.0266	MpKsl19ba50c1 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F44E28D3-A8F0-45C3-A3BD-8308FF975EF2}\MpKsl19ba50c1.sys
2012/09/10 15:01:14.0456	MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2012/09/10 15:01:14.0566	MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2012/09/10 15:01:14.0727	Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2012/09/10 15:01:14.0777	MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2012/09/10 15:01:14.0827	MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2012/09/10 15:01:14.0867	MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2012/09/10 15:01:14.0907	mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2012/09/10 15:01:14.0967	Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2012/09/10 15:01:15.0007	NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2012/09/10 15:01:15.0047	NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2012/09/10 15:01:15.0087	Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2012/09/10 15:01:15.0147	NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2012/09/10 15:01:15.0247	NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2012/09/10 15:01:15.0307	NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2012/09/10 15:01:15.0377	NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2012/09/10 15:01:15.0458	NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2012/09/10 15:01:15.0498	Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2012/09/10 15:01:15.0608	Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2012/09/10 15:01:15.0788	Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2012/09/10 15:01:15.0908	NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2012/09/10 15:01:15.0948	NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2012/09/10 15:01:16.0008	ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2012/09/10 15:01:16.0108	OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2012/09/10 15:01:16.0319	Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2012/09/10 15:01:16.0379	PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2012/09/10 15:01:16.0439	ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2012/09/10 15:01:16.0499	PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2012/09/10 15:01:16.0739	PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2012/09/10 15:01:16.0820	Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2012/09/10 15:01:17.0260	PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2012/09/10 15:01:17.0320	PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2012/09/10 15:01:17.0420	Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2012/09/10 15:01:17.0601	PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2012/09/10 15:01:17.0831	RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2012/09/10 15:01:17.0881	Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2012/09/10 15:01:17.0941	RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2012/09/10 15:01:18.0001	Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2012/09/10 15:01:18.0151	Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2012/09/10 15:01:18.0202	RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2012/09/10 15:01:18.0282	rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2012/09/10 15:01:18.0362	RDPWD (43af5212bd8fb5ba6eed9754358bd8f7) C:\WINDOWS\system32\drivers\RDPWD.sys
2012/09/10 15:01:18.0462	redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2012/09/10 15:01:18.0562	RimSerPort (b177927edfb8fb8da62ee1dfbcefde54) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2012/09/10 15:01:18.0652	ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2012/09/10 15:01:18.0802	Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2012/09/10 15:01:18.0923	serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2012/09/10 15:01:19.0003	Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2012/09/10 15:01:19.0103	Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2012/09/10 15:01:19.0253	splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2012/09/10 15:01:19.0323	sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2012/09/10 15:01:19.0413	Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2012/09/10 15:01:19.0543	STAC97 (5813d453ef8ce49d607c255cf128aceb) C:\WINDOWS\system32\drivers\stac97.sys
2012/09/10 15:01:19.0674	swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2012/09/10 15:01:19.0714	swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2012/09/10 15:01:19.0904	sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2012/09/10 15:01:20.0044	Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2012/09/10 15:01:20.0144	TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2012/09/10 15:01:20.0234	TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2012/09/10 15:01:20.0315	TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2012/09/10 15:01:20.0455	Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2012/09/10 15:01:20.0665	Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2012/09/10 15:01:20.0865	usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2012/09/10 15:01:20.0925	usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2012/09/10 15:01:21.0016	usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2012/09/10 15:01:21.0226	usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2012/09/10 15:01:21.0296	usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2012/09/10 15:01:21.0356	USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2012/09/10 15:01:21.0396	usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2012/09/10 15:01:21.0426	VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2012/09/10 15:01:21.0536	VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2012/09/10 15:01:21.0656	Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2012/09/10 15:01:21.0757	wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2012/09/10 15:01:21.0927	WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2012/09/10 15:01:22.0007	WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2012/09/10 15:01:22.0137	WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2012/09/10 15:01:22.0347	================================================================================
2012/09/10 15:01:22.0347	Scan finished
2012/09/10 15:01:22.0347	================================================================================
2012/09/10 15:02:13.0110	Deinitialize success


----------



## Cookiegal (Aug 27, 2003)

Go to *Start *- *Run *- type in *devmgmt.msc* and hit Enter to open the Device Manager. Are there any yellow alerts showing beside any devices?

Then click on "View" and "Show Hidden Devices" and see if there are any yellow alerts there please.


----------



## sjajdld (Jan 25, 2007)

i already had this installed and have previous scans of it from earlier if you want to see any of those just let me know.


----------



## sjajdld (Jan 25, 2007)

there is one under modems that is Conexant D480 MDC V.92 Modem


----------



## Cookiegal (Aug 27, 2003)

sjajdld said:


> i already had this installed and have previous scans of it from earlier if you want to see any of those just let me know.


What are you referring to, TDSSKiller? If it ever found anything then yes, please post the log.


----------



## Cookiegal (Aug 27, 2003)

sjajdld said:


> there is one under modems that is Conexant D480 MDC V.92 Modem


Are you using this modem or some other device?


----------



## sjajdld (Jan 25, 2007)

yes, the tdss killer, but i am pretty sure it never found anything... ran scans starting around 8.25.12 when all this started happening. trying find out what i had, if anything... but i do not think it ever found anything, but am not positive.... sorry.

as for the modem.... well here goes me being computer illiterate to a point because i have no idea if i use this or not. I actually may have uninstalled it recently thinking i did not need it. My computer was having issues with space and i uninstalled a few different things, which i thought were not necessary  However, i believe i uninstalled this a bit before having any issues.


----------



## sjajdld (Jan 25, 2007)

8.25.12 scan


2012/08/25 21:51:44.0544	TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2012/08/25 21:51:44.0544	================================================================================
2012/08/25 21:51:44.0544	SystemInfo:
2012/08/25 21:51:44.0544	
2012/08/25 21:51:44.0544	OS Version: 5.1.2600 ServicePack: 3.0
2012/08/25 21:51:44.0544	Product type: Workstation
2012/08/25 21:51:44.0544	ComputerName: SJD
2012/08/25 21:51:44.0544	UserName: Administrator
2012/08/25 21:51:44.0544	Windows directory: C:\WINDOWS
2012/08/25 21:51:44.0544	System windows directory: C:\WINDOWS
2012/08/25 21:51:44.0544	Processor architecture: Intel x86
2012/08/25 21:51:44.0544	Number of processors: 1
2012/08/25 21:51:44.0544	Page size: 0x1000
2012/08/25 21:51:44.0544	Boot type: Normal boot
2012/08/25 21:51:44.0544	================================================================================
2012/08/25 21:51:45.0205	Initialize success
2012/08/25 21:51:48.0711	================================================================================
2012/08/25 21:51:48.0711	Scan started
2012/08/25 21:51:48.0711	Mode: Manual;
2012/08/25 21:51:48.0711	================================================================================
2012/08/25 21:51:52.0348	ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2012/08/25 21:51:52.0548	ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2012/08/25 21:51:53.0100	aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2012/08/25 21:51:53.0310	AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
2012/08/25 21:51:53.0370	agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2012/08/25 21:51:53.0861	Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2012/08/25 21:51:54.0282	AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2012/08/25 21:51:54.0432	atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2012/08/25 21:51:54.0953	ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2012/08/25 21:51:55.0083	Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2012/08/25 21:51:55.0183	audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2012/08/25 21:51:55.0404	BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2012/08/25 21:51:55.0925	bcm4sbxp (e727776a56a51b7e6b7c87c02ea8b405) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2012/08/25 21:51:56.0145	Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2012/08/25 21:51:57.0227	cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2012/08/25 21:51:57.0367	Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2012/08/25 21:51:57.0458	Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2012/08/25 21:51:57.0558	Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2012/08/25 21:51:57.0848	cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2012/08/25 21:51:58.0129	CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2012/08/25 21:51:58.0229	Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2012/08/25 21:51:58.0389	Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2012/08/25 21:51:58.0489	dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2012/08/25 21:51:58.0910	dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2012/08/25 21:51:59.0061	dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2012/08/25 21:51:59.0191	DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2012/08/25 21:51:59.0351	drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2012/08/25 21:51:59.0521	Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2012/08/25 21:51:59.0722	Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2012/08/25 21:51:59.0742	Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2012/08/25 21:51:59.0782	Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2012/08/25 21:51:59.0902	FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2012/08/25 21:52:00.0243	Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2012/08/25 21:52:00.0353	Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2012/08/25 21:52:00.0734	Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2012/08/25 21:52:00.0954	GTF32BUS (583aeb5ee5fae764740a36193ffd8032) C:\WINDOWS\system32\DRIVERS\gtf32bus.sys
2012/08/25 21:52:01.0094	GTPTSER (0e9b40364c589e6215dfc55b1d84aae7) C:\WINDOWS\system32\DRIVERS\gtptser.sys
2012/08/25 21:52:01.0255	HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2012/08/25 21:52:01.0525	HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2012/08/25 21:52:01.0966	HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2012/08/25 21:52:02.0317	HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2012/08/25 21:52:02.0948	HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2012/08/25 21:52:03.0479	i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2012/08/25 21:52:04.0190	Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2012/08/25 21:52:04.0751	IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2012/08/25 21:52:04.0891	intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2012/08/25 21:52:05.0272	Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2012/08/25 21:52:05.0863	IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2012/08/25 21:52:06.0304	IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2012/08/25 21:52:06.0474	IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2012/08/25 21:52:06.0584	IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2012/08/25 21:52:06.0675	IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2012/08/25 21:52:06.0735	isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2012/08/25 21:52:06.0805	Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2012/08/25 21:52:06.0865	kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2012/08/25 21:52:06.0995	KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2012/08/25 21:52:07.0346	mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2012/08/25 21:52:08.0177	Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2012/08/25 21:52:08.0778	Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2012/08/25 21:52:09.0149	mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2012/08/25 21:52:10.0502	MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2012/08/25 21:52:12.0165	MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2012/08/25 21:52:12.0505	MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2012/08/25 21:52:13.0066	Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2012/08/25 21:52:13.0167	MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2012/08/25 21:52:13.0287	MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2012/08/25 21:52:13.0457	MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2012/08/25 21:52:14.0980	mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2012/08/25 21:52:15.0711	Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2012/08/25 21:52:16.0423	NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2012/08/25 21:52:17.0064	NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2012/08/25 21:52:17.0234	Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2012/08/25 21:52:17.0785	NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2012/08/25 21:52:18.0016	NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2012/08/25 21:52:18.0687	NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2012/08/25 21:52:18.0757	NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2012/08/25 21:52:18.0947	NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2012/08/25 21:52:19.0047	Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2012/08/25 21:52:19.0228	Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2012/08/25 21:52:19.0669	Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2012/08/25 21:52:19.0809	NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2012/08/25 21:52:19.0849	NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2012/08/25 21:52:19.0879	ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2012/08/25 21:52:20.0089	OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2012/08/25 21:52:20.0650	Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2012/08/25 21:52:21.0702	PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2012/08/25 21:52:22.0223	ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2012/08/25 21:52:23.0225	PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2012/08/25 21:52:23.0856	PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2012/08/25 21:52:24.0467	Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2012/08/25 21:52:26.0952	PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2012/08/25 21:52:27.0032	PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2012/08/25 21:52:27.0082	Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2012/08/25 21:52:27.0182	PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2012/08/25 21:52:27.0543	RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2012/08/25 21:52:27.0603	Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2012/08/25 21:52:27.0683	RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2012/08/25 21:52:27.0804	Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2012/08/25 21:52:27.0964	Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2012/08/25 21:52:28.0064	RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2012/08/25 21:52:28.0194	rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2012/08/25 21:52:28.0305	RDPWD (43af5212bd8fb5ba6eed9754358bd8f7) C:\WINDOWS\system32\drivers\RDPWD.sys
2012/08/25 21:52:28.0385	redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2012/08/25 21:52:28.0495	RimSerPort (b177927edfb8fb8da62ee1dfbcefde54) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2012/08/25 21:52:28.0675	ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2012/08/25 21:52:28.0916	Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2012/08/25 21:52:29.0006	serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2012/08/25 21:52:29.0116	Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2012/08/25 21:52:29.0226	Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2012/08/25 21:52:29.0617	splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2012/08/25 21:52:29.0667	sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2012/08/25 21:52:29.0767	Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2012/08/25 21:52:29.0968	STAC97 (5813d453ef8ce49d607c255cf128aceb) C:\WINDOWS\system32\drivers\stac97.sys
2012/08/25 21:52:30.0188	swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2012/08/25 21:52:30.0238	swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2012/08/25 21:52:30.0589	sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2012/08/25 21:52:30.0789	Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2012/08/25 21:52:30.0839	TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2012/08/25 21:52:30.0959	TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2012/08/25 21:52:31.0040	TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2012/08/25 21:52:31.0290	Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2012/08/25 21:52:31.0551	Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2012/08/25 21:52:31.0721	usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2012/08/25 21:52:31.0751	usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2012/08/25 21:52:31.0831	usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2012/08/25 21:52:31.0941	usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2012/08/25 21:52:31.0981	usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2012/08/25 21:52:32.0081	USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2012/08/25 21:52:32.0132	usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2012/08/25 21:52:32.0202	VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2012/08/25 21:52:32.0392	VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2012/08/25 21:52:32.0532	Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2012/08/25 21:52:32.0622	wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2012/08/25 21:52:32.0793	WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2012/08/25 21:52:32.0863	WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2012/08/25 21:52:32.0913	WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2012/08/25 21:52:33.0384	================================================================================
2012/08/25 21:52:33.0384	Scan finished
2012/08/25 21:52:33.0384	================================================================================
2012/08/25 21:52:39.0295	Deinitialize success


*********************************************************************************************************************

8.26.12 scan

2012/08/26 17:47:00.0461	TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2012/08/26 17:47:00.0461	================================================================================
2012/08/26 17:47:00.0461	SystemInfo:
2012/08/26 17:47:00.0461	
2012/08/26 17:47:00.0461	OS Version: 5.1.2600 ServicePack: 3.0
2012/08/26 17:47:00.0471	Product type: Workstation
2012/08/26 17:47:00.0471	ComputerName: SJD
2012/08/26 17:47:00.0471	UserName: Administrator
2012/08/26 17:47:00.0471	Windows directory: C:\WINDOWS
2012/08/26 17:47:00.0471	System windows directory: C:\WINDOWS
2012/08/26 17:47:00.0471	Processor architecture: Intel x86
2012/08/26 17:47:00.0471	Number of processors: 1
2012/08/26 17:47:00.0471	Page size: 0x1000
2012/08/26 17:47:00.0471	Boot type: Normal boot
2012/08/26 17:47:00.0471	================================================================================
2012/08/26 17:47:01.0022	Initialize success
2012/08/26 17:47:04.0427	================================================================================
2012/08/26 17:47:04.0427	Scan started
2012/08/26 17:47:04.0427	Mode: Manual;
2012/08/26 17:47:04.0427	================================================================================
2012/08/26 17:47:06.0941	ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2012/08/26 17:47:07.0041	ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2012/08/26 17:47:07.0171	aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2012/08/26 17:47:07.0351	AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
2012/08/26 17:47:07.0472	agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2012/08/26 17:47:07.0742	Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2012/08/26 17:47:07.0932	AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2012/08/26 17:47:07.0972	atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2012/08/26 17:47:08.0163	ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2012/08/26 17:47:08.0613	Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2012/08/26 17:47:08.0713	audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2012/08/26 17:47:08.0854	BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2012/08/26 17:47:09.0044	bcm4sbxp (e727776a56a51b7e6b7c87c02ea8b405) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2012/08/26 17:47:09.0104	Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2012/08/26 17:47:09.0204	cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2012/08/26 17:47:09.0284	Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2012/08/26 17:47:09.0434	Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2012/08/26 17:47:09.0535	Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2012/08/26 17:47:09.0665	cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2012/08/26 17:47:09.0885	CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2012/08/26 17:47:09.0985	Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2012/08/26 17:47:10.0155	Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2012/08/26 17:47:10.0276	dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2012/08/26 17:47:10.0496	dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2012/08/26 17:47:10.0556	dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2012/08/26 17:47:10.0606	DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2012/08/26 17:47:10.0716	drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2012/08/26 17:47:11.0187	F-Secure Gatekeeper (66422dc3faa1de433371816056d28270) C:\Program Files\Frontier\Security\Anti-Virus\minifilter\fsgk.sys
2012/08/26 17:47:11.0307	F-Secure HIPS (a78e4304e2e5ce77ff6f6697940221b9) C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys
2012/08/26 17:47:11.0527	Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2012/08/26 17:47:11.0587	Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2012/08/26 17:47:11.0628	Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2012/08/26 17:47:11.0668	Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2012/08/26 17:47:11.0758	FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2012/08/26 17:47:11.0838	fsbts (18da737dd5122a475da4948ed4643675) C:\WINDOWS\system32\Drivers\fsbts.sys
2012/08/26 17:47:11.0918	FSFW (f3a0f7c0deca7b4f83ef42be6201b487) C:\WINDOWS\system32\drivers\fsdfw.sys
2012/08/26 17:47:12.0018	Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2012/08/26 17:47:12.0058	Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2012/08/26 17:47:12.0138	Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2012/08/26 17:47:12.0238	GTF32BUS (583aeb5ee5fae764740a36193ffd8032) C:\WINDOWS\system32\DRIVERS\gtf32bus.sys
2012/08/26 17:47:12.0479	GTPTSER (0e9b40364c589e6215dfc55b1d84aae7) C:\WINDOWS\system32\DRIVERS\gtptser.sys
2012/08/26 17:47:12.0609	HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2012/08/26 17:47:12.0829	HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2012/08/26 17:47:12.0929	HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2012/08/26 17:47:13.0030	HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2012/08/26 17:47:13.0260	HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2012/08/26 17:47:13.0500	i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2012/08/26 17:47:13.0560	Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2012/08/26 17:47:13.0650	IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2012/08/26 17:47:13.0690	intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2012/08/26 17:47:13.0741	Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2012/08/26 17:47:13.0831	IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2012/08/26 17:47:13.0891	IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2012/08/26 17:47:13.0941	IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2012/08/26 17:47:13.0991	IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2012/08/26 17:47:14.0031	IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2012/08/26 17:47:14.0091	isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2012/08/26 17:47:14.0141	Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2012/08/26 17:47:14.0191	kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2012/08/26 17:47:14.0291	KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2012/08/26 17:47:14.0672	mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2012/08/26 17:47:14.0792	Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2012/08/26 17:47:14.0832	Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2012/08/26 17:47:14.0932	mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2012/08/26 17:47:15.0143	MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2012/08/26 17:47:15.0383	MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2012/08/26 17:47:15.0473	MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2012/08/26 17:47:15.0533	Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2012/08/26 17:47:15.0583	MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2012/08/26 17:47:15.0713	MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2012/08/26 17:47:15.0783	MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2012/08/26 17:47:15.0834	mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2012/08/26 17:47:15.0904	Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2012/08/26 17:47:15.0964	NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2012/08/26 17:47:16.0034	NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2012/08/26 17:47:16.0054	Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2012/08/26 17:47:16.0104	NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2012/08/26 17:47:16.0174	NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2012/08/26 17:47:16.0214	NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2012/08/26 17:47:16.0294	NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2012/08/26 17:47:16.0364	NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2012/08/26 17:47:16.0394	Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2012/08/26 17:47:16.0464	Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2012/08/26 17:47:16.0605	Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2012/08/26 17:47:16.0735	NwlnkFlt  (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2012/08/26 17:47:16.0795	NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2012/08/26 17:47:16.0885	ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2012/08/26 17:47:16.0995	OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2012/08/26 17:47:17.0105	Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2012/08/26 17:47:17.0135	PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2012/08/26 17:47:17.0175	ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2012/08/26 17:47:17.0226	PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2012/08/26 17:47:17.0476	PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2012/08/26 17:47:17.0556	Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2012/08/26 17:47:17.0887	PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2012/08/26 17:47:17.0947	PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2012/08/26 17:47:17.0987	Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2012/08/26 17:47:18.0077	PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2012/08/26 17:47:18.0257	RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2012/08/26 17:47:18.0387	Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2012/08/26 17:47:18.0487	RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2012/08/26 17:47:18.0578	Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2012/08/26 17:47:18.0698	Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2012/08/26 17:47:18.0748	RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2012/08/26 17:47:18.0808	rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2012/08/26 17:47:18.0918	RDPWD (43af5212bd8fb5ba6eed9754358bd8f7) C:\WINDOWS\system32\drivers\RDPWD.sys
2012/08/26 17:47:19.0008	redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2012/08/26 17:47:19.0118	RimSerPort (b177927edfb8fb8da62ee1dfbcefde54) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2012/08/26 17:47:20.0420	ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2012/08/26 17:47:20.0580	Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2012/08/26 17:47:20.0671	serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2012/08/26 17:47:20.0721	Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2012/08/26 17:47:20.0831	Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2012/08/26 17:47:20.0981	splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2012/08/26 17:47:21.0041	sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2012/08/26 17:47:21.0121	Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2012/08/26 17:47:21.0261	STAC97 (5813d453ef8ce49d607c255cf128aceb) C:\WINDOWS\system32\drivers\stac97.sys
2012/08/26 17:47:21.0492	swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2012/08/26 17:47:21.0622	swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2012/08/26 17:47:21.0882	sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2012/08/26 17:47:22.0012	Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2012/08/26 17:47:22.0063	TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2012/08/26 17:47:22.0103	TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2012/08/26 17:47:22.0153	TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2012/08/26 17:47:22.0273	Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2012/08/26 17:47:22.0463	Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2012/08/26 17:47:22.0673	usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2012/08/26 17:47:22.0743	usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2012/08/26 17:47:22.0864	usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2012/08/26 17:47:22.0994	usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2012/08/26 17:47:23.0054	usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2012/08/26 17:47:23.0104	USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2012/08/26 17:47:23.0144	usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2012/08/26 17:47:23.0174	VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2012/08/26 17:47:23.0244	VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2012/08/26 17:47:23.0324	Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2012/08/26 17:47:23.0374	wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2012/08/26 17:47:23.0635	WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2012/08/26 17:47:23.0785	WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2012/08/26 17:47:23.0885	WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2012/08/26 17:47:24.0236	================================================================================
2012/08/26 17:47:24.0236	Scan finished
2012/08/26 17:47:24.0236	================================================================================
2012/08/26 17:47:29.0814	Deinitialize success

******************************************************************************************************************************

8.30.12 scan

2012/08/30 23:53:06.0622	TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2012/08/30 23:53:06.0622	================================================================================
2012/08/30 23:53:06.0622	SystemInfo:
2012/08/30 23:53:06.0622	
2012/08/30 23:53:06.0622	OS Version: 5.1.2600 ServicePack: 3.0
2012/08/30 23:53:06.0622	Product type: Workstation
2012/08/30 23:53:06.0622	ComputerName: SJD
2012/08/30 23:53:06.0622	UserName: Administrator
2012/08/30 23:53:06.0622	Windows directory: C:\WINDOWS
2012/08/30 23:53:06.0622	System windows directory: C:\WINDOWS
2012/08/30 23:53:06.0622	Processor architecture: Intel x86
2012/08/30 23:53:06.0622	Number of processors: 1
2012/08/30 23:53:06.0622	Page size: 0x1000
2012/08/30 23:53:06.0622	Boot type: Normal boot
2012/08/30 23:53:06.0622	================================================================================
2012/08/30 23:53:07.0052	Initialize success
2012/08/30 23:53:10.0457	================================================================================
2012/08/30 23:53:10.0457	Scan started
2012/08/30 23:53:10.0457	Mode: Manual;
2012/08/30 23:53:10.0457	================================================================================
2012/08/30 23:53:12.0861	ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2012/08/30 23:53:13.0111	ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2012/08/30 23:53:13.0321	aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2012/08/30 23:53:13.0421	AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
2012/08/30 23:53:13.0481	agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2012/08/30 23:53:13.0762	Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2012/08/30 23:53:13.0972	AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2012/08/30 23:53:14.0072	atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2012/08/30 23:53:14.0293	ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2012/08/30 23:53:14.0423	Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2012/08/30 23:53:14.0543	audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2012/08/30 23:53:14.0683	BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2012/08/30 23:53:14.0793	bcm4sbxp (e727776a56a51b7e6b7c87c02ea8b405) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2012/08/30 23:53:14.0884	Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2012/08/30 23:53:14.0994	cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2012/08/30 23:53:15.0154	Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2012/08/30 23:53:15.0244	Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2012/08/30 23:53:15.0334	Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2012/08/30 23:53:15.0444	cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2012/08/30 23:53:15.0544	CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2012/08/30 23:53:15.0615	Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2012/08/30 23:53:15.0775	Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2012/08/30 23:53:15.0875	dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2012/08/30 23:53:16.0055	dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2012/08/30 23:53:16.0165	dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2012/08/30 23:53:16.0266	DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2012/08/30 23:53:16.0356	drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2012/08/30 23:53:16.0846	F-Secure Gatekeeper (66422dc3faa1de433371816056d28270) C:\Program Files\Frontier\Security\Anti-Virus\minifilter\fsgk.sys
2012/08/30 23:53:17.0057	Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2012/08/30 23:53:17.0117	Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2012/08/30 23:53:17.0167	Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2012/08/30 23:53:17.0207	Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2012/08/30 23:53:17.0247	FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2012/08/30 23:53:17.0307	fsbts (18da737dd5122a475da4948ed4643675) C:\WINDOWS\system32\Drivers\fsbts.sys
2012/08/30 23:53:17.0397	FSFW (f3a0f7c0deca7b4f83ef42be6201b487) C:\WINDOWS\system32\drivers\fsdfw.sys
2012/08/30 23:53:17.0507	Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2012/08/30 23:53:17.0537	Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2012/08/30 23:53:17.0577	Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2012/08/30 23:53:17.0668	GTF32BUS (583aeb5ee5fae764740a36193ffd8032) C:\WINDOWS\system32\DRIVERS\gtf32bus.sys
2012/08/30 23:53:17.0878	GTPTSER (0e9b40364c589e6215dfc55b1d84aae7) C:\WINDOWS\system32\DRIVERS\gtptser.sys
2012/08/30 23:53:17.0998	HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2012/08/30 23:53:18.0439	HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2012/08/30 23:53:18.0529	HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2012/08/30 23:53:18.0629	HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2012/08/30 23:53:18.0799	HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2012/08/30 23:53:18.0939	i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2012/08/30 23:53:18.0979	Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2012/08/30 23:53:19.0070	IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2012/08/30 23:53:19.0100	intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2012/08/30 23:53:19.0150	Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2012/08/30 23:53:19.0250	IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2012/08/30 23:53:19.0370	IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2012/08/30 23:53:19.0500	IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2012/08/30 23:53:19.0550	IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2012/08/30 23:53:19.0600	IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2012/08/30 23:53:19.0660	isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2012/08/30 23:53:19.0710	Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2012/08/30 23:53:19.0771	kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2012/08/30 23:53:19.0891	KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2012/08/30 23:53:20.0121	mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2012/08/30 23:53:20.0251	Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2012/08/30 23:53:20.0351	Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2012/08/30 23:53:20.0421	mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2012/08/30 23:53:20.0462	MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2012/08/30 23:53:20.0582 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2012/08/30 23:53:20.0652	MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2012/08/30 23:53:20.0792	Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2012/08/30 23:53:20.0862	MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2012/08/30 23:53:20.0912	MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2012/08/30 23:53:20.0962	MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2012/08/30 23:53:21.0012	mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2012/08/30 23:53:21.0092	Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2012/08/30 23:53:21.0183	NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2012/08/30 23:53:21.0273	NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2012/08/30 23:53:21.0333	Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2012/08/30 23:53:21.0453	NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2012/08/30 23:53:21.0533	NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2012/08/30 23:53:21.0583	NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2012/08/30 23:53:21.0663	NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2012/08/30 23:53:21.0733	NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2012/08/30 23:53:21.0773	Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2012/08/30 23:53:21.0864	Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2012/08/30 23:53:21.0934	Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2012/08/30 23:53:22.0024	NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2012/08/30 23:53:22.0084	NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2012/08/30 23:53:22.0184	ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2012/08/30 23:53:22.0294	OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2012/08/30 23:53:22.0394	Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2012/08/30 23:53:22.0494	PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2012/08/30 23:53:22.0585	ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2012/08/30 23:53:22.0685	PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2012/08/30 23:53:22.0975	PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2012/08/30 23:53:23.0055	Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2012/08/30 23:53:23.0876	PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2012/08/30 23:53:24.0027	PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2012/08/30 23:53:24.0097	Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2012/08/30 23:53:24.0177	PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2012/08/30 23:53:24.0407	RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2012/08/30 23:53:24.0597	Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2012/08/30 23:53:24.0648	RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2012/08/30 23:53:24.0688	Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2012/08/30 23:53:24.0738	Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2012/08/30 23:53:24.0788	RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2012/08/30 23:53:24.0888	rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2012/08/30 23:53:25.0028	RDPWD (43af5212bd8fb5ba6eed9754358bd8f7) C:\WINDOWS\system32\drivers\RDPWD.sys
2012/08/30 23:53:25.0148	redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2012/08/30 23:53:25.0198	RimSerPort (b177927edfb8fb8da62ee1dfbcefde54) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2012/08/30 23:53:25.0278	ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2012/08/30 23:53:25.0449	Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2012/08/30 23:53:25.0559	serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2012/08/30 23:53:25.0599	Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2012/08/30 23:53:25.0769	Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2012/08/30 23:53:25.0989	splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2012/08/30 23:53:26.0080	sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2012/08/30 23:53:26.0260	Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2012/08/30 23:53:26.0390	STAC97 (5813d453ef8ce49d607c255cf128aceb) C:\WINDOWS\system32\drivers\stac97.sys
2012/08/30 23:53:26.0500	swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2012/08/30 23:53:26.0560	swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2012/08/30 23:53:26.0761	sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2012/08/30 23:53:26.0921	Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2012/08/30 23:53:26.0991	TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2012/08/30 23:53:27.0111	TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2012/08/30 23:53:27.0191	TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2012/08/30 23:53:27.0452	Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2012/08/30 23:53:27.0672	Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2012/08/30 23:53:27.0862	usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2012/08/30 23:53:27.0922	usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2012/08/30 23:53:27.0982	usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2012/08/30 23:53:28.0153	usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2012/08/30 23:53:28.0243	usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2012/08/30 23:53:28.0303	USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2012/08/30 23:53:28.0363	usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2012/08/30 23:53:28.0473	VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2012/08/30 23:53:28.0563	VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2012/08/30 23:53:28.0633	Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2012/08/30 23:53:28.0723	wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2012/08/30 23:53:28.0894	WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2012/08/30 23:53:28.0964	WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2012/08/30 23:53:29.0014	WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2012/08/30 23:53:29.0304	================================================================================
2012/08/30 23:53:29.0304	Scan finished
2012/08/30 23:53:29.0304	================================================================================
2012/08/30 23:53:38.0948	Deinitialize success

*******************************************************************************************************************

9.1.12 scan

2012/09/01 11:23:30.0795	TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2012/09/01 11:23:30.0795	================================================================================
2012/09/01 11:23:30.0795	SystemInfo:
2012/09/01 11:23:30.0795	
2012/09/01 11:23:30.0795	OS Version: 5.1.2600 ServicePack: 3.0
2012/09/01 11:23:30.0795	Product type: Workstation
2012/09/01 11:23:30.0795	ComputerName: SJD
2012/09/01 11:23:30.0795	UserName: Administrator
2012/09/01 11:23:30.0795	Windows directory: C:\WINDOWS
2012/09/01 11:23:30.0795	System windows directory: C:\WINDOWS
2012/09/01 11:23:30.0795	Processor architecture: Intel x86
2012/09/01 11:23:30.0795	Number of processors: 1
2012/09/01 11:23:30.0795	Page size: 0x1000
2012/09/01 11:23:30.0795	Boot type: Safe boot
2012/09/01 11:23:30.0795	================================================================================
2012/09/01 11:23:31.0586	Initialize success
2012/09/01 11:23:33.0238	================================================================================
2012/09/01 11:23:33.0238	Scan started
2012/09/01 11:23:33.0238	Mode: Manual;
2012/09/01 11:23:33.0238	================================================================================
2012/09/01 11:23:39.0457	ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2012/09/01 11:23:39.0898	ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2012/09/01 11:23:40.0649	aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2012/09/01 11:23:41.0069	AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
2012/09/01 11:23:41.0480	agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2012/09/01 11:23:43.0683	Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2012/09/01 11:23:45.0115	AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2012/09/01 11:23:45.0456	atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2012/09/01 11:23:46.0567	ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2012/09/01 11:23:47.0429	Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2012/09/01 11:23:47.0839	audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2012/09/01 11:23:48.0380	BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2012/09/01 11:23:48.0981	bcm4sbxp (e727776a56a51b7e6b7c87c02ea8b405) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2012/09/01 11:23:49.0331	Beep  (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2012/09/01 11:23:49.0722	cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2012/09/01 11:23:50.0413	Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2012/09/01 11:23:50.0803	Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2012/09/01 11:23:51.0264	Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2012/09/01 11:23:51.0665	cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2012/09/01 11:23:52.0546	CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2012/09/01 11:23:53.0227	Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2012/09/01 11:23:54.0739	Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2012/09/01 11:23:55.0440	dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2012/09/01 11:23:56.0101	dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2012/09/01 11:23:56.0552	dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2012/09/01 11:23:56.0872	DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2012/09/01 11:23:57.0603	drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2012/09/01 11:23:58.0344	F-Secure Gatekeeper (66422dc3faa1de433371816056d28270) C:\Program Files\Frontier\Security\Anti-Virus\minifilter\fsgk.sys
2012/09/01 11:23:58.0925	Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2012/09/01 11:23:59.0346	Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2012/09/01 11:23:59.0686	Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2012/09/01 11:24:00.0057	Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2012/09/01 11:24:00.0477	FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2012/09/01 11:24:00.0918	fsbts (18da737dd5122a475da4948ed4643675) C:\WINDOWS\system32\Drivers\fsbts.sys
2012/09/01 11:24:01.0619	FSFW (f3a0f7c0deca7b4f83ef42be6201b487) C:\WINDOWS\system32\drivers\fsdfw.sys
2012/09/01 11:24:02.0150	Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2012/09/01 11:24:02.0570	Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2012/09/01 11:24:02.0991	Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2012/09/01 11:24:03.0422	GTF32BUS (583aeb5ee5fae764740a36193ffd8032) C:\WINDOWS\system32\DRIVERS\gtf32bus.sys
2012/09/01 11:24:03.0802	GTPTSER (0e9b40364c589e6215dfc55b1d84aae7) C:\WINDOWS\system32\DRIVERS\gtptser.sys
2012/09/01 11:24:04.0313	HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2012/09/01 11:24:05.0104	HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2012/09/01 11:24:05.0515	HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2012/09/01 11:24:05.0895	HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2012/09/01 11:24:07.0027	HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2012/09/01 11:24:08.0168	i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2012/09/01 11:24:08.0569	Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2012/09/01 11:24:09.0250	IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2012/09/01 11:24:09.0580	intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2012/09/01 11:24:09.0961	Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2012/09/01 11:24:10.0372	IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2012/09/01 11:24:10.0782	IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2012/09/01 11:24:11.0213	IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2012/09/01 11:24:11.0673	IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2012/09/01 11:24:12.0014	IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2012/09/01 11:24:12.0374	isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2012/09/01 11:24:12.0815	Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2012/09/01 11:24:13.0266	kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2012/09/01 11:24:13.0736	KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2012/09/01 11:24:14.0998	mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2012/09/01 11:24:15.0449	Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2012/09/01 11:24:15.0789	Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2012/09/01 11:24:16.0290	mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2012/09/01 11:24:16.0611	MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2012/09/01 11:24:17.0612	MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2012/09/01 11:24:18.0193	MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2012/09/01 11:24:18.0804	Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2012/09/01 11:24:19.0214	MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2012/09/01 11:24:19.0605	MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2012/09/01 11:24:19.0905	MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2012/09/01 11:24:20.0276	mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2012/09/01 11:24:20.0686	Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2012/09/01 11:24:21.0177	NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2012/09/01 11:24:21.0568	NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2012/09/01 11:24:21.0928	Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2012/09/01 11:24:22.0339	NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2012/09/01 11:24:22.0789	NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2012/09/01 11:24:23.0160	NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2012/09/01 11:24:23.0550	NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2012/09/01 11:24:24.0061	NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2012/09/01 11:24:24.0452	Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2012/09/01 11:24:24.0973	Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2012/09/01 11:24:25.0684	Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2012/09/01 11:24:26.0024	NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2012/09/01 11:24:26.0395	NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2012/09/01 11:24:26.0785	ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2012/09/01 11:24:27.0166	OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2012/09/01 11:24:27.0676	Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2012/09/01 11:24:28.0037	PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2012/09/01 11:24:28.0347	ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2012/09/01 11:24:28.0738	PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2012/09/01 11:24:29.0499	PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2012/09/01 11:24:29.0799	Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2012/09/01 11:24:32.0694	PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2012/09/01 11:24:33.0084	PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2012/09/01 11:24:33.0435	Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2012/09/01 11:24:33.0835	PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2012/09/01 11:24:35.0748	RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2012/09/01 11:24:36.0159	Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2012/09/01 11:24:36.0559	RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2012/09/01 11:24:36.0890	Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2012/09/01 11:24:37.0260	Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2012/09/01 11:24:37.0671	RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2012/09/01 11:24:38.0131	rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2012/09/01 11:24:38.0652	RDPWD (43af5212bd8fb5ba6eed9754358bd8f7) C:\WINDOWS\system32\drivers\RDPWD.sys
2012/09/01 11:24:39.0023	redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2012/09/01 11:24:39.0543	RimSerPort (b177927edfb8fb8da62ee1dfbcefde54) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2012/09/01 11:24:39.0954	ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2012/09/01 11:24:40.0565	Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2012/09/01 11:24:41.0026	serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2012/09/01 11:24:41.0406	Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2012/09/01 11:24:41.0787	Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2012/09/01 11:24:42.0738	splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2012/09/01 11:24:43.0199	sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2012/09/01 11:24:43.0730	Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2012/09/01 11:24:44.0400	STAC97 (5813d453ef8ce49d607c255cf128aceb) C:\WINDOWS\system32\drivers\stac97.sys
2012/09/01 11:24:44.0911	swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2012/09/01 11:24:45.0282	swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2012/09/01 11:24:46.0904	sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2012/09/01 11:24:47.0535	Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2012/09/01 11:24:48.0036	TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2012/09/01 11:24:48.0426	TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2012/09/01 11:24:48.0817	TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2012/09/01 11:24:49.0738	Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2012/09/01 11:24:50.0980	Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2012/09/01 11:24:51.0661	usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2012/09/01 11:24:52.0031	usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2012/09/01 11:24:52.0422	usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2012/09/01 11:24:52.0833	usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2012/09/01 11:24:53.0253	usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2012/09/01 11:24:53.0624	USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2012/09/01 11:24:53.0974	usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2012/09/01 11:24:54.0315	VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2012/09/01 11:24:55.0086	VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2012/09/01 11:24:55.0506	Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2012/09/01 11:24:56.0177	wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2012/09/01 11:24:57.0249	WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2012/09/01 11:24:57.0780	WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2012/09/01 11:24:58.0240	WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2012/09/01 11:24:58.0821	================================================================================
2012/09/01 11:24:58.0821	Scan finished
2012/09/01 11:24:58.0821	================================================================================
2012/09/01 11:25:17.0077	Deinitialize success

**************************************************************************************************************************************8


----------



## sjajdld (Jan 25, 2007)

also the modem i am hooked to is one from my internet provider, frontier. its a Netgear model B90-755044-15 Rev 1A


----------



## Cookiegal (Aug 27, 2003)

In an earlier post you said:


> I seem to be able to have everything be normal as long as the ac power adapter is NOT connected


Is this still the case?


----------



## sjajdld (Jan 25, 2007)

No it goes black while on battery power too....faster now than at first. When this first started, my screen would go black within a few minutes of turning it on. Then as I started checking things out, i found it would stay "on" (the screen) longer if i started up without the power cord attached. This lasted for a week or more and lately it just goes black either way within the first few seconds of my desktop popping up after logging on.


----------



## Cookiegal (Aug 27, 2003)

Try running chkdsk.

Click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take a while, so run it when you don't need to use the computer for something else.

To view results log:

Go to *Start *- *Run *and type in *eventvwr.msc*, and hit enter. When Event Viewer opens, click on "Application", then scroll down to "Winlogon" and double-click on it to open it up. This is the log created after running chkdsk. Click on the icon that looks like two pieces of paper to copy it and then paste it here please.


----------



## sjajdld (Jan 25, 2007)

Event Type:	Information
Event Source:	Winlogon
Event Category:	None
Event ID:	1001
Date: 9/11/2012
Time: 8:06:19 PM
User: N/A
Computer:	SJD
Description:
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk. 
Cleaning up minor inconsistencies on the drive.
Cleaning up 454 unused index entries from index $SII of file 0x9.
Cleaning up 454 unused index entries from index $SDH of file 0x9.
Cleaning up 454 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.

58597055 KB total disk space.
55096032 KB in 80942 files.
36960 KB in 8134 indexes.
0 KB in bad sectors.
245943 KB in use by the system.
65536 KB occupied by the log file.
3218120 KB available on disk.

4096 bytes in each allocation unit.
14649263 total allocation units on disk.
804530 allocation units available on disk.

Internal Info:
a0 0c 02 00 00 5c 01 00 15 d3 01 00 00 00 00 00 .....\..........
30 1e 00 00 02 00 00 00 20 0a 00 00 00 00 00 00 0....... .......
a0 5f 95 08 00 00 00 00 20 81 e3 75 00 00 00 00 ._...... ..u....
30 5a 9b 1b 00 00 00 00 a0 dc 8a 91 0a 00 00 00 0Z..............
80 56 21 c8 00 00 00 00 10 7b e1 ff 0b 00 00 00 .V!......{......
99 9e 36 00 00 00 00 00 98 38 07 00 2e 3c 01 00 ..6......8...<..
00 00 00 00 00 80 cb 22 0d 00 00 00 c6 1f 00 00 ......."........

Windows has finished checking your disk.
Please wait while your computer restarts.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool (Vista/Windows 7 users - right click to run as administrator) and allow it to download the Avast database.

Click *Scan*.

Upon completion of the scan, click *Save log* then save it to your desktop and post that log in your next reply for review. 
*Note - do NOT attempt any Fix yet. *


----------



## sjajdld (Jan 25, 2007)

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-12 09:36:43
-----------------------------
09:36:43.297 OS Version: Windows 5.1.2600 Service Pack 3
09:36:43.297 Number of processors: 1 586 0x905
09:36:43.297 ComputerName: SJD UserName: 
09:36:43.838 Initialize success
09:46:16.040 AVAST engine defs: 12091200
09:54:55.848 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:54:55.848 Disk 0 Vendor: FUJITSU_MHV2060AH 00000096 Size: 57231MB BusType: 3
09:54:55.878 Disk 0 MBR read successfully
09:54:55.878 Disk 0 MBR scan
09:54:55.978 Disk 0 Windows XP default MBR code
09:54:55.988 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57223 MB offset 63
09:54:56.018 Disk 0 scanning sectors +117194175
09:54:56.168 Disk 0 scanning C:\WINDOWS\system32\drivers
09:55:23.888 Service scanning
09:55:42.805 Service MpKsl401bb8ce c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F360C14B-3264-4C17-9CB3-A1FCB49E8781}\MpKsl401bb8ce.sys **LOCKED** 32
09:56:01.773 Modules scanning
09:56:10.125 Disk 0 trace - called modules:
09:56:10.145 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 
09:56:10.495 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87395ab8]
09:56:10.495 3 CLASSPNP.SYS[f760dfd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x87350b00]
09:56:11.036 AVAST engine scan C:\WINDOWS
09:56:32.627 AVAST engine scan C:\WINDOWS\system32
10:03:14.925 AVAST engine scan C:\WINDOWS\system32\drivers
10:03:47.643 AVAST engine scan C:\Documents and Settings\Administrator
10:33:40.731 AVAST engine scan C:\Documents and Settings\All Users
10:34:46.055 File: C:\Documents and Settings\All Users\Application Data\MyToolsApp\bhoclass.dll **INFECTED** Win32:Adware-gen [Adw]
10:34:58.963 Scan finished successfully
10:47:53.117 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
10:47:53.167 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR 9.12.12"

hope we are getting near a solution because i am going blind doing this!!!!!!!!!!!!


----------



## Cookiegal (Aug 27, 2003)

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:dir
C:\Documents and Settings\All Users\Application Data\MyToolsApp
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## sjajdld (Jan 25, 2007)

SystemLook 30.07.11 by jpshortstuff
Log created at 11:33 on 12/09/2012 by Administrator
Administrator - Elevation successful

========== dir ==========

C:\Documents and Settings\All Users\Application Data\MyToolsApp - Parameters: "(none)"

---Files---
background.html	--a---- 4930 bytes	[02:41 08/03/2012]	[22:00 05/03/2012]
bhoclass.dll	--a---- 141312 bytes	[02:41 08/03/2012]	[22:00 05/03/2012]
content.js	--a---- 389 bytes	[02:41 08/03/2012]	[22:00 05/03/2012]
ppjemjejnnojomfekgbpbbnecicblllf.crx	--a---- 38135 bytes	[02:41 08/03/2012]	[22:00 05/03/2012]
settings.ini	--a---- 576 bytes	[02:41 08/03/2012]	[22:00 05/03/2012]

---Folders---
None found.

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Do you recognize this *MyToolsApp*?


----------



## sjajdld (Jan 25, 2007)

no... is it spyware?


----------



## sjajdld (Jan 25, 2007)

just so i don't leave you hanging, i won't be around tomorrow (thursday 9.13.12) between 11 am and 9 pm. i have to work elections here,


----------



## Cookiegal (Aug 27, 2003)

The bhoclass.dll file is considered malware but it generally gets installed with something called Bflix.

I would go ahead and delete this entire folder:

C:\Documents and Settings\All Users\Application Data\*MyToolsApp*

Then reboot and let me know if there's any difference.


----------



## Cookiegal (Aug 27, 2003)

sjajdld said:


> just so i don't leave you hanging, i won't be around tomorrow (thursday 9.13.12) between 11 am and 9 pm. i have to work elections here,


Thanks for letting me know.


----------



## sjajdld (Jan 25, 2007)

alright maybe im just stupid but i cant find it... went to my computer c docs and settings all users but after that there isnt an application data folder...?


----------



## Cookiegal (Aug 27, 2003)

You will have to unhide files/folders in order to see the Application Data folder:

Click on *My Computer *then go to *Tools *- *Folder Options*. Click on the *View *tab and make sure that "*Show hidden files and folders*" is checked.


----------



## sjajdld (Jan 25, 2007)

still goes black...  i'm about ready to give up :/ i feel bad that i've taken so much time from you!!!!


----------



## Cookiegal (Aug 27, 2003)

What type of monitor (make and model) do you have?


----------



## sjajdld (Jan 25, 2007)

i have no idea. it's a dell inspiron 8600 laptop... where would i look to find this out?


----------



## sjajdld (Jan 25, 2007)

on ATI MOBILITY RADEON 9600 PRO TURBO

i found this...


----------



## Cookiegal (Aug 27, 2003)

Go to the Dell web site:

http://www.dell.com/support/drivers/us/en/04/DriversHome/NeedProductSelection

Enter your Service tag number and download and install the driver for the ATI Mobility Radeon 9600 Pro Turbo graphics card.


----------



## sjajdld (Jan 25, 2007)

Did all that you said... there were 3 different ones but none said PRO TURBO, but i d/l them anyway.... still black screen


----------



## sjajdld (Jan 25, 2007)

I'm so frustrated I can't stand it ! Also, none said they were for a graphics card... it fell under the video tag. Hard to see anything when it's black. I read something about a lcd tube/bulb (?) or what have you, that supposedly can cause this appearance on the screen too, but wouldn't it be ALL the time and not just after startup??? Just a thought. I'm gonna go scream out my front door now....


----------



## sjajdld (Jan 25, 2007)

also, not sure if i stated this before on here (think i did) but after the 10-15 minutes when my computer is idle and goes to "sleep" when i come back and move the mouse, the screen lights right up like normal to where i left it and within seconds goes black again.... thats what makes me think its nothing to do with a bulb/tube/lcd/led thingy. But, what do i know?!?!?! I'm just trying to cover all bases here


----------



## Cookiegal (Aug 27, 2003)

Whether it's call video or graphics, it's the same thing. From what I'm seeing there could be various causes from the backlight, a bad inverter, fuse, etc. Can you hook up an external monitor and see if the problem still occurs?

How old is this laptop?


----------



## sjajdld (Jan 25, 2007)

ok, so I tried hooking up an old, hugeeeee monitor to the laptop and ....

it works, sooooooooooooooooooooooooo i guess it is not virus related then afterall? what a pain in the butt this has been. sorry I have taken up so much of your time on this, but I really do appreciate allllll of the help you have given me !!!!!! So, THANK YOU VERY, VERY MUCH !!!!

I have no idea what to do now other than take it to someone who knows how to fix it because I sure don't !!! Or perhaps it's time to buy a new one, or both  I was really hoping this was a virus and could be fixed without having to drop money into it.... ah well.

So, now what do I need to do to get my computer back to where I was before all these scans, etc. ???


----------



## Cookiegal (Aug 27, 2003)

I've asked some of my fellow Moderators to see if they can help.

But you didn't say how old it is. I believe that model is around 9 years old, right? I don't think it owes you anything but of course if it can be fixed, all the better.


----------



## cybertech (Apr 16, 2002)

I would suggest looking at the power settings.
http://support.dell.com/support/edocs/systems/xlob/dtg/en/power.htm


----------



## Triple6 (Dec 26, 2002)

If it goes extremely dark but you still see a faint image of what should be there then you have a problem with either power inverter or the back light. Either one will require replacement parts.


----------



## sjajdld (Jan 25, 2007)

It's 7 years old... but the only one I have so... I have a ton of pictures on here that I will need to take off so what should I do to get back to where I was when we first started? I think you have me in debug mode or some such thing.... I'd like to fix it but I don't know how much it's going to cost me. The inverter is around $35 but if it's the backlight... ?


----------



## Cookiegal (Aug 27, 2003)

sjajdld said:


> It's 7 years old... but the only one I have so... I have a ton of pictures on here that I will need to take off so *what should I do to get back to where I was when we first started*? I think you have me in debug mode or some such thing.... I'd like to fix it but I don't know how much it's going to cost me. The inverter is around $35 but if it's the backlight... ?


What do you mean by the bolded part?


----------



## sjajdld (Jan 25, 2007)

I have noticed upon starting up is after the DELL page a screen flashes up that says:

Please select the operating system to start:
Microsoft Windows recovery Console
do not select this [debugger enabled}
Microsoft Windows XP Professional

Use the up and down arrow keys to move the highlight to your choice.
Seconds until highlighted choice will be started automatically:

For trouble shooting and advance start up options for windows, press F8


This screen started popping up after you had me do some things... way back on post # 24 of this. It never used to start up like that....


----------



## Cookiegal (Aug 27, 2003)

That's because we installed the Recovery Console. I don't recommend uninstalling it because it can be very useful in recovery if the system crashes. It's installed as an alternative boot option but the Windows installation is selected by default and there's only a 2 second window to select the RC if you need it before Windows will load automatically.

Here are some final instructions for you.

As with any infection, I recommend that you change all passwords for logging into to sites that you use on your computer as a precaution.

Please open OTS again and click on the button that says "CleanUp" at the top. This will remove some of the tools we've used and will also uninstall the OTS program.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there (the screenshot is just for illustration purposes but the actual command uses the entire word "uninstall" and not just the "u" as shown in the picture).










Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.


----------



## Triple6 (Dec 26, 2002)

There's no good way to test which component has failed. You pretty much have to try one at a time or have it checked and fixed at a place that does such repairs.


----------



## Cookiegal (Aug 27, 2003)

Thanks for your help Rob. :up:


----------



## sjajdld (Jan 25, 2007)

Thanks for the help  Wish it had been virus related, but ah well... I truly appreciate all the help given  Thank You again !


----------



## Cookiegal (Aug 27, 2003)

You're welcome.


----------

