Redirect and Unable to run malware tools

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

3 Pages
1
2
3
→

You cannot start a new topic
This topic is locked

Redirect and Unable to run malware tools

#1 SwordSlayer954

Member

Group: Members
Posts: 15
Joined: 08-June 11

Posted 28 July 2011 - 07:33 AM

Hey there,

I'm working on my dad's computer and am having a helluva time trying to fix whatever is wrong with it.

Its not letting me run and malware programs. For example, if I run Malwarebytes (or TDSSkiller, Spybot, GMER) I get: Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item. I am logged in as Admin and get the same result if I right click > run as admin.

I was able to get DDS to run and heres the log:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by <removed> at 8:21:53 on 2011-07-28
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2557.1192 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\ico.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Garmin\ANT Agent\ANT Agent.exe
C:\Program Files\Garmin\gStart.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee Security Scan\3.0.199\SSScheduler.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\<removed>\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\<removed>\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\<removed>\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyServer = http=127.0.0.1:50485
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110620175436.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\<removed>\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" resetprofile
uRun: [ANT Agent] c:\program files\garmin\ant agent\ANT Agent.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [gStart] c:\program files\garmin\gStart.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
mRun: [PMX Daemon] ICO.EXE
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
dRun: [CtxfiReg] CTXFIREG.exe /FAIL2
StartupFolder: c:\users\elital~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.199\SSScheduler.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: gotvmail.net\confluence
TCP: DhcpNameServer = 10.2.0.12
TCP: Interfaces\{97F5ABB9-CA7B-4A12-BA4B-F455D59CFEFE} : NameServer = 205.152.144.23,8.8.8.8
TCP: Interfaces\{97F5ABB9-CA7B-4A12-BA4B-F455D59CFEFE} : DhcpNameServer = 10.2.0.12
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\<removed>\appdata\roaming\mozilla\firefox\profiles\001s5co7.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\users\<removed>\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: XULRunner: {9B6BBDB4-812A-4B3E-A926-C4BB02D720C5} - c:\users\<removed>\appdata\local\{9B6BBDB4-812A-4B3E-A926-C4BB02D720C5}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-29 459728]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-29 64648]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-29 163400]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-20 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-4-14 203280]
R2 McMPFSvc;McAfee Personal Firewall;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-29 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-29 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-29 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-29 165000]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-29 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-29 148520]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-10-24 91456]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\ssport.sys [2008-10-6 5120]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-29 57432]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-3 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-3 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-3 72728]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-29 179248]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-29 59288]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-29 337912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-14 136176]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\common files\creative labs shared\service\AL1Licensing.exe [2008-9-12 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-7-28 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-3 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-3 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-3 72728]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-14 136176]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2009-2-19 1222680]
S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2009-7-7 28160]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.199\McCHSvc.exe [2011-2-23 237008]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-29 85984]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-6-19 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-1-25 9472]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2011-5-12 21744]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-9-12 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-9-12 19008]
.
=============== Created Last 30 ================
.
2011-07-28 12:16:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-28 12:16:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-28 12:13:47 -------- d-----w- c:\programdata\InstallMate
2011-07-28 12:13:47 -------- d-----w- c:\program files\BillP Studios
2011-07-28 12:13:12 208896 ----a-w- c:\windows\MBR.exe
2011-07-28 12:13:10 256000 ----a-w- c:\windows\PEV.exe
2011-07-28 12:13:09 98816 ----a-w- c:\windows\sed.exe
2011-07-28 12:13:09 518144 ----a-w- c:\windows\SWREG.exe
2011-07-28 12:12:55 -------- d-s---w- C:\ComboFix
2011-07-28 11:16:34 -------- d-----w- c:\users\<removed>\appdata\roaming\Malwarebytes
2011-07-28 11:16:27 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-28 11:16:25 -------- d-----w- c:\programdata\Malwarebytes
2011-07-28 11:16:21 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-28 11:16:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-25 12:36:42 -------- d-----w- c:\program files\iPod
2011-07-25 12:31:23 -------- d-----w- c:\program files\Bonjour
2011-07-24 16:16:27 -------- d-----w- c:\users\<removed>\FrostWire
2011-07-24 16:16:04 -------- d-----w- c:\users\<removed>\.frostwire5
2011-07-24 16:15:06 -------- d-----w- c:\program files\FrostWire 5
2011-07-13 03:26:46 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 03:26:46 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 03:26:42 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 03:26:38 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-13 03:26:38 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-06-29 03:10:54 276992 ----a-w- c:\windows\system32\schannel.dll
.
==================== Find3M ====================
.
2011-06-15 11:53:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-06-15 10:57:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-10 12:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 12:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-02 17:16:14 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25:10 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25:09 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24:50 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24:42 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24:40 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 8:24:07.94 ===============

Any help would be appreciated. I got GMER to run when I initially installed it but the second I went to scan, the program shut down.

My dad has been complaining about redirects in Firefox (clicking on a search result and getting redirected to the wrong website) and Firefox just sitting and opening up lots of tabs, etc.

This post has been edited by Grinler: 29 July 2011 - 07:27 PM
Reason for edit: Removed name

#2 HelpBot

Bleepin' Binary Bot

Group: Bots
Posts: 5,607
Joined: 05-October 07
Gender:Male

Posted 07 August 2011 - 07:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on http://www.bleepingcomputer.com/logreply/411710 and follow the instructions there. If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
- Please do this even if you have previously posted logs for us.
- If you were unable to produce the logs originally please try once more.
- If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
- If you are unsure about any of these characteristics just post what you can and we will guide you.
Please tell us if you have your original Windows CD/DVD available.
Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Farbar

Just Curious

Group: Malware Response Instructor
Posts: 17,817
Joined: 08-December 07
Gender:Male
Location:The Netherlands

Posted 07 August 2011 - 10:06 AM

Hello SwordSlayer954,

Are able to provide the logs and update me on the current condition of the computer?

#4 SwordSlayer954

Member

Group: Members
Posts: 15
Joined: 08-June 11

Posted 08 August 2011 - 08:24 AM

Hi, sorry about the delay. I couldn't get to the computer yesterday.

Here we go....

1) Problem: A) Firefox is randomly redirecting to malicious search pages.

If Firefox sits for long enough, tabs begin to open on their own. C) When I attempt to open the majority of programs on my computer, I get "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." even though I am the admin.

2) Logs:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_26
Run by *********** at 9:01:35 on 2011-08-08
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2557.1017 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\ico.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Users\************\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Garmin\ANT Agent\ANT Agent.exe
C:\Program Files\Garmin\gStart.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee Security Scan\3.0.199\SSScheduler.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\McAfee Security Scan\3.0.199\McUicnt.exe
C:\Program Files\McAfee Security Scan\3.0.199\McCHSvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080913
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080913
mStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080913
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080913
uInternet Settings,ProxyServer = http=127.0.0.1:50485
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110729175515.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\************\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" resetprofile
uRun: [ANT Agent] c:\program files\garmin\ant agent\ANT Agent.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [gStart] c:\program files\garmin\gStart.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
mRun: [PMX Daemon] ICO.EXE
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
dRun: [CtxfiReg] CTXFIREG.exe /FAIL2
StartupFolder: c:\users\elital~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.199\SSScheduler.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: gotvmail.net\confluence
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 10.2.0.12
TCP: Interfaces\{97F5ABB9-CA7B-4A12-BA4B-F455D59CFEFE} : NameServer = 205.152.144.23,8.8.8.8
TCP: Interfaces\{97F5ABB9-CA7B-4A12-BA4B-F455D59CFEFE} : DhcpNameServer = 10.2.0.12
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\************\appdata\roaming\mozilla\firefox\profiles\001s5co7.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\users\*************\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 459728]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-7-28 64648]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-7-28 163400]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-20 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-28 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-28 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-28 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-28 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-7-28 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-7-28 148520]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\ssport.sys [2008-10-6 5120]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-7-28 57432]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-3 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-3 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-3 72728]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.199\McCHSvc.exe [2011-2-23 237008]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-7-28 179248]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-7-28 337912]
S2 0128921311976536mcinstcleanup;McAfee Application Installer Cleanup (0128921311976536);c:\windows\temp\012892~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\012892~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-14 136176]
S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-7-28 165000]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\common files\creative labs shared\service\AL1Licensing.exe [2008-9-12 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-7-28 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-3 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-3 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-3 72728]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-14 136176]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2009-2-19 1222680]
S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2009-7-7 28160]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-7-28 59288]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-7-28 85984]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-6-19 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-1-25 9472]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-9-12 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-9-12 19008]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-10-24 91456]
.
=============== Created Last 30 ================
.
2011-07-29 21:55:15 24376 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
2011-07-29 13:49:12 100736 ----a-w- C:\fxldipod.sys
2011-07-28 16:39:55 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-07-28 16:39:39 85984 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-07-28 16:39:39 64648 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-07-28 16:39:39 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-07-28 16:39:39 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-07-28 16:39:39 337912 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-07-28 16:39:39 179248 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-07-28 16:39:39 163400 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-07-28 16:39:23 -------- d-----w- c:\program files\McAfee.com
2011-07-28 16:39:23 -------- d-----w- c:\program files\common files\Mcafee
2011-07-28 16:39:22 -------- d-----w- c:\program files\McAfee
2011-07-28 16:22:34 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-07-28 16:03:59 -------- d-----w- C:\mfe
2011-07-28 13:46:16 -------- d-----w- c:\users\*************\appdata\roaming\McAfee
2011-07-28 12:47:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-07-28 12:47:04 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-07-28 12:47:04 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-07-28 12:47:04 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-07-28 12:47:04 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-07-28 12:47:04 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-07-28 12:47:04 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-07-28 12:47:04 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-07-28 12:47:04 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-07-28 12:47:04 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-07-28 12:16:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-28 12:16:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-28 12:13:47 -------- d-----w- c:\programdata\InstallMate
2011-07-28 12:13:47 -------- d-----w- c:\program files\BillP Studios
2011-07-28 12:13:12 208896 ----a-w- c:\windows\MBR.exe
2011-07-28 12:13:10 256000 ----a-w- c:\windows\PEV.exe
2011-07-28 12:13:09 98816 ----a-w- c:\windows\sed.exe
2011-07-28 12:13:09 518144 ----a-w- c:\windows\SWREG.exe
2011-07-28 12:12:55 -------- d-s---w- C:\ComboFix
2011-07-28 11:16:34 -------- d-----w- c:\users\***************\appdata\roaming\Malwarebytes
2011-07-28 11:16:25 -------- d-----w- c:\programdata\Malwarebytes
2011-07-28 11:16:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-25 12:36:42 -------- d-----w- c:\program files\iPod
2011-07-25 12:31:23 -------- d-----w- c:\program files\Bonjour
2011-07-24 16:16:27 -------- d-----w- c:\users\**************\FrostWire
2011-07-24 16:16:04 -------- d-----w- c:\users\**************\.frostwire5
2011-07-24 16:15:06 -------- d-----w- c:\program files\FrostWire 5
2011-07-13 03:26:46 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 03:26:46 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 03:26:42 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 03:26:38 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-13 03:26:38 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
.
==================== Find3M ====================
.
2011-06-15 10:57:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-28 06:08:58 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10:26 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 9:02:45.62 ===============

GMER won't run, its giving me the path/permission error message.

Operating System: Vista Ultimate 32-bit. SP2.

I don't have access to the disc.

#5 Farbar

Just Curious

Group: Malware Response Instructor
Posts: 17,817
Joined: 08-December 07
Gender:Male
Location:The Netherlands

Posted 08 August 2011 - 09:01 AM

Thanks for the feedback. :thumbup2:

The type of infection is known. Before we go for a fix please do the following and give me feedback:

Tap F8 key a few times at startup until you get to Advanced Boot Options menu. There you can see options like "Safe Mode". See if there is a "Repair My Computer" option. You don't need to do anything with that at the moment. I just would like to know our options.

#6 SwordSlayer954

Member

Group: Members
Posts: 15
Joined: 08-June 11

Posted 08 August 2011 - 11:43 AM

Yes I have a Repair My Computer option

#7 Farbar

Just Curious

Group: Malware Response Instructor
Posts: 17,817
Joined: 08-December 07
Gender:Male
Location:The Netherlands

Posted 08 August 2011 - 11:54 AM

That is good. :thumbup2:

I understand the malware prevents the tools from running and we need to deal with it differently.

This is a general instruction, please follow the instruction for x32 bit computers.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

#8 SwordSlayer954

Member

Group: Members
Posts: 15
Joined: 08-June 11

Posted 08 August 2011 - 12:50 PM

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.1
Ran by SYSTEM at 2011-08-08 13:48:12
Running from F:\
Windows Vista ™ Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode [x]
HKLM\...\Run: [PMX Daemon] ICO.EXE [x]
HKLM\...\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe [184864 2008-01-03] (NVIDIA Corporation)
HKLM\...\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r [184320 2007-04-17] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
HKLM\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x]
HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [236016 2009-07-08] (Sonic Solutions)
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1468296 2009-05-26] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" [135536 2010-08-27] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2011-05-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-07-19] (Apple Inc.)
HKLM\...\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot [325512 2011-05-15] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1306728 2011-06-22] (McAfee, Inc.)
HKU\********\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\********\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [206112 2008-10-24] (Macrovision Corporation)
HKU\********\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\********\...\Run: [Google Update] "C:\Users\********\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-09-02] (Google Inc.)
HKU\********\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [15144328 2010-09-02] (Skype Technologies S.A.)
HKU\********\...\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" resetprofile [106496 2008-02-04] (NVIDIA)
HKU\********\...\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [12036968 2011-04-14] (GARMIN Corp.)
HKU\********\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [8704 2006-11-02] (Microsoft Corporation)
HKU\********\...\Run: [gStart] C:\Program Files\Garmin\gStart.exe [1891416 2008-08-13] (GARMIN Corp.)
HKU\********\...\Policies\system: [disableregistrytools] 0
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll [X]
Tcpip\Parameters: [DhcpNameServer] 10.2.0.12
Tcpip\..\Interfaces\{97F5ABB9-CA7B-4A12-BA4B-F455D59CFEFE}: [NameServer]205.152.144.23,8.8.8.8

================================ Services (Whitelisted) ==================

2 0128921311976536mcinstcleanup; C:\Windows\TEMP\012892~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [119 2011-07-29] ()
2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
3 Creative ALchemy AL1 Licensing Service; "C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe" [79360 2008-09-12] (Creative Labs)
3 Creative Audio Engine Licensing Service; "C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe" [79360 2009-07-28] (Creative Labs)
2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd)
3 GoToAssist; "C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe" Start=service [13160 2011-07-29] (Citrix Online, a division of Citrix Systems, Inc.)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe" [237008 2011-06-17] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [361712 2011-06-23] ()
2 McProxy; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [165000 2011-03-13] ()
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [159832 2011-03-13] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [148520 2011-03-13] (McAfee, Inc.)
4 MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [91456 2010-06-24] ()
2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [135536 2010-08-27] (Microsoft Corporation)
2 MSK80Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService [155648 2008-02-04] (NVIDIA)
2 nvsvc; C:\Windows\System32\nvvsvc.exe [129640 2010-04-03] (NVIDIA Corporation)
3 Roxio UPnP Renderer 9; "C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe" [88560 2007-12-06] (Sonic Solutions)
2 Roxio Upnp Server 9; "C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe" [362992 2007-12-06] (Sonic Solutions)
2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [313840 2009-07-08] (Sonic Solutions)
3 RoxMediaDB9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe" [1108464 2009-07-08] (Sonic Solutions)
2 RoxWatch9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe" [170480 2009-07-08] (Sonic Solutions)
4 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [74384 2008-03-24] (MicroVision Development, Inc.)
3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [753504 2010-03-18] (Microsoft Corporation)
3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [x]
3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [x]
3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [x]

========================== Drivers (Whitelisted) =============

4 adp94xx; C:\Windows\System32\drivers\adp94xx.sys [420968 2006-11-02] (Adaptec, Inc.)
4 adpahci; C:\Windows\System32\drivers\adpahci.sys [297576 2006-11-02] (Adaptec, Inc.)
4 adpu160m; C:\Windows\System32\drivers\adpu160m.sys [98408 2006-11-02] (Adaptec, Inc.)
4 adpu320; C:\Windows\System32\drivers\adpu320.sys [147048 2006-11-02] (Adaptec, Inc.)
3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
1 AFD; C:\Windows\System32\drivers\afd.sys [273408 2011-04-21] ()
4 aic78xx; C:\Windows\System32\drivers\djsvs.sys [71272 2006-11-02] (Adaptec, Inc.)
4 aliide; C:\Windows\System32\drivers\aliide.sys [17464 2008-09-12] (Acer Laboratories Inc.)
4 amdide; C:\Windows\System32\drivers\amdide.sys [17976 2008-09-12] (Microsoft Corporation)
4 AmdK7; C:\Windows\System32\drivers\amdk7.sys [38912 2006-11-02] (Microsoft Corporation)
4 AmdK8; C:\Windows\System32\drivers\amdk8.sys [40960 2006-11-02] (Microsoft Corporation)
4 arc; C:\Windows\System32\drivers\arc.sys [67688 2006-11-02] (Adaptec, Inc.)
4 arcsas; C:\Windows\System32\drivers\arcsas.sys [67688 2006-11-02] (Adaptec, Inc.)
4 Brserid; C:\Windows\System32\drivers\brserid.sys [71808 2006-11-02] (Brother Industries Ltd.)
4 BrSerWdm; C:\Windows\System32\drivers\brserwdm.sys [62336 2006-11-02] (Brother Industries Ltd.)
4 BrUsbMdm; C:\Windows\System32\drivers\brusbmdm.sys [12160 2006-11-02] (Brother Industries Ltd.)
3 BTCFilterService; C:\Windows\System32\DRIVERS\motfilt.sys [6016 2009-01-29] (Motorola Inc)
4 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [39936 2006-11-02] (Microsoft Corporation)
3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [79664 2007-04-01] (Broadcom Corporation.)
3 btwavdt; C:\Windows\System32\drivers\btwavdt.sys [80688 2007-04-01] (Broadcom Corporation.)
3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [16432 2007-04-01] (Broadcom Corporation.)
3 cfwids; C:\Windows\System32\drivers\cfwids.sys [57432 2011-03-13] (McAfee, Inc.)
4 circlass; C:\Windows\System32\drivers\circlass.sys [35328 2006-11-02] (Microsoft Corporation)
4 cmdide; C:\Windows\System32\drivers\cmdide.sys [19000 2008-09-12] (CMD Technology, Inc.)
4 Compbatt; C:\Windows\System32\drivers\compbatt.sys [20920 2008-09-12] (Microsoft Corporation)
3 CT20XUT; C:\Windows\System32\drivers\CT20XUT.SYS [171032 2009-06-03] (Creative Technology Ltd.)
3 CT20XUT.SYS; C:\Windows\System32\drivers\CT20XUT.SYS [171032 2009-06-03] (Creative Technology Ltd.)
3 ctac32k; C:\Windows\System32\drivers\ctac32k.sys [511000 2009-06-03] (Creative Technology Ltd)
3 ctaud2k; C:\Windows\System32\drivers\ctaud2k.sys [527512 2009-06-03] (Creative Technology Ltd)
3 CTEXFIFX; C:\Windows\System32\drivers\CTEXFIFX.SYS [1324056 2009-06-03] (Creative Technology Ltd.)
3 CTEXFIFX.SYS; C:\Windows\System32\drivers\CTEXFIFX.SYS [1324056 2009-06-03] (Creative Technology Ltd.)
3 CTHWIUT; C:\Windows\System32\drivers\CTHWIUT.SYS [72728 2009-06-03] (Creative Technology Ltd.)
3 CTHWIUT.SYS; C:\Windows\System32\drivers\CTHWIUT.SYS [72728 2009-06-03] (Creative Technology Ltd.)
3 ctprxy2k; C:\Windows\System32\drivers\ctprxy2k.sys [14360 2009-06-03] (Creative Technology Ltd)
3 ctsfm2k; C:\Windows\System32\drivers\ctsfm2k.sys [158744 2009-06-03] (Creative Technology Ltd)
3 e1express; C:\Windows\System32\DRIVERS\e1e6032.sys [200704 2006-11-01] (Intel Corporation)
4 elxstor; C:\Windows\System32\drivers\elxstor.sys [316520 2006-11-02] (Emulex)
3 emupia; C:\Windows\System32\drivers\emupia2k.sys [95768 2009-06-03] (Creative Technology Ltd)
4 fdc; C:\Windows\System32\DRIVERS\fdc.sys [25088 2006-11-02] (Microsoft Corporation)
4 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [20480 2006-11-02] (Microsoft Corporation)
3 ha20x22k; C:\Windows\System32\drivers\ha20x22k.sys [1222680 2009-02-19] (Creative Technology Ltd)
3 ha20x2k; C:\Windows\System32\drivers\ha20x2k.sys [1177624 2009-06-03] (Creative Technology Ltd)
4 HidIr; C:\Windows\System32\drivers\hidir.sys [21504 2006-11-02] (Microsoft Corporation)
4 HpCISSs; C:\Windows\System32\drivers\hpcisss.sys [37480 2006-11-02] (Hewlett-Packard Company)
4 i2omp; C:\Windows\System32\drivers\i2omp.sys [27752 2006-11-02] (Microsoft Corporation)
4 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [54784 2008-01-18] (Microsoft Corporation)
4 iaStorV; C:\Windows\System32\drivers\iastorv.sys [232040 2006-11-02] (Intel Corporation)
4 iirsp; C:\Windows\System32\drivers\iirsp.sys [41576 2006-11-02] (Intel Corp./ICP vortex GmbH)
4 intelide; C:\Windows\System32\drivers\intelide.sys [17976 2008-09-12] (Microsoft Corporation)
4 IPMIDRV; C:\Windows\System32\drivers\ipmidrv.sys [65536 2006-11-02] (Microsoft Corporation)
4 isapnp; C:\Windows\System32\drivers\isapnp.sys [47208 2008-09-12] (Microsoft Corporation)
4 iteatapi; C:\Windows\System32\drivers\iteatapi.sys [35944 2006-11-02] (Integrated Technology Express, Inc.)
4 iteraid; C:\Windows\System32\drivers\iteraid.sys [35944 2006-11-02] (Integrated Technology Express, Inc.)
4 JRAID; C:\Windows\System32\drivers\jraid.sys [72704 2008-03-13] (JMicron Technology Corp.)
3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [28160 2009-07-07] (http://libusb-win32.sourceforge.net)
4 LSI_FC; C:\Windows\System32\drivers\lsi_fc.sys [65640 2006-11-02] (LSI Logic)
4 LSI_SAS; C:\Windows\System32\drivers\lsi_sas.sys [65640 2006-11-02] (LSI Logic)
4 LSI_SCSI; C:\Windows\System32\drivers\lsi_scsi.sys [65640 2006-11-02] (LSI Logic)
4 megasas; C:\Windows\System32\drivers\megasas.sys [28776 2006-11-02] (LSI Logic Corporation)
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [118784 2011-03-13] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [179248 2011-03-13] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59288 2011-03-13] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [337912 2011-03-13] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [459728 2011-03-13] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [64648 2011-03-13] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [85984 2011-03-13] (McAfee, Inc.)
1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [163400 2011-03-13] (McAfee, Inc.)
3 motccgp; C:\Windows\System32\DRIVERS\motccgp.sys [19712 2009-06-19] (Motorola)
3 motccgpfl; C:\Windows\System32\DRIVERS\motccgpfl.sys [8320 2009-01-29] (Motorola)
3 motmodem; C:\Windows\System32\DRIVERS\motmodem.sys [23936 2009-10-27] (Motorola)
3 MotoSwitchService; C:\Windows\System32\DRIVERS\motswch.sys [6400 2007-11-02] (Motorola)
3 Motousbnet; C:\Windows\System32\DRIVERS\Motousbnet.sys [23424 2010-04-01] (Motorola)
3 motusbdevice; C:\Windows\System32\DRIVERS\motusbdevice.sys [9472 2010-01-25] (Motorola Inc)
4 mpio; C:\Windows\System32\drivers\mpio.sys [78952 2006-11-02] (Microsoft Corporation)
4 Mraid35x; C:\Windows\System32\drivers\mraid35x.sys [33384 2006-11-02] (LSI Logic Corporation)
4 msahci; C:\Windows\System32\drivers\msahci.sys [28216 2008-09-12] (Microsoft Corporation)
4 msdsm; C:\Windows\System32\drivers\msdsm.sys [80488 2006-11-02] (Microsoft Corporation)
4 nfrd960; C:\Windows\System32\drivers\nfrd960.sys [45160 2006-11-02] (IBM Corporation)
4 ntrigdigi; C:\Windows\System32\drivers\ntrigdigi.sys [20608 2006-11-01] (N-trig Innovative Technologies)
3 NVENETFD; C:\Windows\System32\DRIVERS\nvmfdx32.sys [1052704 2008-08-01] (NVIDIA Corporation)
3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [11573800 2010-04-03] (NVIDIA Corporation)
3 NVR0Dev; \??\C:\Windows\nvoclock.sys [29824 2008-02-04] (NVidia Corp.)
0 nvrd32; C:\Windows\System32\drivers\nvrd32.sys [134688 2008-03-13] (NVIDIA Corporation)
4 nvstor; C:\Windows\System32\drivers\nvstor.sys [40040 2006-11-02] (NVIDIA Corporation)
0 nvstor32; C:\Windows\System32\drivers\nvstor32.sys [110624 2008-03-13] (NVIDIA Corporation)
3 ossrv; C:\Windows\System32\drivers\ctoss2k.sys [130072 2009-06-03] (Creative Technology Ltd.)
4 Parport; C:\Windows\System32\drivers\parport.sys [79360 2006-11-02] (Microsoft Corporation)
4 pcmcia; C:\Windows\System32\drivers\pcmcia.sys [167528 2006-11-02] (Microsoft Corporation)
3 pmxmouse; C:\Windows\System32\DRIVERS\pmxmouse.sys [18432 2007-06-01] (Primax Electronics Ltd.)
3 pmxusblf; C:\Windows\System32\DRIVERS\pmxusblf.sys [19008 2007-05-24] (Primax Electronics Ltd.)
3 Point32; C:\Windows\System32\DRIVERS\point32k.sys [30088 2009-05-08] (Microsoft Corporation)
4 Processor; C:\Windows\System32\drivers\processr.sys [38400 2006-11-02] (Microsoft Corporation)
4 ql2300; C:\Windows\System32\drivers\ql2300.sys [900712 2006-11-02] (QLogic Corporation)
4 ql40xx; C:\Windows\System32\drivers\ql40xx.sys [106088 2006-11-02] (QLogic Corporation)
3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [2028032 2006-11-01] (ATI Technologies Inc.)
3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [22784 2008-05-20] (Research In Motion Limited)
3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial.sys [27136 2009-01-09] (Research in Motion Ltd)
3 ROOTMODEM; C:\Windows\System32\Drivers\RootMdm.sys [8192 2008-01-18] (Microsoft Corporation)
4 sbp2port; C:\Windows\System32\drivers\sbp2port.sys [76392 2006-11-02] (Microsoft Corporation)
4 sermouse; C:\Windows\System32\drivers\sermouse.sys [19968 2008-01-18] (Microsoft Corporation)
4 sffdisk; C:\Windows\System32\drivers\sffdisk.sys [13312 2008-09-12] (Microsoft Corporation)
4 sfloppy; C:\Windows\System32\drivers\sfloppy.sys [13312 2006-11-02] (Microsoft Corporation)
4 SiSRaid2; C:\Windows\System32\drivers\sisraid2.sys [38504 2006-11-02] (Silicon Integrated Systems Corp.)
4 SiSRaid4; C:\Windows\System32\drivers\sisraid4.sys [71784 2006-11-02] (Silicon Integrated Systems)
2 SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [5120 2006-11-21] (Samsung Electronics)
4 Symc8xx; C:\Windows\System32\drivers\symc8xx.sys [35944 2006-11-02] (LSI Logic)
4 Sym_hi; C:\Windows\System32\drivers\sym_hi.sys [31848 2006-11-02] (LSI Logic)
4 Sym_u3; C:\Windows\System32\drivers\sym_u3.sys [34920 2006-11-02] (LSI Logic)
4 uliahci; C:\Windows\System32\drivers\uliahci.sys [235112 2006-11-02] (ULi Electronics Inc.)
4 UlSata; C:\Windows\System32\drivers\ulsata.sys [98408 2006-11-02] (Promise Technology, Inc.)
4 ulsata2; C:\Windows\System32\drivers\ulsata2.sys [115816 2006-11-02] (Promise Technology, Inc.)
3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [73216 2009-04-10] (Microsoft Corporation)
4 usbcir; C:\Windows\System32\drivers\usbcir.sys [68608 2006-11-02] (Microsoft Corporation)
4 usbprint; C:\Windows\System32\drivers\usbprint.sys [18944 2006-11-02] (Microsoft Corporation)
4 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [22528 2006-11-02] (Microsoft Corporation)
4 ViaC7; C:\Windows\System32\drivers\viac7.sys [39424 2006-11-02] (Microsoft Corporation)
4 viaide; C:\Windows\System32\drivers\viaide.sys [20024 2008-09-12] (VIA Technologies, Inc.)
4 vsmraid; C:\Windows\System32\drivers\vsmraid.sys [112232 2006-11-02] (VIA Technologies Inc.,Ltd)
4 WacomPen; C:\Windows\System32\drivers\wacompen.sys [20608 2006-11-02] (Microsoft Corporation)
3 WinUSB; C:\Windows\System32\DRIVERS\WinUSB.sys [31616 2009-04-10] (Microsoft Corporation)
4 WmiAcpi; C:\Windows\System32\drivers\wmiacpi.sys [11264 2008-09-12] (Microsoft Corporation)
4 blbdrive; C:\Windows\System32\drivers\blbdrive.sys [x]
2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 mfeavfk01; [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 yeddef; C:\Windows\System32\Drivers\yeddef.sys [x]

========================== NetSvcs ========================

============ One Month Created Files and Folders ==============

2011-08-08 05:20 - 2011-08-08 05:20 - 0000000 ____D C:\Users\********\Desktop\DDS2
2011-08-08 05:00 - 2011-08-08 05:00 - 0000400 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{031A36D6-1689-49BC-B466-6626C95F493F}.job
2011-08-08 04:53 - 2011-08-08 05:01 - 0000000 ____D C:\Users\********\Desktop\Virus Stuff
2011-07-29 13:43 - 2011-08-08 08:39 - 2586241 ___AH C:\Users\********\AppData\Local\IconCache.db
2011-07-29 05:52 - 2011-07-29 05:52 - 222400032 ____A C:\Windows\MEMORY.DMP
2011-07-29 05:52 - 2011-07-29 05:52 - 0134696 ____A C:\Windows\Minidump\Mini072911-01.dmp
2011-07-29 05:52 - 2011-07-29 05:52 - 0000000 ____D C:\Windows\Minidump
2011-07-29 05:49 - 2011-07-29 05:49 - 0100736 ____A (GMER) C:\fxldipod.sys
2011-07-29 05:48 - 2011-07-29 05:48 - 3560039 ____A C:\Users\********\Downloads\tools (1).exe
2011-07-29 05:48 - 2011-07-29 05:48 - 1480000 ____A C:\Users\********\Downloads\getsusp.exe
2011-07-29 05:48 - 2011-07-29 05:48 - 0000022 ____A C:\Users\********\Downloads\GetSusp1.tmp
2011-07-29 05:48 - 2011-07-29 05:48 - 0000000 ____A C:\Users\********\Downloads\GetSusp.tmp
2011-07-28 09:14 - 2011-07-29 13:49 - 0001737 ____A C:\Users\Public\Desktop\McAfee Security Center.lnk
2011-07-28 08:39 - 2011-07-29 13:54 - 0000000 ____D C:\Program Files\McAfee
2011-07-28 08:39 - 2011-07-28 09:11 - 0000000 ____D C:\Program Files\Common Files\Mcafee
2011-07-28 08:39 - 2011-07-28 08:39 - 0000000 ____D C:\Program Files\McAfee.com
2011-07-28 08:39 - 2011-03-13 07:20 - 0337912 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfefirek.sys
2011-07-28 08:39 - 2011-03-13 07:20 - 0179248 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys
2011-07-28 08:39 - 2011-03-13 07:20 - 0163400 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfewfpk.sys
2011-07-28 08:39 - 2011-03-13 07:20 - 0085984 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdet.sys
2011-07-28 08:39 - 2011-03-13 07:20 - 0064648 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfenlfk.sys
2011-07-28 08:39 - 2011-03-13 07:20 - 0059288 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfebopk.sys
2011-07-28 08:39 - 2011-03-13 07:20 - 0057432 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\cfwids.sys
2011-07-28 08:39 - 2011-03-13 07:20 - 0009344 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeclnk.sys
2011-07-28 08:22 - 2011-03-13 07:45 - 0148520 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2011-07-28 08:03 - 2011-07-28 08:04 - 0011853 ____A C:\Users\********\Desktop\PreInstallToolLog.txt
2011-07-28 08:03 - 2011-07-28 08:03 - 0000000 ____D C:\mfe
2011-07-28 08:03 - 2011-06-07 19:25 - 0143360 ____A (McAfee, Inc.) C:\Users\********\Desktop\McPreInstall.exe
2011-07-28 07:49 - 2011-07-28 07:49 - 0006110 ____A C:\Windows\System32\jupdate-1.6.0_26-b03.log
2011-07-28 07:49 - 2011-05-04 00:52 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2011-07-28 07:49 - 2011-05-04 00:52 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2011-07-28 07:49 - 2011-05-04 00:52 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2011-07-28 07:26 - 2011-07-28 07:26 - 0458608 ____A (McAfee Inc.) C:\Users\********\Downloads\MVTInstaller(1).exe
2011-07-28 07:21 - 2011-07-28 12:17 - 0000000 ____D C:\Users\All Users\McAfee
2011-07-28 07:21 - 2011-07-28 12:17 - 0000000 ____D C:\ProgramData\McAfee
2011-07-28 07:05 - 2011-07-28 07:08 - 0000804 ____A C:\Windows\Tasks\McAfee Cleanup.job
2011-07-28 07:04 - 2011-04-01 18:50 - 1373616 ____A C:\Users\********\Desktop\MCPR.exe
2011-07-28 07:02 - 2011-07-28 07:03 - 4188120 ____A (McAfee, Inc.) C:\Users\********\Desktop\McAfeeSetup.exe
2011-07-28 06:03 - 2011-07-28 06:03 - 0181200 ____A (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\********\Downloads\GoToAssistStarter (1).exe
2011-07-28 05:57 - 2011-07-28 05:57 - 0181200 ____A (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\********\Downloads\GoToAssistStarter.exe
2011-07-28 05:50 - 2011-07-28 05:50 - 0458608 ____A (McAfee Inc.) C:\Users\********\Downloads\MVTInstaller (2).exe
2011-07-28 05:46 - 2011-07-28 05:53 - 0001931 ____A C:\Users\Public\Desktop\McAfee Virtual Technician.lnk
2011-07-28 05:46 - 2011-07-28 05:46 - 0000000 ____D C:\Users\********\AppData\Roaming\McAfee
2011-07-28 05:45 - 2011-07-28 05:45 - 0458608 ____A (McAfee Inc.) C:\Users\********\Downloads\MVTInstaller (1).exe
2011-07-28 04:25 - 2011-07-28 04:25 - 0294216 ____A C:\Users\********\Downloads\gmer (2).zip
2011-07-28 04:25 - 2011-07-28 04:25 - 0294216 ____A C:\Users\********\Downloads\gmer (1).zip
2011-07-28 04:21 - 2011-07-28 04:21 - 0607017 ____R (Swearware) C:\Users\********\Downloads\dds (1).scr
2011-07-28 04:16 - 2011-07-28 06:48 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2011-07-28 04:16 - 2011-07-28 06:48 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2011-07-28 04:16 - 2011-07-28 06:48 - 0000000 ____D C:\Program Files\Spybot - Search & Destroy
2011-07-28 04:13 - 2011-07-28 04:13 - 0000000 ____D C:\Users\All Users\InstallMate
2011-07-28 04:13 - 2011-07-28 04:13 - 0000000 ____D C:\ProgramData\InstallMate
2011-07-28 04:13 - 2011-07-28 04:13 - 0000000 ____D C:\Program Files\BillP Studios
2011-07-28 04:13 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2011-07-28 04:13 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2011-07-28 04:13 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2011-07-28 04:13 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2011-07-28 04:13 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2011-07-28 04:13 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2011-07-28 04:13 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2011-07-28 04:12 - 2011-07-28 04:13 - 0000000 ___SD C:\ComboFix
2011-07-28 04:12 - 2011-07-28 04:12 - 0000000 ___SD C:\32788R22FWJFW
2011-07-28 04:12 - 2011-07-28 04:12 - 0000000 ____D C:\Windows\ERDNT
2011-07-28 04:12 - 2011-07-28 04:12 - 0000000 ____D C:\Qoobox
2011-07-28 04:12 - 2011-07-28 03:55 - 0821832 ____A (BillP Studios) C:\Users\********\Desktop\wpsetup.exe
2011-07-28 04:11 - 2011-07-28 03:51 - 4155871 ___RA (Swearware) C:\Users\********\Desktop\ComboFix.exe
2011-07-28 03:43 - 2011-07-28 03:44 - 0070528 ____A C:\TDSSKiller.2.5.11.0_28.07.2011_07.43.35_log.txt
2011-07-28 03:38 - 2011-07-28 03:39 - 0070788 ____A C:\TDSSKiller.2.5.11.0_28.07.2011_07.38.16_log.txt
2011-07-28 03:37 - 2011-07-28 03:37 - 0002140 ____A C:\TDSSKiller.2.5.4.0_28.07.2011_07.37.00_log.txt
2011-07-28 03:36 - 2011-07-28 03:36 - 1383430 ____A C:\Users\********\Downloads\tdsskiller.zip
2011-07-28 03:36 - 2011-07-28 03:36 - 0002140 ____A C:\TDSSKiller.2.5.4.0_28.07.2011_07.36.33_log.txt
2011-07-28 03:36 - 2011-07-28 03:36 - 0000412 ____A C:\TDSSKiller.2.5.4.0_28.07.2011_07.36.04_log.txt
2011-07-28 03:30 - 2011-07-28 03:31 - 13685936 ____A (Mozilla) C:\Users\********\Downloads\Firefox Setup 5.0.1.exe
2011-07-28 03:16 - 2011-07-28 07:19 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2011-07-28 03:16 - 2011-07-28 03:16 - 0000000 ____D C:\Users\********\AppData\Roaming\Malwarebytes
2011-07-28 03:16 - 2011-07-28 03:16 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-07-28 03:16 - 2011-07-28 03:16 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-07-28 03:15 - 2011-07-28 03:15 - 9466208 ____A (Malwarebytes Corporation ) C:\Users\********\Downloads\mbam-setup-1.51.1.1800.exe
2011-07-26 08:33 - 2011-07-26 08:33 - 0000000 ____D C:\Users\All Users\WindowsSearch
2011-07-26 08:33 - 2011-07-26 08:33 - 0000000 ____D C:\ProgramData\WindowsSearch
2011-07-25 04:38 - 2011-07-25 04:38 - 0001666 ____A C:\Users\Public\Desktop\iTunes.lnk
2011-07-25 04:36 - 2011-07-25 04:36 - 0000000 ____D C:\Program Files\iPod
2011-07-25 04:31 - 2011-07-25 04:31 - 0000000 ____D C:\Program Files\Bonjour
2011-07-24 08:16 - 2011-07-24 10:00 - 0000000 ____D C:\Users\********\.frostwire5
2011-07-24 08:16 - 2011-07-24 08:18 - 0000000 ____D C:\Users\********\FrostWire
2011-07-24 08:15 - 2011-07-24 08:18 - 0000000 ____D C:\Program Files\FrostWire 5
2011-07-24 08:15 - 2011-07-24 08:15 - 0001036 ____A C:\Users\********\Desktop\FrostWire 5.0.8.lnk
2011-07-24 08:12 - 2011-07-24 08:13 - 10032376 ____A (FrostWire Team) C:\Users\********\Downloads\frostwire-5.0.8.windows.exe
2011-07-24 04:24 - 2011-07-29 05:51 - 0000000 ____D C:\Users\********\Desktop\McAfee VR Tools
2011-07-24 04:18 - 2011-07-24 04:18 - 0458608 ____A (McAfee Inc.) C:\Users\********\Downloads\MVTInstaller.exe
2011-07-24 04:05 - 2011-07-24 04:05 - 8877688 ____A (Glarysoft Ltd ) C:\Users\********\Downloads\gusetup.exe
2011-07-22 06:59 - 2011-07-22 06:59 - 0000206 ____A C:\Windows\System32\MRT.INI
2011-07-19 04:28 - 2011-07-19 04:28 - 0081664 ____A (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\********\Downloads\gotomypc-start.exe
2011-07-14 06:05 - 2011-07-14 06:05 - 0002075 ____A C:\Users\Public\Desktop\Google Earth.lnk
2011-07-14 06:02 - 2011-08-08 08:12 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-07-14 06:02 - 2011-08-08 04:50 - 0000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-07-14 06:02 - 2011-07-14 06:02 - 0589640 ____A (Google Inc.) C:\Users\********\Downloads\GoogleEarthSetup.exe
2011-07-12 19:26 - 2011-06-02 05:34 - 2043392 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-07-12 19:26 - 2011-04-21 05:55 - 0508416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2011-07-12 19:26 - 2011-04-20 07:55 - 0375808 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2011-07-12 19:26 - 2011-04-20 07:50 - 0049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-07-12 19:26 - 2009-06-17 05:23 - 0030208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS
2011-07-12 07:20 - 2011-07-12 07:20 - 0083816 ____A (Apple Inc.) C:\Windows\System32\dns-sd.exe
2011-07-12 07:20 - 2011-07-12 07:20 - 0073064 ____A (Apple Inc.) C:\Windows\System32\dnssd.dll
2011-07-11 09:09 - 2011-07-22 05:38 - 0019312 ____A C:\Users\********\AppData\Roaming\BB8C.798
2011-07-08 16:26 - 2011-07-08 16:26 - 0000000 ____D C:\Program Files\Apple Software Update
2011-07-08 16:08 - 2011-07-08 16:08 - 0000000 ____D C:\Program Files\Safari

============ 3 Months Modified Files and Folders ===============

2011-08-08 13:48 - 2011-08-08 13:48 - 0000000 ____D C:\FRST
2011-08-08 08:40 - 2009-08-30 08:37 - 0054472 ____A C:\Windows\System32\BMXStateBkp-{00000006-00000000-0000000A-00001102-00000005-60021102}.rfx
2011-08-08 08:40 - 2009-08-30 08:37 - 0054472 ____A C:\Windows\System32\BMXState-{00000006-00000000-0000000A-00001102-00000005-60021102}.rfx
2011-08-08 08:40 - 2009-08-30 08:37 - 0000788 ____A C:\Windows\System32\DVCState-{00000006-00000000-0000000A-00001102-00000005-60021102}.rfx
2011-08-08 08:40 - 2008-09-12 11:33 - 0002140 ____A C:\Windows\bthservsdp.dat
2011-08-08 08:40 - 2006-11-02 05:00 - 0032566 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-08-08 08:40 - 2006-11-02 05:00 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-08-08 08:40 - 2006-11-02 04:46 - 0003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2011-08-08 08:40 - 2006-11-02 04:46 - 0003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2011-08-08 08:39 - 2011-07-29 13:43 - 2586241 ___AH C:\Users\********\AppData\Local\IconCache.db
2011-08-08 08:39 - 2008-09-12 11:30 - 1446287 ____A C:\Windows\WindowsUpdate.log
2011-08-08 08:36 - 2011-05-25 05:16 - 0000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2011-08-08 08:12 - 2011-07-14 06:02 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-08-08 07:55 - 2010-09-02 12:35 - 0000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3846136161-3858483316-3222689210-1000UA.job
2011-08-08 05:20 - 2011-08-08 05:20 - 0000000 ____D C:\Users\********\Desktop\DDS2
2011-08-08 05:02 - 2011-04-27 14:30 - 0001949 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2011-08-08 05:02 - 2011-04-27 14:30 - 0001949 ____A C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
2011-08-08 05:02 - 2011-04-27 14:30 - 0000000 ____D C:\Program Files\McAfee Security Scan
2011-08-08 05:01 - 2011-08-08 04:53 - 0000000 ____D C:\Users\********\Desktop\Virus Stuff
2011-08-08 05:00 - 2011-08-08 05:00 - 0000400 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{031A36D6-1689-49BC-B466-6626C95F493F}.job
2011-08-08 04:59 - 2010-10-05 15:31 - 0000000 ____D C:\Users\********\AppData\Roaming\Skype
2011-08-08 04:50 - 2011-07-14 06:02 - 0000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-08-08 04:50 - 2008-11-12 10:58 - 0000320 ____A C:\Windows\Tasks\GlaryInitialize.job
2011-08-08 01:55 - 2010-09-02 12:35 - 0000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3846136161-3858483316-3222689210-1000Core.job
2011-07-29 13:54 - 2011-07-28 08:39 - 0000000 ____D C:\Program Files\McAfee
2011-07-29 13:51 - 2006-11-02 02:33 - 0707392 ____A C:\Windows\System32\PerfStringBackup.INI
2011-07-29 13:49 - 2011-07-28 09:14 - 0001737 ____A C:\Users\Public\Desktop\McAfee Security Center.lnk
2011-07-29 12:08 - 2008-11-12 10:55 - 0037888 ____A C:\Users\********\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-29 06:04 - 2011-04-05 13:12 - 0663944 ____A C:\Windows\ntbtlog.txt
2011-07-29 05:55 - 2008-09-19 12:22 - 0000000 ____D C:\users\********
2011-07-29 05:52 - 2011-07-29 05:52 - 222400032 ____A C:\Windows\MEMORY.DMP
2011-07-29 05:52 - 2011-07-29 05:52 - 0134696 ____A C:\Windows\Minidump\Mini072911-01.dmp
2011-07-29 05:52 - 2011-07-29 05:52 - 0000000 ____D C:\Windows\Minidump
2011-07-29 05:51 - 2011-07-24 04:24 - 0000000 ____D C:\Users\********\Desktop\McAfee VR Tools
2011-07-29 05:49 - 2011-07-29 05:49 - 0100736 ____A (GMER) C:\fxldipod.sys
2011-07-29 05:48 - 2011-07-29 05:48 - 3560039 ____A C:\Users\********\Downloads\tools (1).exe
2011-07-29 05:48 - 2011-07-29 05:48 - 1480000 ____A C:\Users\********\Downloads\getsusp.exe
2011-07-29 05:48 - 2011-07-29 05:48 - 0000022 ____A C:\Users\********\Downloads\GetSusp1.tmp
2011-07-29 05:48 - 2011-07-29 05:48 - 0000000 ____A C:\Users\********\Downloads\GetSusp.tmp
2011-07-29 05:46 - 2008-09-26 05:38 - 0000000 ____D C:\Users\********\AppData\Local\Deployment
2011-07-28 12:17 - 2011-07-28 07:21 - 0000000 ____D C:\Users\All Users\McAfee
2011-07-28 12:17 - 2011-07-28 07:21 - 0000000 ____D C:\ProgramData\McAfee
2011-07-28 09:11 - 2011-07-28 08:39 - 0000000 ____D C:\Program Files\Common Files\Mcafee
2011-07-28 08:39 - 2011-07-28 08:39 - 0000000 ____D C:\Program Files\McAfee.com
2011-07-28 08:34 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\rescache
2011-07-28 08:16 - 2006-11-02 04:59 - 0227674 ____A C:\Windows\PFRO.log
2011-07-28 08:14 - 2006-11-02 03:18 - 0000000 ___SD C:\Windows\Downloaded Program Files
2011-07-28 08:14 - 2006-11-02 03:18 - 0000000 ___RD C:\Windows\Offline Web Pages
2011-07-28 08:13 - 2010-10-19 06:10 - 0000795 ____A C:\Users\********\Desktop\chargify stuff.txt
2011-07-28 08:04 - 2011-07-28 08:03 - 0011853 ____A C:\Users\********\Desktop\PreInstallToolLog.txt
2011-07-28 08:03 - 2011-07-28 08:03 - 0000000 ____D C:\mfe
2011-07-28 08:03 - 2006-11-02 04:49 - 0000749 __RAH C:\Windows\WindowsShell.Manifest
2011-07-28 08:03 - 2006-11-02 04:49 - 0000174 __ASH C:\Users\Public\desktop.ini
2011-07-28 08:03 - 2006-11-02 04:49 - 0000174 __ASH C:\users\desktop.ini
2011-07-28 08:03 - 2006-11-02 04:49 - 0000174 __ASH C:\Users\All Users\Start Menu\Programs\Startup\desktop.ini
2011-07-28 08:03 - 2006-11-02 04:49 - 0000174 __ASH C:\Program Files\desktop.ini
2011-07-28 07:50 - 2008-09-12 11:48 - 0000000 ____D C:\Program Files\Common Files\Java
2011-07-28 07:49 - 2011-07-28 07:49 - 0006110 ____A C:\Windows\System32\jupdate-1.6.0_26-b03.log
2011-07-28 07:49 - 2008-09-12 11:48 - 0000000 ____D C:\Program Files\Java
2011-07-28 07:26 - 2011-07-28 07:26 - 0458608 ____A (McAfee Inc.) C:\Users\********\Downloads\MVTInstaller(1).exe
2011-07-28 07:19 - 2011-07-28 03:16 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2011-07-28 07:08 - 2011-07-28 07:05 - 0000804 ____A C:\Windows\Tasks\McAfee Cleanup.job
2011-07-28 07:06 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\System32\config\TxR
2011-07-28 07:06 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\System32\config\Journal
2011-07-28 07:03 - 2011-07-28 07:02 - 4188120 ____A (McAfee, Inc.) C:\Users\********\Desktop\McAfeeSetup.exe
2011-07-28 06:48 - 2011-07-28 04:16 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2011-07-28 06:48 - 2011-07-28 04:16 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2011-07-28 06:48 - 2011-07-28 04:16 - 0000000 ____D C:\Program Files\Spybot - Search & Destroy
2011-07-28 06:03 - 2011-07-28 06:03 - 0181200 ____A (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\********\Downloads\GoToAssistStarter (1).exe
2011-07-28 05:57 - 2011-07-28 05:57 - 0181200 ____A (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\********\Downloads\GoToAssistStarter.exe
2011-07-28 05:53 - 2011-07-28 05:46 - 0001931 ____A C:\Users\Public\Desktop\McAfee Virtual Technician.lnk
2011-07-28 05:50 - 2011-07-28 05:50 - 0458608 ____A (McAfee Inc.) C:\Users\********\Downloads\MVTInstaller (2).exe
2011-07-28 05:46 - 2011-07-28 05:46 - 0000000 ____D C:\Users\********\AppData\Roaming\McAfee
2011-07-28 05:45 - 2011-07-28 05:45 - 0458608 ____A (McAfee Inc.) C:\Users\********\Downloads\MVTInstaller (1).exe
2011-07-28 04:47 - 2008-09-20 09:37 - 0000848 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2011-07-28 04:47 - 2008-09-20 09:37 - 0000000 ____D C:\Program Files\Mozilla Firefox
2011-07-28 04:25 - 2011-07-28 04:25 - 0294216 ____A C:\Users\********\Downloads\gmer (2).zip
2011-07-28 04:25 - 2011-07-28 04:25 - 0294216 ____A C:\Users\********\Downloads\gmer (1).zip
2011-07-28 04:21 - 2011-07-28 04:21 - 0607017 ____R (Swearware) C:\Users\********\Downloads\dds (1).scr
2011-07-28 04:13 - 2011-07-28 04:13 - 0000000 ____D C:\Users\All Users\InstallMate
2011-07-28 04:13 - 2011-07-28 04:13 - 0000000 ____D C:\ProgramData\InstallMate
2011-07-28 04:13 - 2011-07-28 04:13 - 0000000 ____D C:\Program Files\BillP Studios
2011-07-28 04:13 - 2011-07-28 04:12 - 0000000 ___SD C:\ComboFix
2011-07-28 04:12 - 2011-07-28 04:12 - 0000000 ___SD C:\32788R22FWJFW
2011-07-28 04:12 - 2011-07-28 04:12 - 0000000 ____D C:\Windows\ERDNT
2011-07-28 04:12 - 2011-07-28 04:12 - 0000000 ____D C:\Qoobox
2011-07-28 03:55 - 2011-07-28 04:12 - 0821832 ____A (BillP Studios) C:\Users\********\Desktop\wpsetup.exe
2011-07-28 03:51 - 2011-07-28 04:11 - 4155871 ___RA (Swearware) C:\Users\********\Desktop\ComboFix.exe
2011-07-28 03:44 - 2011-07-28 03:43 - 0070528 ____A C:\TDSSKiller.2.5.11.0_28.07.2011_07.43.35_log.txt
2011-07-28 03:39 - 2011-07-28 03:38 - 0070788 ____A C:\TDSSKiller.2.5.11.0_28.07.2011_07.38.16_log.txt
2011-07-28 03:37 - 2011-07-28 03:37 - 0002140 ____A C:\TDSSKiller.2.5.4.0_28.07.2011_07.37.00_log.txt
2011-07-28 03:36 - 2011-07-28 03:36 - 1383430 ____A C:\Users\********\Downloads\tdsskiller.zip
2011-07-28 03:36 - 2011-07-28 03:36 - 0002140 ____A C:\TDSSKiller.2.5.4.0_28.07.2011_07.36.33_log.txt
2011-07-28 03:36 - 2011-07-28 03:36 - 0000412 ____A C:\TDSSKiller.2.5.4.0_28.07.2011_07.36.04_log.txt
2011-07-28 03:31 - 2011-07-28 03:30 - 13685936 ____A (Mozilla) C:\Users\********\Downloads\Firefox Setup 5.0.1.exe
2011-07-28 03:16 - 2011-07-28 03:16 - 0000000 ____D C:\Users\********\AppData\Roaming\Malwarebytes
2011-07-28 03:16 - 2011-07-28 03:16 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-07-28 03:16 - 2011-07-28 03:16 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-07-28 03:15 - 2011-07-28 03:15 - 9466208 ____A (Malwarebytes Corporation ) C:\Users\********\Downloads\mbam-setup-1.51.1.1800.exe
2011-07-27 06:40 - 2008-09-20 10:24 - 0001746 ____A C:\Users\********\Desktop\Trillian.lnk
2011-07-27 05:43 - 2008-09-20 10:23 - 0000000 ____D C:\Program Files\Trillian
2011-07-26 08:33 - 2011-07-26 08:33 - 0000000 ____D C:\Users\All Users\WindowsSearch
2011-07-26 08:33 - 2011-07-26 08:33 - 0000000 ____D C:\ProgramData\WindowsSearch
2011-07-25 06:21 - 2011-02-21 11:55 - 0000000 ____D C:\Users\********\Desktop\Music Files
2011-07-25 04:38 - 2011-07-25 04:38 - 0001666 ____A C:\Users\Public\Desktop\iTunes.lnk
2011-07-25 04:37 - 2010-04-30 15:29 - 0000000 ____D C:\Program Files\iTunes
2011-07-25 04:36 - 2011-07-25 04:36 - 0000000 ____D C:\Program Files\iPod
2011-07-25 04:36 - 2010-01-17 03:50 - 0000000 ____D C:\Program Files\Common Files\Apple
2011-07-25 04:31 - 2011-07-25 04:31 - 0000000 ____D C:\Program Files\Bonjour
2011-07-24 10:00 - 2011-07-24 08:16 - 0000000 ____D C:\Users\********\.frostwire5
2011-07-24 08:18 - 2011-07-24 08:16 - 0000000 ____D C:\Users\********\FrostWire
2011-07-24 08:18 - 2011-07-24 08:15 - 0000000 ____D C:\Program Files\FrostWire 5
2011-07-24 08:15 - 2011-07-24 08:15 - 0001036 ____A C:\Users\********\Desktop\FrostWire 5.0.8.lnk
2011-07-24 08:13 - 2011-07-24 08:12 - 10032376 ____A (FrostWire Team) C:\Users\********\Downloads\frostwire-5.0.8.windows.exe
2011-07-24 08:13 - 2011-02-21 11:47 - 0000000 ____D C:\Users\********\AppData\Roaming\FrostWire
2011-07-24 08:12 - 2011-02-21 11:55 - 0000000 ____D C:\Users\********\Desktop\Incomplete
2011-07-24 04:18 - 2011-07-24 04:18 - 0458608 ____A (McAfee Inc.) C:\Users\********\Downloads\MVTInstaller.exe
2011-07-24 04:10 - 2008-11-12 10:58 - 0000000 ____D C:\Program Files\Glary Utilities
2011-07-24 04:06 - 2008-11-12 10:58 - 0000865 ____A C:\Users\********\Desktop\Glary Utilities.lnk
2011-07-24 04:05 - 2011-07-24 04:05 - 8877688 ____A (Glarysoft Ltd ) C:\Users\********\Downloads\gusetup.exe
2011-07-22 07:09 - 2006-11-02 04:46 - 0333656 ____A C:\Windows\System32\FNTCACHE.DAT
2011-07-22 07:05 - 2011-04-11 05:18 - 0000838 ____A C:\Windows\setupact.log
2011-07-22 06:59 - 2011-07-22 06:59 - 0000206 ____A C:\Windows\System32\MRT.INI
2011-07-22 06:56 - 2008-09-12 12:00 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-07-22 06:56 - 2008-09-12 12:00 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-07-22 06:56 - 2008-09-12 12:00 - 0000000 ____D C:\Program Files\Microsoft Office
2011-07-22 06:56 - 2006-11-02 02:24 - 49089992 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2011-07-22 05:38 - 2011-07-11 09:09 - 0019312 ____A C:\Users\********\AppData\Roaming\BB8C.798
2011-07-19 04:28 - 2011-07-19 04:28 - 0081664 ____A (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\********\Downloads\gotomypc-start.exe
2011-07-14 15:55 - 2010-09-02 12:36 - 0002064 ____A C:\Users\********\Desktop\Google Chrome.lnk
2011-07-14 06:05 - 2011-07-14 06:05 - 0002075 ____A C:\Users\Public\Desktop\Google Earth.lnk
2011-07-14 06:05 - 2008-09-19 12:23 - 0000000 ____D C:\Users\********\AppData\LocalLow
2011-07-14 06:04 - 2008-09-12 12:04 - 0000000 ____D C:\Program Files\Google
2011-07-14 06:02 - 2011-07-14 06:02 - 0589640 ____A (Google Inc.) C:\Users\********\Downloads\GoogleEarthSetup.exe
2011-07-12 08:14 - 2011-03-13 13:02 - 0000000 ____D C:\Program Files\Garmin
2011-07-12 07:20 - 2011-07-12 07:20 - 0083816 ____A (Apple Inc.) C:\Windows\System32\dns-sd.exe
2011-07-12 07:20 - 2011-07-12 07:20 - 0073064 ____A (Apple Inc.) C:\Windows\System32\dnssd.dll
2011-07-08 16:26 - 2011-07-08 16:26 - 0000000 ____D C:\Program Files\Apple Software Update
2011-07-08 16:09 - 2010-04-30 15:31 - 0000000 ____D C:\Users\********\AppData\Local\Apple Computer
2011-07-08 16:08 - 2011-07-08 16:08 - 0000000 ____D C:\Program Files\Safari
2011-07-08 12:13 - 2011-05-25 05:16 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2011-07-07 07:15 - 2011-07-07 07:14 - 0000000 ____D C:\Program Files\Common Files\Adobe
2011-07-07 07:15 - 2008-09-12 12:03 - 0000000 ____D C:\Users\All Users\Adobe
2011-07-07 07:15 - 2008-09-12 12:03 - 0000000 ____D C:\ProgramData\Adobe
2011-07-07 07:14 - 2009-03-22 06:53 - 0000000 ____D C:\Program Files\Adobe
2011-07-07 07:13 - 2008-10-02 07:35 - 0000000 ____D C:\Users\********\AppData\Local\Adobe
2011-06-25 22:45 - 2011-07-28 04:13 - 0256000 ____A C:\Windows\PEV.exe
2011-06-25 07:07 - 2011-04-05 16:24 - 0000000 ____D C:\Users\All Users\PCDr
2011-06-25 07:07 - 2011-04-05 16:24 - 0000000 ____D C:\ProgramData\PCDr
2011-06-25 07:07 - 2008-09-12 12:08 - 0000000 ____D C:\Program Files\Dell Support Center
2011-06-21 06:44 - 2010-10-05 15:30 - 0002377 ____A C:\Users\Public\Desktop\Skype.lnk
2011-06-21 06:30 - 2011-06-21 06:30 - 0245486 ____A C:\Users\********\Desktop\fakecup.jpg
2011-06-20 06:29 - 2008-09-26 14:40 - 0001800 ___AH C:\Users\********\Documents\Default.rdp
2011-06-15 08:45 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\Microsoft.NET
2011-06-15 04:02 - 2009-04-20 12:35 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2011-06-15 03:54 - 2011-06-15 03:13 - 0003374 ____A C:\Windows\IE9_main.log
2011-06-15 03:53 - 2011-06-15 03:53 - 2873344 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2011-06-15 03:53 - 2011-06-15 03:53 - 1554432 ____A (Microsoft Corporation) C:\Windows\System32\xpsservices.dll
2011-06-15 03:53 - 2011-06-15 03:53 - 1172480 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2011-06-15 03:53 - 2011-06-15 03:53 - 1075712 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2011-06-15 03:53 - 2011-06-15 03:53 - 1068544 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2011-06-15 03:53 - 2011-06-15 03:53 - 1029120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2011-06-15 03:53 - 2011-06-15 03:53 - 0979456 ____A (Microsoft Corporation) C:\Windows\System32\MFH264Dec.dll
2011-06-15 03:53 - 2011-06-15 03:53 - 0876032 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2011-06-15 03:53 - 2011-06-15 03:53 - 0847360 ____A (Microsoft Corporation) C:\Windows\System32\OpcServices.dll
2011-06-15 03:53 - 2011-06-15 03:53 - 0797184 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2011-06-15 03:53 - 2011-06-15 03:53 - 0683008 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2011-06-15 03:53 - 2011-06-15 03:53 - 0667648 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
2011-06-15 03:53 - 2011-06-15 03:53 - 0638336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2011-06-15 03:53 - 2011-06-15 03:53 - 0586240 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
2011-06-15 03:53 - 2011-06-15 03:53 - 0486400 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2011-06-15 03:53 - 2011-06-15 03:53 - 0478720 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2011-06-15 03:53 - 2011-06-15 03:53 - 0357376 ____A (Microsoft Corporation) C:\Windows\System32\MFHEAACdec.dll
2011-06-15 03:53 - 2011-06-15 03:53 - 0302592 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4src.dll
2011-06-15 03:53 - 2011-06-15 03:53 - 0288768 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2011-06-15 03:53 - 2011-06-15 03:53 - 0261632 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2011-06-15 03:53 - 2011-06-15 03:53 - 0258048 ____A (Microsoft Corporation) C:\Windows\System32\winspool.drv
2011-06-15 03:53 - 2011-06-15 03:53 - 0219648 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2011-06-15 03:53 - 2011-06-15 03:53 - 0209920 ____A (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2011-06-15 03:53 - 2011-06-15 03:53 - 0189952 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2011-06-15 03:53 - 2011-06-15 03:53 - 0160768 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2011-06-15 03:53 - 2011-06-15 03:53 - 0135680 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2011-06-15 03:53 - 2011-06-15 03:53 - 0098816 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2011-06-15 03:53 - 2011-06-15 03:53 - 0037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2011-06-15 03:53 - 2011-06-15 03:53 - 0026112 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelineprxy.dll
2011-06-15 03:03 - 2011-04-12 06:26 - 0000000 ____D C:\Users\All Users\MyVirtualHome
2011-06-15 03:03 - 2011-04-12 06:26 - 0000000 ____D C:\ProgramData\MyVirtualHome
2011-06-15 03:03 - 2011-04-12 06:26 - 0000000 ____D C:\Program Files\MyVirtualHome
2011-06-15 03:03 - 2008-09-12 11:48 - 0000000 ___HD C:\Program Files\InstallShield Installation Information
2011-06-15 03:02 - 2010-08-20 09:03 - 0000000 ____D C:\Program Files\LimeWire
2011-06-15 02:58 - 2006-11-02 03:18 - 0000000 ____D C:\Program Files\Common Files\microsoft shared
2011-06-15 02:57 - 2011-05-24 06:17 - 0404640 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2011-06-07 19:25 - 2011-07-28 08:03 - 0143360 ____A (McAfee, Inc.) C:\Users\********\Desktop\McPreInstall.exe
2011-06-02 05:34 - 2011-07-12 19:26 - 2043392 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-05-27 22:08 - 2011-06-14 17:10 - 1211904 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-05-27 22:08 - 2011-06-14 17:10 - 0916480 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-05-27 22:07 - 2011-06-14 17:10 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2011-05-27 22:05 - 2011-06-14 17:10 - 0611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-05-27 22:04 - 2011-06-14 17:10 - 5964800 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-05-27 22:04 - 2011-06-14 17:10 - 1991680 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-05-27 22:04 - 2011-06-14 17:10 - 1469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-05-27 22:04 - 2011-06-14 17:10 - 11081728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-05-27 22:04 - 2011-06-14 17:10 - 0602112 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-05-27 22:04 - 2011-06-14 17:10 - 0184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-05-27 22:04 - 2011-06-14 17:10 - 0164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-05-27 22:04 - 2011-06-14 17:10 - 0109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2011-05-27 22:04 - 2011-06-14 17:10 - 0071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2011-05-27 22:04 - 2011-06-14 17:10 - 0066560 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-05-27 22:04 - 2011-06-14 17:10 - 0055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2011-05-27 22:04 - 2011-06-14 17:10 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-05-27 22:04 - 2011-06-14 17:10 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-05-27 22:04 - 2011-06-14 17:10 - 0025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-05-27 22:03 - 2011-06-14 17:10 - 0387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-05-27 21:10 - 2011-06-14 17:10 - 0385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-05-27 20:33 - 2011-06-14 17:10 - 0133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2011-05-27 20:32 - 2011-06-14 17:10 - 0173568 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2011-05-27 20:32 - 2011-06-14 17:10 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-05-27 20:31 - 2011-06-14 17:10 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-05-25 05:16 - 2008-10-06 12:58 - 0000000 ____D C:\Users\********\AppData\Roaming\Dell
2011-05-24 07:08 - 2011-05-24 07:08 - 0000000 _RASH C:\MSDOS.SYS
2011-05-24 07:08 - 2011-05-24 07:08 - 0000000 _RASH C:\IO.SYS
2011-05-10 04:06 - 2011-05-10 04:06 - 4517664 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll
2011-05-10 04:06 - 2011-05-10 04:06 - 0042496 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl.sys

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe
[2009-08-04 11:29] - [2009-04-10 22:27] - 2926592 ____A (Microsoft Corporation)

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 4092.75 MB
Available physical RAM: 3694.07 MB
Total Pagefile: 3960.23 MB
Available Pagefile: 3764.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.72 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:688.58 GB) (Free:506.62 GB) NTFS
4 Drive f: () (Removable) (Total:0.96 GB) (Free:0.07 GB) FAT
9 Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.15 GB) NTFS

==========================================================

Last Boot: 2011-08-08 02:59

======================= End Of Log ==========================

#9 Farbar

Just Curious

Group: Malware Response Instructor
Posts: 17,817
Joined: 08-December 07
Gender:Male
Location:The Netherlands

Posted 08 August 2011 - 01:27 PM

Removing the user names has no effect on our fix at the moment.

We have the infected file. We need some information. You should perform both the step 2 and step 3 in the System Recovery environment.

Boot normally to Windows. Download the attached file to the computer.
Important: right-click copyfile.bat and select "Run as administrator".
A log.txt file opens that say: "1 file(s) copied".
Close it as our job here is done.
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt
```
cmd: type c:\tdss*.txt
```
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
While you are still in the recovery environment run FRST.

Type the following in the edit box after "Search:".

afd.sys;explorer.exe

It should look like: afd.sys;explorer.exe

Note: The file names should be separated by semicolon (;)

Click Search button and post the log it makes to your reply.

#10 SwordSlayer954

Member

Group: Members
Posts: 15
Joined: 08-June 11

Posted 08 August 2011 - 02:30 PM

Fixlog.txt

Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.2.1)
Ran by SYSTEM at 2011-08-08 15:22:10 R:1
Running from F:\

==============================================

========= type c:\tdss*.txt =========

c:\TDSSKiller.2.5.11.0_28.07.2011_07.38.16_log.txt

2011/07/28 07:38:16.0043 3608 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/28 07:38:16.0904 3608 ================================================================================
2011/07/28 07:38:16.0904 3608 SystemInfo:
2011/07/28 07:38:16.0904 3608
2011/07/28 07:38:16.0904 3608 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/28 07:38:16.0904 3608 Product type: Workstation
2011/07/28 07:38:16.0904 3608 ComputerName: XPS730
2011/07/28 07:38:16.0906 3608 UserName:
2011/07/28 07:38:16.0906 3608 Windows directory: C:\Windows
2011/07/28 07:38:16.0906 3608 System windows directory: C:\Windows
2011/07/28 07:38:16.0906 3608 Processor architecture: Intel x86
2011/07/28 07:38:16.0906 3608 Number of processors: 4
2011/07/28 07:38:16.0906 3608 Page size: 0x1000
2011/07/28 07:38:16.0906 3608 Boot type: Normal boot
2011/07/28 07:38:16.0906 3608 ================================================================================
2011/07/28 07:38:18.0049 3608 Initialize success
2011/07/28 07:38:20.0913 4348 ================================================================================
2011/07/28 07:38:20.0913 4348 Scan started
2011/07/28 07:38:20.0913 4348 Mode: Manual;
2011/07/28 07:38:20.0913 4348 ================================================================================
2011/07/28 07:38:23.0101 4348 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/28 07:38:23.0178 4348 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/07/28 07:38:23.0250 4348 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/07/28 07:38:23.0343 4348 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/07/28 07:38:23.0416 4348 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/07/28 07:38:23.0487 4348 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
2011/07/28 07:38:23.0586 4348 AFD (0ca62266b239891a7f5a6881cef9ac25) C:\Windows\system32\drivers\afd.sys
2011/07/28 07:38:23.0667 4348 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/07/28 07:38:23.0746 4348 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/28 07:38:23.0787 4348 aliide (e32a92e1574a467f7c762922f6162d76) C:\Windows\system32\drivers\aliide.sys
2011/07/28 07:38:23.0914 4348 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/07/28 07:38:24.0004 4348 amdide (b52b576cb0099a62f87214f371031561) C:\Windows\system32\drivers\amdide.sys
2011/07/28 07:38:24.0135 4348 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/07/28 07:38:24.0162 4348 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/07/28 07:38:24.0269 4348 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/07/28 07:38:24.0389 4348 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/07/28 07:38:24.0451 4348 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/28 07:38:24.0486 4348 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/28 07:38:24.0529 4348 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/28 07:38:24.0612 4348 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/28 07:38:24.0670 4348 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/28 07:38:24.0697 4348 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/28 07:38:24.0745 4348 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/28 07:38:24.0771 4348 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/28 07:38:24.0809 4348 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/28 07:38:24.0833 4348 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/28 07:38:24.0909 4348 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\Windows\system32\DRIVERS\motfilt.sys
2011/07/28 07:38:24.0994 4348 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/07/28 07:38:25.0036 4348 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/28 07:38:25.0085 4348 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/07/28 07:38:25.0127 4348 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
2011/07/28 07:38:25.0234 4348 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
2011/07/28 07:38:25.0426 4348 btwaudio (fc23e3a7ae18b02dcc1a34cbef3f80af) C:\Windows\system32\drivers\btwaudio.sys
2011/07/28 07:38:25.0492 4348 btwavdt (5e14c92763e51130bfb9a670afd7eddf) C:\Windows\system32\drivers\btwavdt.sys
2011/07/28 07:38:25.0654 4348 btwrchid (ac3fd5a3bbfa114098f75b80c4c1f3e7) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/07/28 07:38:25.0814 4348 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/28 07:38:25.0948 4348 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/28 07:38:26.0007 4348 cfwids (ecaf4a51580244fef1aa32cb984f13bf) C:\Windows\system32\drivers\cfwids.sys
2011/07/28 07:38:26.0106 4348 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/07/28 07:38:26.0148 4348 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/28 07:38:26.0195 4348 cmdide (c177dd90b5dc1dcaa96ccece752e6f0f) C:\Windows\system32\drivers\cmdide.sys
2011/07/28 07:38:26.0310 4348 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
2011/07/28 07:38:26.0380 4348 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/07/28 07:38:26.0466 4348 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/07/28 07:38:26.0540 4348 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2011/07/28 07:38:26.0586 4348 CT20XUT (51a4c2c6d3ac2c275a1b93c34d4e87c6) C:\Windows\system32\drivers\CT20XUT.SYS
2011/07/28 07:38:26.0724 4348 CT20XUT.SYS (51a4c2c6d3ac2c275a1b93c34d4e87c6) C:\Windows\System32\drivers\CT20XUT.SYS
2011/07/28 07:38:26.0781 4348 ctac32k (7ec5c5f0b0c14ec186074fd095f0f370) C:\Windows\system32\drivers\ctac32k.sys
2011/07/28 07:38:26.0868 4348 ctaud2k (8dc02de5321499e6c1fe87e43d86a73b) C:\Windows\system32\drivers\ctaud2k.sys
2011/07/28 07:38:27.0065 4348 CTEXFIFX (d4c74f7228a2162171dee3087cc22fbf) C:\Windows\system32\drivers\CTEXFIFX.SYS
2011/07/28 07:38:27.0240 4348 CTEXFIFX.SYS (d4c74f7228a2162171dee3087cc22fbf) C:\Windows\System32\drivers\CTEXFIFX.SYS
2011/07/28 07:38:27.0272 4348 CTHWIUT (1d5bf4f26b27c5eba08f4d0fe96bff12) C:\Windows\system32\drivers\CTHWIUT.SYS
2011/07/28 07:38:27.0400 4348 CTHWIUT.SYS (1d5bf4f26b27c5eba08f4d0fe96bff12) C:\Windows\System32\drivers\CTHWIUT.SYS
2011/07/28 07:38:27.0434 4348 ctprxy2k (920b45bc9191f4e880ea2b75524d96ab) C:\Windows\system32\drivers\ctprxy2k.sys
2011/07/28 07:38:27.0599 4348 ctsfm2k (eac70ef0b40df7b8178bf5e80b5f4277) C:\Windows\system32\drivers\ctsfm2k.sys
2011/07/28 07:38:27.0746 4348 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/28 07:38:27.0897 4348 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/28 07:38:27.0961 4348 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/28 07:38:28.0009 4348 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/28 07:38:28.0111 4348 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/07/28 07:38:28.0183 4348 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/28 07:38:28.0233 4348 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/28 07:38:28.0287 4348 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/07/28 07:38:28.0340 4348 emupia (8b41f776beafda612cdf8ffa997b201e) C:\Windows\system32\drivers\emupia2k.sys
2011/07/28 07:38:28.0431 4348 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/28 07:38:28.0473 4348 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/28 07:38:28.0613 4348 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/28 07:38:28.0669 4348 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/28 07:38:28.0789 4348 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/28 07:38:28.0832 4348 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/28 07:38:28.0871 4348 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/28 07:38:28.0949 4348 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/28 07:38:28.0990 4348 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/28 07:38:29.0033 4348 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/28 07:38:29.0112 4348 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/28 07:38:29.0358 4348 ha20x22k (c663d5a459ee96b51d3ff49e70abd143) C:\Windows\system32\drivers\ha20x22k.sys
2011/07/28 07:38:29.0494 4348 ha20x2k (eda33b1d4721470bb924f082cf66d06a) C:\Windows\system32\drivers\ha20x2k.sys
2011/07/28 07:38:29.0647 4348 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\drivers\hdaudbus.sys
2011/07/28 07:38:29.0730 4348 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/28 07:38:29.0752 4348 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/28 07:38:29.0806 4348 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/28 07:38:29.0845 4348 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/07/28 07:38:29.0889 4348 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/07/28 07:38:29.0920 4348 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/07/28 07:38:29.0965 4348 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/28 07:38:29.0990 4348 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/07/28 07:38:30.0066 4348 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/28 07:38:30.0143 4348 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\drivers\intelide.sys
2011/07/28 07:38:30.0268 4348 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/28 07:38:30.0376 4348 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/28 07:38:30.0504 4348 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/28 07:38:30.0603 4348 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/28 07:38:30.0661 4348 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/28 07:38:30.0701 4348 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/07/28 07:38:30.0852 4348 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/28 07:38:30.0893 4348 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/28 07:38:30.0916 4348 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/28 07:38:30.0990 4348 JRAID (bdce08e413c98720d23d0a4cd74f6e0c) C:\Windows\system32\drivers\jraid.sys
2011/07/28 07:38:31.0117 4348 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/28 07:38:31.0147 4348 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/28 07:38:31.0191 4348 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/28 07:38:31.0244 4348 libusb0 (03e12dbfacf1aeb86c553b0db488fb81) C:\Windows\system32\DRIVERS\libusb0.sys
2011/07/28 07:38:31.0316 4348 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/28 07:38:31.0362 4348 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/28 07:38:31.0386 4348 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/28 07:38:31.0441 4348 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/28 07:38:31.0587 4348 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/28 07:38:31.0682 4348 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/07/28 07:38:31.0949 4348 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/07/28 07:38:31.0996 4348 mfeapfk (688b626fca708ee9eb161cad1f7363a9) C:\Windows\system32\drivers\mfeapfk.sys
2011/07/28 07:38:32.0075 4348 mfeavfk (693a8d924b640223974e0a88f2baf0f4) C:\Windows\system32\drivers\mfeavfk.sys
2011/07/28 07:38:32.0163 4348 mfebopk (52c40d19873528bd15823c969d3ad227) C:\Windows\system32\drivers\mfebopk.sys
2011/07/28 07:38:32.0244 4348 mfefirek (e37b98d49df546f4059483d49e349a53) C:\Windows\system32\drivers\mfefirek.sys
2011/07/28 07:38:32.0320 4348 mfehidk (44184f32392fa2e94d08d056ce750d56) C:\Windows\system32\drivers\mfehidk.sys
2011/07/28 07:38:32.0656 4348 mfenlfk (aedda57376e051e8e152b72d2df5387c) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/07/28 07:38:32.0804 4348 mferkdet (5f5313bfd1e73233885a26ab77488f6f) C:\Windows\system32\drivers\mferkdet.sys
2011/07/28 07:38:32.0946 4348 mfewfpk (547c95b8a73fd111b0d7af7c0f6736a3) C:\Windows\system32\drivers\mfewfpk.sys
2011/07/28 07:38:33.0065 4348 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/28 07:38:33.0152 4348 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/28 07:38:33.0211 4348 motccgp (c741717b0a18813dd7d12085937cee72) C:\Windows\system32\DRIVERS\motccgp.sys
2011/07/28 07:38:33.0297 4348 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS\motccgpfl.sys
2011/07/28 07:38:33.0352 4348 motmodem (54fee02961c70fd9d4d7e2f87afa23fa) C:\Windows\system32\DRIVERS\motmodem.sys
2011/07/28 07:38:33.0481 4348 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\Windows\system32\DRIVERS\motswch.sys
2011/07/28 07:38:33.0690 4348 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\Windows\system32\DRIVERS\Motousbnet.sys
2011/07/28 07:38:33.0807 4348 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\Windows\system32\DRIVERS\motusbdevice.sys
2011/07/28 07:38:33.0900 4348 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/28 07:38:33.0930 4348 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/28 07:38:33.0970 4348 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/28 07:38:34.0030 4348 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/07/28 07:38:34.0121 4348 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/28 07:38:34.0200 4348 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/28 07:38:34.0267 4348 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/28 07:38:34.0319 4348 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/28 07:38:34.0424 4348 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/28 07:38:34.0536 4348 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/28 07:38:34.0713 4348 msahci (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
2011/07/28 07:38:34.0830 4348 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/07/28 07:38:34.0892 4348 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/28 07:38:34.0929 4348 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/28 07:38:34.0967 4348 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/28 07:38:35.0008 4348 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/28 07:38:35.0028 4348 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/28 07:38:35.0058 4348 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/28 07:38:35.0126 4348 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/28 07:38:35.0148 4348 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/28 07:38:35.0188 4348 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/28 07:38:35.0237 4348 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/28 07:38:35.0314 4348 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/28 07:38:35.0362 4348 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/28 07:38:35.0395 4348 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/28 07:38:35.0476 4348 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/28 07:38:35.0506 4348 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/28 07:38:35.0540 4348 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/28 07:38:35.0627 4348 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/28 07:38:35.0716 4348 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/28 07:38:35.0755 4348 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/28 07:38:35.0811 4348 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/28 07:38:35.0867 4348 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/28 07:38:35.0929 4348 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/28 07:38:35.0966 4348 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/28 07:38:36.0027 4348 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/07/28 07:38:36.0596 4348 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/28 07:38:37.0110 4348 NVR0Dev (12a39692a2a736b021cc551ccf2abcd0) C:\Windows\nvoclock.sys
2011/07/28 07:38:37.0202 4348 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/07/28 07:38:37.0239 4348 nvrd32 (1458e0a12038cb594c56c000282c590f) C:\Windows\system32\drivers\nvrd32.sys
2011/07/28 07:38:37.0273 4348 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/07/28 07:38:37.0317 4348 nvstor32 (14b01fa9cdeecfe4aa95bf88702ba6cc) C:\Windows\system32\drivers\nvstor32.sys
2011/07/28 07:38:37.0403 4348 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/07/28 07:38:37.0656 4348 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/28 07:38:37.0695 4348 ossrv (ea7563de822696f1b9be9e589d33fa96) C:\Windows\system32\drivers\ctoss2k.sys
2011/07/28 07:38:37.0880 4348 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/28 07:38:38.0013 4348 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/28 07:38:38.0052 4348 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/28 07:38:38.0135 4348 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms
2011/07/28 07:38:38.0590 4348 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/28 07:38:38.0689 4348 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/07/28 07:38:38.0842 4348 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/28 07:38:38.0907 4348 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/28 07:38:39.0004 4348 pmxmouse (fab495f1defeb596c44b9752a25e2a60) C:\Windows\system32\DRIVERS\pmxmouse.sys
2011/07/28 07:38:39.0161 4348 pmxusblf (020eae9dfe3cd277994ce60e4c2c71cf) C:\Windows\system32\DRIVERS\pmxusblf.sys
2011/07/28 07:38:39.0257 4348 Point32 (858d5d8dbe432b358ca2f9d534169ca1) C:\Windows\system32\DRIVERS\point32k.sys
2011/07/28 07:38:39.0353 4348 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/28 07:38:39.0392 4348 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/07/28 07:38:39.0446 4348 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/28 07:38:39.0484 4348 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
2011/07/28 07:38:39.0666 4348 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/07/28 07:38:39.0932 4348 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/28 07:38:40.0010 4348 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/28 07:38:40.0098 4348 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/28 07:38:40.0173 4348 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/28 07:38:40.0210 4348 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/28 07:38:40.0246 4348 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/28 07:38:40.0284 4348 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/28 07:38:40.0321 4348 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/28 07:38:40.0348 4348 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/28 07:38:40.0392 4348 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/07/28 07:38:40.0412 4348 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/28 07:38:40.0464 4348 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/28 07:38:40.0516 4348 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/07/28 07:38:40.0579 4348 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
2011/07/28 07:38:40.0768 4348 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/07/28 07:38:40.0890 4348 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/07/28 07:38:40.0969 4348 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/28 07:38:41.0073 4348 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/28 07:38:41.0144 4348 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/28 07:38:41.0186 4348 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/28 07:38:41.0222 4348 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/07/28 07:38:41.0255 4348 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/28 07:38:41.0292 4348 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/07/28 07:38:41.0344 4348 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/28 07:38:41.0397 4348 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/28 07:38:41.0460 4348 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/28 07:38:41.0504 4348 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/07/28 07:38:41.0607 4348 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/07/28 07:38:41.0637 4348 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/07/28 07:38:41.0784 4348 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/28 07:38:41.0866 4348 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/28 07:38:41.0923 4348 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/28 07:38:42.0105 4348 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/28 07:38:42.0250 4348 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/28 07:38:42.0332 4348 SSPORT (5f77725ec309de1242d8efc8e9259a9f) C:\Windows\system32\Drivers\SSPORT.sys
2011/07/28 07:38:42.0419 4348 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/28 07:38:42.0457 4348 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/28 07:38:42.0482 4348 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/28 07:38:42.0505 4348 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/28 07:38:42.0571 4348 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/07/28 07:38:42.0680 4348 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/28 07:38:42.0779 4348 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/28 07:38:42.0855 4348 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/28 07:38:42.0895 4348 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/28 07:38:42.0979 4348 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/28 07:38:43.0099 4348 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/28 07:38:43.0188 4348 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/28 07:38:43.0226 4348 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/28 07:38:43.0257 4348 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/28 07:38:43.0308 4348 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/07/28 07:38:43.0360 4348 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/28 07:38:43.0395 4348 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/28 07:38:43.0553 4348 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/07/28 07:38:43.0613 4348 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/28 07:38:43.0715 4348 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/28 07:38:43.0860 4348 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/28 07:38:43.0926 4348 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/07/28 07:38:44.0082 4348 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/07/28 07:38:44.0116 4348 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/28 07:38:44.0208 4348 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/28 07:38:44.0299 4348 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/28 07:38:44.0337 4348 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/28 07:38:44.0373 4348 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/28 07:38:44.0396 4348 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/07/28 07:38:44.0421 4348 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/28 07:38:44.0441 4348 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/28 07:38:44.0487 4348 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/28 07:38:44.0598 4348 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/28 07:38:44.0686 4348 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/28 07:38:44.0767 4348 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/07/28 07:38:44.0858 4348 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/07/28 07:38:44.0890 4348 viaide (689547ce911998d1e0da7a5992e025fc) C:\Windows\system32\drivers\viaide.sys
2011/07/28 07:38:44.0995 4348 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/28 07:38:45.0038 4348 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/28 07:38:45.0082 4348 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/28 07:38:45.0136 4348 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/07/28 07:38:45.0180 4348 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/28 07:38:45.0272 4348 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/28 07:38:45.0289 4348 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/28 07:38:45.0331 4348 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/07/28 07:38:45.0422 4348 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/28 07:38:45.0550 4348 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/07/28 07:38:45.0687 4348 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/28 07:38:45.0843 4348 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/28 07:38:45.0905 4348 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/28 07:38:45.0961 4348 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/28 07:38:46.0027 4348 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/07/28 07:38:46.0048 4348 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk5\DR5
2011/07/28 07:38:47.0138 4348 Boot (0x1200) (6a04061c8ec01f5366cb02040c05f7ea) \Device\Harddisk0\DR0\Partition0
2011/07/28 07:38:47.0164 4348 Boot (0x1200) (a15d87cfabd39b7157518901ed4d115f) \Device\Harddisk0\DR0\Partition1
2011/07/28 07:38:47.0173 4348 Boot (0x1200) (e567add926ae0111efaa2c7d3657425c) \Device\Harddisk5\DR5\Partition0
2011/07/28 07:38:47.0177 4348 ================================================================================
2011/07/28 07:38:47.0177 4348 Scan finished
2011/07/28 07:38:47.0177 4348 ================================================================================
2011/07/28 07:38:47.0184 0820 Detected object count: 0
2011/07/28 07:38:47.0184 0820 Actual detected object count: 0
2011/07/28 07:39:49.0779 1188 Deinitialize success

c:\TDSSKiller.2.5.11.0_28.07.2011_07.43.35_log.txt

2011/07/28 07:43:35.0400 1384 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/28 07:43:35.0447 1384 ================================================================================
2011/07/28 07:43:35.0447 1384 SystemInfo:
2011/07/28 07:43:35.0447 1384
2011/07/28 07:43:35.0447 1384 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/28 07:43:35.0447 1384 Product type: Workstation
2011/07/28 07:43:35.0447 1384 ComputerName: XPS730
2011/07/28 07:43:35.0447 1384 UserName: e********
2011/07/28 07:43:35.0447 1384 Windows directory: C:\Windows
2011/07/28 07:43:35.0447 1384 System windows directory: C:\Windows
2011/07/28 07:43:35.0447 1384 Processor architecture: Intel x86
2011/07/28 07:43:35.0447 1384 Number of processors: 4
2011/07/28 07:43:35.0447 1384 Page size: 0x1000
2011/07/28 07:43:35.0447 1384 Boot type: Safe boot
2011/07/28 07:43:35.0447 1384 ================================================================================
2011/07/28 07:43:40.0236 1384 Initialize success
2011/07/28 07:43:43.0528 1420 ================================================================================
2011/07/28 07:43:43.0528 1420 Scan started
2011/07/28 07:43:43.0528 1420 Mode: Manual;
2011/07/28 07:43:43.0528 1420 ================================================================================
2011/07/28 07:43:45.0275 1420 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/28 07:43:45.0618 1420 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/07/28 07:43:45.0884 1420 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/07/28 07:43:46.0211 1420 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/07/28 07:43:46.0367 1420 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/07/28 07:43:46.0508 1420 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
2011/07/28 07:43:46.0664 1420 AFD (0ca62266b239891a7f5a6881cef9ac25) C:\Windows\system32\drivers\afd.sys
2011/07/28 07:43:46.0804 1420 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/07/28 07:43:46.0929 1420 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/28 07:43:47.0007 1420 aliide (e32a92e1574a467f7c762922f6162d76) C:\Windows\system32\drivers\aliide.sys
2011/07/28 07:43:47.0100 1420 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/07/28 07:43:47.0147 1420 amdide (b52b576cb0099a62f87214f371031561) C:\Windows\system32\drivers\amdide.sys
2011/07/28 07:43:47.0194 1420 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/07/28 07:43:47.0256 1420 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/07/28 07:43:47.0350 1420 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/07/28 07:43:47.0412 1420 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/07/28 07:43:47.0475 1420 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/28 07:43:47.0553 1420 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/28 07:43:47.0600 1420 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/28 07:43:47.0693 1420 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/28 07:43:47.0724 1420 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/28 07:43:47.0740 1420 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/28 07:43:47.0771 1420 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/28 07:43:47.0802 1420 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/28 07:43:47.0834 1420 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/28 07:43:47.0865 1420 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/28 07:43:47.0912 1420 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\Windows\system32\DRIVERS\motfilt.sys
2011/07/28 07:43:47.0958 1420 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/07/28 07:43:47.0990 1420 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/28 07:43:48.0052 1420 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/07/28 07:43:48.0099 1420 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
2011/07/28 07:43:48.0130 1420 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
2011/07/28 07:43:48.0177 1420 btwaudio (fc23e3a7ae18b02dcc1a34cbef3f80af) C:\Windows\system32\drivers\btwaudio.sys
2011/07/28 07:43:48.0192 1420 btwavdt (5e14c92763e51130bfb9a670afd7eddf) C:\Windows\system32\drivers\btwavdt.sys
2011/07/28 07:43:48.0224 1420 btwrchid (ac3fd5a3bbfa114098f75b80c4c1f3e7) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/07/28 07:43:48.0270 1420 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/28 07:43:48.0286 1420 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/28 07:43:48.0348 1420 cfwids (ecaf4a51580244fef1aa32cb984f13bf) C:\Windows\system32\drivers\cfwids.sys
2011/07/28 07:43:48.0395 1420 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/07/28 07:43:48.0442 1420 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/28 07:43:48.0489 1420 cmdide (c177dd90b5dc1dcaa96ccece752e6f0f) C:\Windows\system32\drivers\cmdide.sys
2011/07/28 07:43:48.0520 1420 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
2011/07/28 07:43:48.0536 1420 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/07/28 07:43:48.0598 1420 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/07/28 07:43:48.0645 1420 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2011/07/28 07:43:48.0692 1420 CT20XUT (51a4c2c6d3ac2c275a1b93c34d4e87c6) C:\Windows\system32\drivers\CT20XUT.SYS
2011/07/28 07:43:48.0738 1420 CT20XUT.SYS (51a4c2c6d3ac2c275a1b93c34d4e87c6) C:\Windows\System32\drivers\CT20XUT.SYS
2011/07/28 07:43:48.0801 1420 ctac32k (7ec5c5f0b0c14ec186074fd095f0f370) C:\Windows\system32\drivers\ctac32k.sys
2011/07/28 07:43:48.0832 1420 ctaud2k (8dc02de5321499e6c1fe87e43d86a73b) C:\Windows\system32\drivers\ctaud2k.sys
2011/07/28 07:43:48.0941 1420 CTEXFIFX (d4c74f7228a2162171dee3087cc22fbf) C:\Windows\system32\drivers\CTEXFIFX.SYS
2011/07/28 07:43:49.0035 1420 CTEXFIFX.SYS (d4c74f7228a2162171dee3087cc22fbf) C:\Windows\System32\drivers\CTEXFIFX.SYS
2011/07/28 07:43:49.0066 1420 CTHWIUT (1d5bf4f26b27c5eba08f4d0fe96bff12) C:\Windows\system32\drivers\CTHWIUT.SYS
2011/07/28 07:43:49.0082 1420 CTHWIUT.SYS (1d5bf4f26b27c5eba08f4d0fe96bff12) C:\Windows\System32\drivers\CTHWIUT.SYS
2011/07/28 07:43:49.0097 1420 ctprxy2k (920b45bc9191f4e880ea2b75524d96ab) C:\Windows\system32\drivers\ctprxy2k.sys
2011/07/28 07:43:49.0128 1420 ctsfm2k (eac70ef0b40df7b8178bf5e80b5f4277) C:\Windows\system32\drivers\ctsfm2k.sys
2011/07/28 07:43:49.0175 1420 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/28 07:43:49.0238 1420 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/28 07:43:49.0300 1420 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/28 07:43:49.0331 1420 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/28 07:43:49.0394 1420 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/07/28 07:43:49.0409 1420 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/28 07:43:49.0487 1420 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/28 07:43:49.0534 1420 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/07/28 07:43:49.0596 1420 emupia (8b41f776beafda612cdf8ffa997b201e) C:\Windows\system32\drivers\emupia2k.sys
2011/07/28 07:43:49.0643 1420 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/28 07:43:49.0674 1420 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/28 07:43:49.0690 1420 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/28 07:43:49.0752 1420 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/28 07:43:49.0784 1420 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/28 07:43:49.0815 1420 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/28 07:43:49.0846 1420 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/28 07:43:49.0893 1420 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/28 07:43:49.0924 1420 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/28 07:43:49.0955 1420 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/28 07:43:50.0002 1420 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/28 07:43:50.0080 1420 ha20x22k (c663d5a459ee96b51d3ff49e70abd143) C:\Windows\system32\drivers\ha20x22k.sys
2011/07/28 07:43:50.0158 1420 ha20x2k (eda33b1d4721470bb924f082cf66d06a) C:\Windows\system32\drivers\ha20x2k.sys
2011/07/28 07:43:50.0220 1420 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\drivers\hdaudbus.sys
2011/07/28 07:43:50.0252 1420 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/28 07:43:50.0283 1420 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/28 07:43:50.0314 1420 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/28 07:43:50.0361 1420 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/07/28 07:43:50.0408 1420 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/07/28 07:43:50.0439 1420 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/07/28 07:43:50.0486 1420 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/28 07:43:50.0517 1420 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/07/28 07:43:50.0595 1420 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/28 07:43:50.0642 1420 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\drivers\intelide.sys
2011/07/28 07:43:50.0673 1420 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/28 07:43:50.0720 1420 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/28 07:43:50.0766 1420 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/28 07:43:50.0813 1420 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/28 07:43:50.0876 1420 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/28 07:43:50.0907 1420 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/07/28 07:43:50.0954 1420 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/28 07:43:50.0985 1420 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/28 07:43:51.0047 1420 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/28 07:43:51.0110 1420 JRAID (bdce08e413c98720d23d0a4cd74f6e0c) C:\Windows\system32\drivers\jraid.sys
2011/07/28 07:43:51.0156 1420 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/28 07:43:51.0188 1420 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/28 07:43:51.0219 1420 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/28 07:43:51.0281 1420 libusb0 (03e12dbfacf1aeb86c553b0db488fb81) C:\Windows\system32\DRIVERS\libusb0.sys
2011/07/28 07:43:51.0312 1420 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/28 07:43:51.0359 1420 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/28 07:43:51.0390 1420 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/28 07:43:51.0406 1420 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/28 07:43:51.0453 1420 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/28 07:43:51.0562 1420 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/07/28 07:43:51.0609 1420 mfeapfk (688b626fca708ee9eb161cad1f7363a9) C:\Windows\system32\drivers\mfeapfk.sys
2011/07/28 07:43:51.0640 1420 mfeavfk (693a8d924b640223974e0a88f2baf0f4) C:\Windows\system32\drivers\mfeavfk.sys
2011/07/28 07:43:51.0671 1420 mfebopk (52c40d19873528bd15823c969d3ad227) C:\Windows\system32\drivers\mfebopk.sys
2011/07/28 07:43:51.0718 1420 mfefirek (e37b98d49df546f4059483d49e349a53) C:\Windows\system32\drivers\mfefirek.sys
2011/07/28 07:43:51.0749 1420 mfehidk (44184f32392fa2e94d08d056ce750d56) C:\Windows\system32\drivers\mfehidk.sys
2011/07/28 07:43:51.0780 1420 mfenlfk (aedda57376e051e8e152b72d2df5387c) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/07/28 07:43:51.0827 1420 mferkdet (5f5313bfd1e73233885a26ab77488f6f) C:\Windows\system32\drivers\mferkdet.sys
2011/07/28 07:43:51.0858 1420 mfewfpk (547c95b8a73fd111b0d7af7c0f6736a3) C:\Windows\system32\drivers\mfewfpk.sys
2011/07/28 07:43:51.0890 1420 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/28 07:43:51.0921 1420 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/28 07:43:51.0983 1420 motccgp (c741717b0a18813dd7d12085937cee72) C:\Windows\system32\DRIVERS\motccgp.sys
2011/07/28 07:43:51.0999 1420 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS\motccgpfl.sys
2011/07/28 07:43:52.0014 1420 motmodem (54fee02961c70fd9d4d7e2f87afa23fa) C:\Windows\system32\DRIVERS\motmodem.sys
2011/07/28 07:43:52.0092 1420 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\Windows\system32\DRIVERS\motswch.sys
2011/07/28 07:43:52.0108 1420 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\Windows\system32\DRIVERS\Motousbnet.sys
2011/07/28 07:43:52.0170 1420 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\Windows\system32\DRIVERS\motusbdevice.sys
2011/07/28 07:43:52.0217 1420 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/28 07:43:52.0233 1420 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/28 07:43:52.0280 1420 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/28 07:43:52.0342 1420 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/07/28 07:43:52.0373 1420 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/28 07:43:52.0404 1420 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/28 07:43:52.0436 1420 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/28 07:43:52.0482 1420 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/28 07:43:52.0498 1420 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/28 07:43:52.0514 1420 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/28 07:43:52.0545 1420 msahci (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
2011/07/28 07:43:52.0623 1420 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/07/28 07:43:52.0685 1420 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/28 07:43:52.0716 1420 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/28 07:43:52.0763 1420 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/28 07:43:52.0810 1420 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/28 07:43:52.0841 1420 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/28 07:43:52.0872 1420 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/28 07:43:52.0888 1420 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/28 07:43:52.0904 1420 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/28 07:43:52.0935 1420 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/28 07:43:52.0982 1420 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/28 07:43:53.0060 1420 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/28 07:43:53.0138 1420 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/28 07:43:53.0216 1420 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/28 07:43:53.0294 1420 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/28 07:43:53.0403 1420 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/28 07:43:53.0496 1420 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/28 07:43:53.0606 1420 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/28 07:43:53.0730 1420 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/28 07:43:53.0808 1420 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/28 07:43:53.0886 1420 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/28 07:43:54.0042 1420 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/28 07:43:54.0261 1420 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/28 07:43:54.0323 1420 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/28 07:43:54.0464 1420 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/07/28 07:43:54.0682 1420 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/28 07:43:54.0854 1420 NVR0Dev (12a39692a2a736b021cc551ccf2abcd0) C:\Windows\nvoclock.sys
2011/07/28 07:43:54.0900 1420 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/07/28 07:43:54.0916 1420 nvrd32 (1458e0a12038cb594c56c000282c590f) C:\Windows\system32\drivers\nvrd32.sys
2011/07/28 07:43:54.0963 1420 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/07/28 07:43:54.0963 1420 nvstor32 (14b01fa9cdeecfe4aa95bf88702ba6cc) C:\Windows\system32\drivers\nvstor32.sys
2011/07/28 07:43:55.0010 1420 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/07/28 07:43:55.0088 1420 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/28 07:43:55.0119 1420 ossrv (ea7563de822696f1b9be9e589d33fa96) C:\Windows\system32\drivers\ctoss2k.sys
2011/07/28 07:43:55.0166 1420 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/28 07:43:55.0212 1420 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/28 07:43:55.0228 1420 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/28 07:43:55.0306 1420 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms
2011/07/28 07:43:55.0478 1420 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/28 07:43:55.0509 1420 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/07/28 07:43:55.0540 1420 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/28 07:43:55.0602 1420 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/28 07:43:55.0680 1420 pmxmouse (fab495f1defeb596c44b9752a25e2a60) C:\Windows\system32\DRIVERS\pmxmouse.sys
2011/07/28 07:43:55.0727 1420 pmxusblf (020eae9dfe3cd277994ce60e4c2c71cf) C:\Windows\system32\DRIVERS\pmxusblf.sys
2011/07/28 07:43:55.0774 1420 Point32 (858d5d8dbe432b358ca2f9d534169ca1) C:\Windows\system32\DRIVERS\point32k.sys
2011/07/28 07:43:55.0805 1420 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/28 07:43:55.0852 1420 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/07/28 07:43:55.0899 1420 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/28 07:43:55.0946 1420 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
2011/07/28 07:43:56.0008 1420 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/07/28 07:43:56.0055 1420 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/28 07:43:56.0102 1420 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/28 07:43:56.0180 1420 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/28 07:43:56.0258 1420 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/28 07:43:56.0304 1420 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/28 07:43:56.0336 1420 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/28 07:43:56.0382 1420 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/28 07:43:56.0398 1420 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/28 07:43:56.0445 1420 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/28 07:43:56.0492 1420 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/07/28 07:43:56.0507 1420 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/28 07:43:56.0570 1420 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/28 07:43:56.0663 1420 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/07/28 07:43:56.0710 1420 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
2011/07/28 07:43:56.0726 1420 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/07/28 07:43:56.0741 1420 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/07/28 07:43:56.0835 1420 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/28 07:43:56.0882 1420 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/28 07:43:56.0913 1420 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/28 07:43:56.0960 1420 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/28 07:43:56.0991 1420 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/07/28 07:43:57.0038 1420 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/28 07:43:57.0069 1420 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/07/28 07:43:57.0100 1420 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/28 07:43:57.0116 1420 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/28 07:43:57.0131 1420 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/28 07:43:57.0194 1420 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/07/28 07:43:57.0209 1420 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/07/28 07:43:57.0225 1420 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/07/28 07:43:57.0272 1420 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/28 07:43:57.0318 1420 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/28 07:43:57.0365 1420 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/28 07:43:57.0412 1420 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/28 07:43:57.0428 1420 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/28 07:43:57.0459 1420 SSPORT (5f77725ec309de1242d8efc8e9259a9f) C:\Windows\system32\Drivers\SSPORT.sys
2011/07/28 07:43:57.0506 1420 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/28 07:43:57.0537 1420 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/28 07:43:57.0599 1420 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/28 07:43:57.0615 1420 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/28 07:43:57.0693 1420 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/07/28 07:43:57.0740 1420 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/28 07:43:57.0786 1420 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/28 07:43:57.0802 1420 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/28 07:43:57.0849 1420 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/28 07:43:57.0896 1420 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/28 07:43:57.0927 1420 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/28 07:43:57.0974 1420 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/28 07:43:58.0005 1420 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/28 07:43:58.0036 1420 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/28 07:43:58.0067 1420 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/07/28 07:43:58.0114 1420 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/28 07:43:58.0161 1420 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/28 07:43:58.0176 1420 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/07/28 07:43:58.0208 1420 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/28 07:43:58.0239 1420 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/28 07:43:58.0270 1420 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/28 07:43:58.0332 1420 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/07/28 07:43:58.0379 1420 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/07/28 07:43:58.0410 1420 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/28 07:43:58.0457 1420 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/28 07:43:58.0520 1420 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/28 07:43:58.0551 1420 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/28 07:43:58.0582 1420 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/28 07:43:58.0613 1420 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/07/28 07:43:58.0629 1420 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/28 07:43:58.0644 1420 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/28 07:43:58.0707 1420 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/28 07:43:58.0754 1420 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/28 07:43:58.0785 1420 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/28 07:43:58.0816 1420 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/07/28 07:43:58.0847 1420 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/07/28 07:43:58.0956 1420 viaide (689547ce911998d1e0da7a5992e025fc) C:\Windows\system32\drivers\viaide.sys
2011/07/28 07:43:58.0988 1420 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/28 07:43:59.0019 1420 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/28 07:43:59.0066 1420 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/28 07:43:59.0112 1420 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/07/28 07:43:59.0159 1420 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/28 07:43:59.0190 1420 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/28 07:43:59.0206 1420 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/28 07:43:59.0253 1420 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/07/28 07:43:59.0284 1420 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/28 07:43:59.0393 1420 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/07/28 07:43:59.0440 1420 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/28 07:43:59.0534 1420 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/28 07:43:59.0580 1420 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/28 07:43:59.0643 1420 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/28 07:43:59.0752 1420 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/07/28 07:43:59.0768 1420 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
2011/07/28 07:44:00.0844 1420 Boot (0x1200) (6a04061c8ec01f5366cb02040c05f7ea) \Device\Harddisk0\DR0\Partition0
2011/07/28 07:44:00.0860 1420 Boot (0x1200) (a15d87cfabd39b7157518901ed4d115f) \Device\Harddisk0\DR0\Partition1
2011/07/28 07:44:00.0875 1420 Boot (0x1200) (e567add926ae0111efaa2c7d3657425c) \Device\Harddisk1\DR1\Partition0
2011/07/28 07:44:00.0891 1420 ================================================================================
2011/07/28 07:44:00.0891 1420 Scan finished
2011/07/28 07:44:00.0891 1420 ================================================================================
2011/07/28 07:44:00.0906 1412 Detected object count: 0
2011/07/28 07:44:00.0906 1412 Actual detected object count: 0
2011/07/28 07:44:04.0198 1380 Deinitialize success

c:\TDSSKiller.2.5.4.0_28.07.2011_07.36.04_log.txt

2011/07/28 07:36:04.0764 4820 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/07/28 07:36:10.0127 4820 Perform update action was selected
2011/07/28 07:36:10.0129 5148 Deinitialize success

c:\TDSSKiller.2.5.4.0_28.07.2011_07.36.33_log.txt

2011/07/28 07:36:33.0379 1504 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/07/28 07:36:35.0380 1504 ================================================================================
2011/07/28 07:36:35.0380 1504 SystemInfo:
2011/07/28 07:36:35.0380 1504
2011/07/28 07:36:35.0381 1504 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/28 07:36:35.0381 1504 Product type: Workstation
2011/07/28 07:36:35.0381 1504 ComputerName: XPS730
2011/07/28 07:36:35.0381 1504 UserName: e********
2011/07/28 07:36:35.0381 1504 Windows directory: C:\Windows
2011/07/28 07:36:35.0381 1504 System windows directory: C:\Windows
2011/07/28 07:36:35.0381 1504 Processor architecture: Intel x86
2011/07/28 07:36:35.0381 1504 Number of processors: 4
2011/07/28 07:36:35.0381 1504 Page size: 0x1000
2011/07/28 07:36:35.0381 1504 Boot type: Normal boot
2011/07/28 07:36:35.0381 1504 ================================================================================
2011/07/28 07:36:36.0586 1504 Initialize success
2011/07/28 07:36:56.0556 4556 Deinitialize success

c:\TDSSKiller.2.5.4.0_28.07.2011_07.37.00_log.txt

2011/07/28 07:37:00.0013 5284 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/07/28 07:37:02.0015 5284 ================================================================================
2011/07/28 07:37:02.0015 5284 SystemInfo:
2011/07/28 07:37:02.0015 5284
2011/07/28 07:37:02.0015 5284 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/28 07:37:02.0016 5284 Product type: Workstation
2011/07/28 07:37:02.0016 5284 ComputerName: XPS730
2011/07/28 07:37:02.0016 5284 UserName: e********
2011/07/28 07:37:02.0016 5284 Windows directory: C:\Windows
2011/07/28 07:37:02.0016 5284 System windows directory: C:\Windows
2011/07/28 07:37:02.0016 5284 Processor architecture: Intel x86
2011/07/28 07:37:02.0016 5284 Number of processors: 4
2011/07/28 07:37:02.0016 5284 Page size: 0x1000
2011/07/28 07:37:02.0016 5284 Boot type: Normal boot
2011/07/28 07:37:02.0016 5284 ================================================================================
2011/07/28 07:37:03.0068 5284 Initialize success
2011/07/28 07:37:38.0635 2412 Deinitialize success

========= End of CMD: =========

==== End of Fixlog ====

Search.txt

Farbars Recovery Scan Tool 2.0.3
Ran by SYSTEM at 2011-08-08 15:24:03
Running from F:\

================== Search: afd.sys;explorer.exe ===================

C:\afd.sys
[2011-08-08 11:18] - [2011-04-21 05:58] - 0273408 ____A (Microsoft Corporation) 3911B972B55FEA0478476B2E777B29FA

C:\Windows\explorer.exe
[2009-08-04 11:29] - [2009-04-10 22:27] - 2926592 ____A (Microsoft Corporation) D07D4C3038F3578FFCE1C0237F2A1253

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2011-06-14 17:11] - [2011-04-21 05:28] - 0273920 ____A (Microsoft Corporation) 70EE0FC7A0F384DBD929A01384AEEB4B

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011-06-14 17:11] - [2011-04-21 05:58] - 0273408 ____A () 0CA62266B239891A7F5A6881CEF9AC25

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2009-08-04 11:28] - [2009-04-10 20:47] - 0273920 ____A (Microsoft Corporation) A201207363AA900ABF1A388468688570

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys
[2011-06-14 17:11] - [2011-04-21 05:12] - 0273920 ____A (Microsoft Corporation) C8AF25017CECB75906A571AC70D2D306

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011-06-14 17:11] - [2011-04-21 05:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2008-09-20 10:27] - [2008-01-18 21:57] - 0273920 ____A (Microsoft Corporation) 763E172A55177E478CB419F88FD0BA03

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6000.16386_none_d5b1809661820e7c\afd.sys
[2006-11-02 00:58] - [2006-11-02 00:58] - 0270336 ____A (Microsoft Corporation) 5D24CAF8EFD924A875698FF28384DB8B

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009-08-04 11:29] - [2009-04-10 22:27] - 2926592 ____A (Microsoft Corporation) D07D4C3038F3578FFCE1C0237F2A1253

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008-12-09 12:01] - [2008-10-29 19:59] - 2927616 ____A (Microsoft Corporation) 50BA5850147410CDE89C523AD3BC606E

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008-12-09 12:01] - [2008-10-28 22:29] - 2927104 ____A (Microsoft Corporation) 4F554999D7D5F05DAAEBBA7B5BA1089D

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[2008-09-20 10:28] - [2008-01-18 23:33] - 2927104 ____A (Microsoft Corporation) FFA764631CB70A30065C12EF8E174F9F

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008-12-09 12:01] - [2008-10-27 18:15] - 2923520 ____A (Microsoft Corporation) E7156B0B74762D9DE0E66BDCDE06E5FB

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008-09-12 19:06] - [2008-09-12 19:06] - 2923520 ____A (Microsoft Corporation) BD06F0BF753BC704B653C3A50F89D362

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008-12-09 12:01] - [2008-10-28 22:20] - 2923520 ____A (Microsoft Corporation) 37440D09DEAE0B672A04DCCF7ABF06BE

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008-09-12 19:06] - [2008-09-12 19:06] - 2923520 ____A (Microsoft Corporation) 6D06CD98D954FE87FB2DB8108793B399

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2006-11-02 00:47] - [2006-11-02 01:45] - 2923520 ____A (Microsoft Corporation) FD8C53FB002217F6F888BCF6F5D7084D

C:\Windows\System32\drivers\afd.sys
[2011-06-14 17:11] - [2011-04-21 05:58] - 0273408 ____A () 0CA62266B239891A7F5A6881CEF9AC25

================== End Of Search =================

#11 Farbar

Just Curious

Group: Malware Response Instructor
Posts: 17,817
Joined: 08-December 07
Gender:Male
Location:The Netherlands

Posted 08 August 2011 - 03:11 PM

We are going to replace the file which is patched by the infection. Note that at one point you may loose internet if the malware is not active but we repair it. If it happened please tell me about it.

Also there are locked files that we need to unlock in order to be able to run. some of them belong to McAfee.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt
```
Replace: c:\afd.sys C:\Windows\System32\drivers\afd.sys
```
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
Please run DDS and post a fresh DDS.txt log.
Please download OTL by OldTimer.
- Save it to your desktop.
- Double click on the OTL icon on your desktop.
- Click the "Scan All Users" checkbox.
- Under Output select "Standard Output" checkbox.
- Set Standard Registry to All.
- Click Run Scan button.
- Two reports will open, copy and paste them to your reply:
  - OTL.txt <-- Will be opened
  - Extra.txt <-- Will be minimized

#12 SwordSlayer954

Member

Group: Members
Posts: 15
Joined: 08-June 11

Posted 08 August 2011 - 04:00 PM

Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.2.1)
Ran by SYSTEM at 2011-08-08 16:42:43 R:2
Running from F:\

==============================================

C:\Windows\System32\drivers\afd.sys moved successfully.
c:\afd.sys copied successfully to C:\Windows\System32\drivers\afd.sys

==== End of Fixlog ====

OTL.txt

OTL logfile created on: 8/8/2011 4:51:49 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\e*******n\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 49.86% Memory free
5.20 Gb Paging File | 3.87 Gb Available in Paging File | 74.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 688.58 Gb Total Space | 506.47 Gb Free Space | 73.55% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.15 Gb Free Space | 41.49% Space Free | Partition Type: NTFS
Drive K: | 982.72 Mb Total Space | 73.91 Mb Free Space | 7.52% Space Free | Partition Type: FAT
Drive Z: | 1035.42 Gb Total Space | 344.43 Gb Free Space | 33.26% Space Free | Partition Type: NTFS

Computer Name: XPS730 | User Name: e*******n | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/08 16:50:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\e*******n\Desktop\OTL.exe
PRC - [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/23 01:41:08 | 001,306,728 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/06/17 10:33:02 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/05/27 14:52:42 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2011/04/14 08:22:08 | 012,036,968 | ---- | M] (GARMIN Corp.) -- C:\Program Files\Garmin\ANT Agent\ANT Agent.exe
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/27 15:59:08 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/06/03 12:19:38 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
PRC - [2009/06/03 12:14:24 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/08/13 15:34:08 | 001,891,416 | ---- | M] (GARMIN Corp.) -- C:\Program Files\Garmin\gStart.exe
PRC - [2008/02/04 12:23:48 | 000,155,648 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2008/01/03 17:57:52 | 000,184,864 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe
PRC - [2007/05/23 21:02:36 | 000,139,264 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\pmxmiced.exe
PRC - [2007/04/17 16:22:22 | 000,184,320 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2007/02/13 12:43:38 | 000,715,568 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/13 12:43:36 | 001,600,304 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/11/08 16:01:54 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\ico.exe

========== Modules (SafeList) ==========

MOD - [2011/08/08 16:50:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\e*******n\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2007/02/13 12:43:04 | 000,208,896 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\BtMmHook.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/07/29 09:47:08 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2011/06/23 15:22:58 | 000,361,712 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/06/17 10:33:02 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/08/27 15:59:08 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/28 16:43:01 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/09/12 15:59:14 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe -- (Creative ALchemy AL1 Licensing Service)
SRV - [2008/02/04 12:23:48 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)

========== Driver Services (SafeList) ==========

DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,337,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/03/13 11:20:10 | 000,179,248 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/03/13 11:20:10 | 000,163,400 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/03/13 11:20:10 | 000,085,984 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/03/13 11:20:10 | 000,064,648 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/03/13 11:20:10 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/04/03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 19:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/07/07 09:53:04 | 000,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/06/19 16:59:34 | 000,019,712 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2009/06/03 14:27:56 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/03 14:27:44 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/03 14:27:34 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/03 14:27:26 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/03 14:27:20 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/03 14:27:00 | 000,527,512 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/03 14:26:50 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/03 14:26:40 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/03 14:26:40 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/03 14:26:26 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/03 14:26:26 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/03 14:26:16 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/03 14:26:16 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009/05/08 21:14:21 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/02/19 10:54:48 | 001,222,680 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ha20x22k.sys -- (ha20x22k)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/03/13 09:44:02 | 000,134,688 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/03/13 09:44:02 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/03/13 09:42:18 | 000,072,704 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/02/04 12:26:46 | 000,029,824 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclock.sys -- (NVR0Dev)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/06/01 14:41:00 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2007/05/24 17:44:00 | 000,019,008 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2006/11/22 02:02:22 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ssport.sys -- (SSPORT)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080913
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080913

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080913
IE - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080913
IE - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50485

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.91
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {9B6BBDB4-812A-4B3E-A926-C4BB02D720C5}:1.9.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50485

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\e*******n\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\e*******n\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/02 19:24:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9B6BBDB4-812A-4B3E-A926-C4BB02D720C5}: C:\Users\e*******n\AppData\Local\{9B6BBDB4-812A-4B3E-A926-C4BB02D720C5} [2011/04/05 16:52:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/07/29 16:06:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/28 11:07:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/28 08:47:03 | 000,000,000 | ---D | M]

[2010/08/20 13:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e*******n\AppData\Roaming\Mozilla\Extensions
[2008/09/20 13:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e*******n\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/08/20 13:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e*******n\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/08/08 15:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e*******n\AppData\Roaming\Mozilla\Firefox\Profiles\001s5co7.default\extensions
[2011/01/12 17:10:04 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\e*******n\AppData\Roaming\Mozilla\Firefox\Profiles\001s5co7.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/05/01 09:09:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\e*******n\AppData\Roaming\Mozilla\Firefox\Profiles\001s5co7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/26 10:33:56 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\e*******n\AppData\Roaming\Mozilla\Firefox\Profiles\001s5co7.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/07/28 11:49:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/28 08:47:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/10/07 15:19:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2008/10/24 19:03:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2010/09/14 14:55:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/07/28 11:49:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/04/05 16:52:22 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\e*******n\APPDATA\LOCAL\{9B6BBDB4-812A-4B3E-A926-C4BB02D720C5}
() (No name found) -- C:\USERS\e*******n\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\001S5CO7.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011/07/08 03:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/07/07 17:20:42 | 000,061,440 | ---- | M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll
[2009/07/07 17:20:42 | 000,065,536 | ---- | M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll
[2006/10/26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2011/05/27 09:01:42 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010/12/14 18:35:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2010/12/14 18:35:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2010/12/14 18:35:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2010/12/14 18:35:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2010/12/14 18:35:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2010/12/14 18:35:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2010/12/14 18:35:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/06/22 11:10:58 | 000,677,152 | ---- | M] (Medical Informatics Engineering, Inc.) -- C:\Program Files\mozilla firefox\plugins\npzzatif.dll
[2010/01/01 04:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2010/01/01 04:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2010/01/01 04:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110729175515.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Bluetooth HCI Monitor] C:\Windows\System32\HCIMNTR.DLL (Logitech Inc.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PMX Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe ()
O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\System32\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\System32\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000..\Run: [ctfmon.exe] C:\Windows\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000..\Run: [Google Update] C:\Users\e*******n\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000..\Run: [gStart] C:\Program Files\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\e*******n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000\..Trusted Domains: gotvmail.net ([confluence] http in Trusted sites)
O15 - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.2.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = o********m.com
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\e*******n\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\e*******n\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{21ee790f-db8d-11df-b4bf-001e4ccc9f12}\Shell - "" = AutoRun
O33 - MountPoints2\{21ee790f-db8d-11df-b4bf-001e4ccc9f12}\Shell\AutoRun\command - "" = K:\setup.exe -a
O33 - MountPoints2\{ecbc0846-e8d6-11de-901c-001e4ccc9f12}\Shell\AutoRun\command - "" = L:\MI.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3846136161-3858483316-3222689210-1000\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/08 17:48:05 | 000,000,000 | ---D | C] -- C:\FRST
[2011/08/08 16:50:41 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\e*******n\Desktop\OTL.exe
[2011/08/08 16:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/08/08 15:18:45 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\afd.sys
[2011/08/08 09:20:11 | 000,000,000 | ---D | C] -- C:\Users\e*******n\Desktop\DDS2
[2011/08/08 09:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/08/08 08:53:11 | 000,000,000 | ---D | C] -- C:\Users\e*******n\Desktop\Virus Stuff
[2011/07/29 09:52:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/07/29 09:49:12 | 000,100,736 | ---- | C] (GMER) -- C:\fxldipod.sys
[2011/07/28 12:39:55 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2011/07/28 12:39:39 | 000,337,912 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2011/07/28 12:39:39 | 000,179,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2011/07/28 12:39:39 | 000,163,400 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2011/07/28 12:39:39 | 000,085,984 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2011/07/28 12:39:39 | 000,064,648 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2011/07/28 12:39:39 | 000,059,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2011/07/28 12:39:39 | 000,057,432 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2011/07/28 12:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/07/28 12:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2011/07/28 12:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/07/28 12:22:34 | 000,148,520 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2011/07/28 12:03:59 | 000,000,000 | ---D | C] -- C:\mfe
[2011/07/28 12:03:29 | 000,143,360 | ---- | C] (McAfee, Inc.) -- C:\Users\e*******n\Desktop\McPreInstall.exe
[2011/07/28 11:49:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/07/28 11:49:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/07/28 11:49:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/07/28 11:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/07/28 11:02:57 | 004,188,120 | ---- | C] (McAfee, Inc.) -- C:\Users\e*******n\Desktop\McAfeeSetup.exe
[2011/07/28 09:46:16 | 000,000,000 | ---D | C] -- C:\Users\e*******n\AppData\Roaming\McAfee
[2011/07/28 08:16:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/07/28 08:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/28 08:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2011/07/28 08:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/07/28 08:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2011/07/28 08:13:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/07/28 08:13:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/07/28 08:12:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/28 08:12:55 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/07/28 08:12:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/28 08:12:28 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/07/28 08:12:09 | 000,821,832 | ---- | C] (BillP Studios) -- C:\Users\e*******n\Desktop\wpsetup.exe
[2011/07/28 08:11:49 | 004,155,871 | R--- | C] (Swearware) -- C:\Users\e*******n\Desktop\ComboFix.exe
[2011/07/28 07:16:34 | 000,000,000 | ---D | C] -- C:\Users\e*******n\AppData\Roaming\Malwarebytes
[2011/07/28 07:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/28 07:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/26 12:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/07/25 08:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/07/25 08:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/25 08:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/24 12:16:27 | 000,000,000 | ---D | C] -- C:\Users\e*******n\FrostWire
[2011/07/24 12:16:04 | 000,000,000 | ---D | C] -- C:\Users\e*******n\.frostwire5
[2011/07/24 12:15:19 | 000,000,000 | ---D | C] -- C:\Users\e*******n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
[2011/07/24 12:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire 5
[2011/07/24 08:24:42 | 000,000,000 | ---D | C] -- C:\Users\e*******n\Desktop\McAfee VR Tools
[2011/07/14 10:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/07/12 23:26:42 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/07/12 23:26:38 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/07/12 23:26:38 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/07/12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[2009/06/03 12:21:54 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2009/06/03 11:56:56 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe
[10 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/08 16:55:22 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3846136161-3858483316-3222689210-1000UA.job
[2011/08/08 16:55:22 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3846136161-3858483316-3222689210-1000Core.job
[2011/08/08 16:54:59 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/08/08 16:54:47 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/08 16:54:47 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/08 16:50:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\e*******n\Desktop\OTL.exe
[2011/08/08 16:50:02 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/08/08 16:48:30 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/08 16:48:30 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/08/08 16:48:09 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/08 16:48:09 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/08 16:48:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/08 15:20:12 | 000,054,472 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000006-00000000-0000000A-00001102-00000005-60021102}.rfx
[2011/08/08 15:20:12 | 000,054,472 | ---- | M] () -- C:\Windows\System32\BMXState-{00000006-00000000-0000000A-00001102-00000005-60021102}.rfx
[2011/08/08 15:20:12 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000006-00000000-0000000A-00001102-00000005-60021102}.rfx
[2011/08/08 15:19:51 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/08/08 15:17:32 | 000,000,087 | ---- | M] () -- C:\Users\e*******n\Desktop\copyfile.bat
[2011/08/08 15:12:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/08 15:12:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/08/08 15:11:54 | 000,000,400 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{031A36D6-1689-49BC-B466-6626C95F493F}.job
[2011/08/08 09:02:19 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/08/08 09:02:19 | 000,001,949 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/07/29 16:08:37 | 000,037,888 | ---- | M] () -- C:\Users\e*******n\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/29 09:52:25 | 222,400,032 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/29 09:49:24 | 000,100,736 | ---- | M] (GMER) -- C:\fxldipod.sys
[2011/07/28 11:08:39 | 000,000,804 | ---- | M] () -- C:\Windows\tasks\McAfee Cleanup.job
[2011/07/28 11:03:12 | 004,188,120 | ---- | M] (McAfee, Inc.) -- C:\Users\e*******n\Desktop\McAfeeSetup.exe
[2011/07/28 09:53:00 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk
[2011/07/28 08:47:06 | 000,000,872 | ---- | M] () -- C:\Users\e*******n\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/28 08:47:06 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/28 07:55:02 | 000,821,832 | ---- | M] (BillP Studios) -- C:\Users\e*******n\Desktop\wpsetup.exe
[2011/07/28 07:51:32 | 004,155,871 | R--- | M] (Swearware) -- C:\Users\e*******n\Desktop\ComboFix.exe
[2011/07/27 10:40:21 | 000,001,746 | ---- | M] () -- C:\Users\e*******n\Desktop\Trillian.lnk
[2011/07/25 08:38:03 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/24 12:15:19 | 000,001,060 | ---- | M] () -- C:\Users\e*******n\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.0.8.lnk
[2011/07/24 12:15:19 | 000,001,036 | ---- | M] () -- C:\Users\e*******n\Desktop\FrostWire 5.0.8.lnk
[2011/07/24 08:06:58 | 000,000,865 | ---- | M] () -- C:\Users\e*******n\Desktop\Glary Utilities.lnk
[2011/07/22 11:09:48 | 000,333,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/22 10:59:34 | 000,000,206 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011/07/22 09:38:55 | 000,019,312 | ---- | M] () -- C:\Users\e*******n\AppData\Roaming\BB8C.798
[2011/07/14 19:55:37 | 000,002,064 | ---- | M] () -- C:\Users\e*******n\Desktop\Google Chrome.lnk
[2011/07/14 19:55:37 | 000,002,026 | ---- | M] () -- C:\Users\e*******n\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/14 10:05:26 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/07/12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[10 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/08 15:17:31 | 000,000,087 | ---- | C] () -- C:\Users\e*******n\Desktop\copyfile.bat
[2011/08/08 09:00:02 | 000,000,400 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{031A36D6-1689-49BC-B466-6626C95F493F}.job
[2011/07/29 09:52:25 | 222,400,032 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/07/28 13:14:26 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/07/28 11:05:41 | 000,000,804 | ---- | C] () -- C:\Windows\tasks\McAfee Cleanup.job
[2011/07/28 11:04:41 | 001,373,616 | ---- | C] () -- C:\Users\e*******n\Desktop\MCPR.exe
[2011/07/28 09:46:16 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk
[2011/07/28 09:46:08 | 000,001,941 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/07/28 08:47:06 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/28 08:13:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/07/28 08:13:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/07/28 08:13:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/07/28 08:13:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/07/28 08:13:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/25 08:38:03 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/24 12:15:19 | 000,001,060 | ---- | C] () -- C:\Users\e*******n\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.0.8.lnk
[2011/07/24 12:15:19 | 000,001,036 | ---- | C] () -- C:\Users\e*******n\Desktop\FrostWire 5.0.8.lnk
[2011/07/22 10:59:34 | 000,000,206 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/07/14 10:05:26 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/07/14 10:02:46 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/14 10:02:45 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/11 13:09:45 | 000,019,312 | ---- | C] () -- C:\Users\e*******n\AppData\Roaming\BB8C.798
[2011/04/05 19:02:40 | 000,000,000 | ---- | C] () -- C:\Users\e*******n\AppData\Local\Jzuramiku.bin
[2011/04/05 16:52:24 | 000,000,120 | ---- | C] () -- C:\Users\e*******n\AppData\Local\Vhurihe.dat
[2010/09/02 11:11:25 | 000,037,853 | ---- | C] () -- C:\Users\e*******n\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/05/18 16:07:38 | 003,856,932 | ---- | C] () -- C:\ProgramData\SamPCFax00001F740000
[2010/03/31 10:40:45 | 003,856,932 | ---- | C] () -- C:\ProgramData\SamPCFax000001400000
[2010/02/15 13:41:21 | 088,709,348 | ---- | C] () -- C:\ProgramData\SamPCFax000012CC0000
[2010/01/30 17:55:34 | 003,856,932 | ---- | C] () -- C:\ProgramData\SamPCFax00002B9C0000
[2009/12/14 11:13:58 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/09/08 19:44:53 | 000,001,356 | ---- | C] () -- C:\Users\e*******n\AppData\Local\d3d9caps.dat
[2009/08/04 15:29:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/04 15:29:30 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/04 15:28:41 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/03 13:00:30 | 000,026,928 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009/06/03 13:00:28 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/06/03 12:19:42 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009/06/03 12:19:42 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2009/06/03 12:00:34 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2009/06/03 11:57:12 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2009/05/26 10:56:08 | 000,000,297 | ---- | C] () -- C:\Windows\System32\kill.ini
[2009/05/16 10:56:19 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/02/24 09:44:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/12 14:55:22 | 000,037,888 | ---- | C] () -- C:\Users\e*******n\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/24 18:40:59 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/10/06 16:58:15 | 000,007,158 | ---- | C] () -- C:\Users\e*******n\AppData\Roaming\DellFaxOptions.xml
[2008/10/06 16:57:57 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll
[2008/10/06 16:57:57 | 000,094,208 | ---- | C] () -- C:\Windows\System32\DellFaxPort_x86.dll
[2008/10/06 16:54:30 | 000,091,016 | R--- | C] () -- C:\Windows\wiainst.exe
[2008/10/06 16:53:54 | 000,217,088 | R--- | C] () -- C:\Windows\System32\ssminidriver.dll
[2008/10/06 16:53:54 | 000,027,136 | R--- | C] () -- C:\Windows\System32\ssimgfilter.dll
[2008/10/06 16:53:54 | 000,011,264 | R--- | C] () -- C:\Windows\System32\sssegfilter.dll
[2008/10/06 16:53:54 | 000,010,752 | R--- | C] () -- C:\Windows\System32\sserrhandler.dll
[2008/10/06 16:50:33 | 000,026,624 | ---- | C] () -- C:\Windows\System32\DELG1L3.DLL
[2008/09/20 14:23:16 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/09/12 23:23:45 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/09/12 15:57:09 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2008/09/12 15:57:09 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2008/09/12 15:54:38 | 000,003,972 | R--- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2008/09/12 15:48:40 | 000,303,104 | ---- | C] () -- C:\Windows\System32\FontZoom.exe
[2008/09/12 15:48:40 | 000,131,062 | ---- | C] () -- C:\Windows\System32\DellPM.ini
[2008/09/12 15:33:48 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/08/05 02:07:20 | 000,065,216 | ---- | C] () -- C:\Windows\System32\PDFreDirectMonNT.dll
[2008/02/21 05:04:18 | 000,321,512 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2008/02/21 05:04:18 | 000,056,509 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2007/02/13 12:14:18 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/09 16:01:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 08:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:46:27 | 000,333,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,607,168 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,808 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

< End of report >

Extras.txt

OTL Extras logfile created on: 8/8/2011 4:51:50 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\e********\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 49.86% Memory free
5.20 Gb Paging File | 3.87 Gb Available in Paging File | 74.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 688.58 Gb Total Space | 506.47 Gb Free Space | 73.55% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.15 Gb Free Space | 41.49% Space Free | Partition Type: NTFS
Drive K: | 982.72 Mb Total Space | 73.91 Mb Free Space | 7.52% Space Free | Partition Type: FAT
Drive Z: | 1035.42 Gb Total Space | 344.43 Gb Free Space | 33.26% Space Free | Partition Type: NTFS

Computer Name: XPS730 | User Name: e******** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3846136161-3858483316-3222689210-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03144121-F55E-4AE4-9392-30709D46A5D3}" = lport=138 | protocol=17 | dir=in | app=system |
"{1370622F-6F64-43C4-B03F-02CD31CBC41F}" = lport=445 | protocol=6 | dir=in | app=system |
"{41D7828E-18D5-4BA3-8261-8335988EBE9A}" = rport=138 | protocol=17 | dir=out | app=system |
"{6E56C3DA-54BB-40A2-91B7-1D3CC6370C39}" = rport=137 | protocol=17 | dir=out | app=system |
"{7BA32867-A810-46AD-9DBA-F2013ED98480}" = rport=139 | protocol=6 | dir=out | app=system |
"{A2D0EBA1-1267-46C1-9941-161E9F9C562B}" = lport=137 | protocol=17 | dir=in | app=system |
"{B6DF61FC-E139-48D5-99B4-8B49BB58B83D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BB14BE7A-44AA-4C0E-82DD-B9389E09171B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C0A27B51-AB55-433F-8230-69413BC68D88}" = rport=445 | protocol=6 | dir=out | app=system |
"{D0CD61D7-CBFA-425D-BD45-FEE6C82920F0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D6429A1A-EB14-4FD9-86A6-5750970FFA4F}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{068E394C-2DA7-4AC3-B2E2-B96EEFDC3CBA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0EC90B05-2E31-414F-A59D-1F81E0310C47}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{1178CDC1-CC11-460B-ABC9-DE6DA986F4E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{203CB48D-8B09-4D6B-B512-12093FE0F593}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{237AF1BF-C327-4ED2-B408-1F22DE2D25DF}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{2A5A870B-345D-422C-8053-1B621A9504D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A5EE112-AFB5-414C-82B4-634942705626}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3BC064C4-29E0-448D-AF23-DC5B34CF5D18}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{42EFD884-0AFE-462C-879F-D29562084229}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{4635BEBC-43DC-41F4-92F7-428D83F3708C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{463FCD6E-6201-46CE-97DA-B1F161DEB163}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4BA54922-0B12-4745-9B4A-17E6CC626B7E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4E0D58B3-DB90-4F1D-A009-72912D34EAB8}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{4ED97F31-A708-442A-94E0-3F2F54A0AD41}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{5215B16C-CA72-4BE4-AEE8-87CFAB1B6BD7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{59592A11-F4B0-414D-A632-FBC252F7A25E}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{5DA55A6B-4466-4E43-8B8A-B9FCF2D5F580}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{669230C5-77AA-4700-831C-E7B3198999E1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7AB9012F-EDB3-4B3D-8F87-0410F9AF6FA1}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{7AC4BCC3-65EA-4E30-A38B-1EA3C3016E88}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{7B3B8127-4E43-4B22-952D-CB7025DE4060}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{7EAAE2D3-1B7B-4612-9702-984C8082C0FB}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{7EDCCE49-DF41-4B01-A423-9A94AD9F27DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{819AA1A0-29C7-4C0D-A0DB-3E8539F9CB82}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{900F9231-D781-484A-9F6F-4DB67192AB8E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{908776A0-5167-4870-B9B9-5E2D5CCC0039}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{996461BF-4EE7-45BD-B7C3-1C1C6B353CA7}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{99678E1C-D873-4FEE-A12B-EA624CE3D665}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{9AFAF8A0-50A1-4C47-8CAA-CEC16F058B0B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{9FD66A66-4346-4E03-B061-3475906097E6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A3018DD0-9536-42DD-9AE4-D2503468B815}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A79C1E92-4440-4BA9-ABDF-5BDA8F040499}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A800951A-3F9C-4FF0-9812-4EE61F6E4447}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B745817C-BEE8-4817-99B0-31F19A1022EB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B7B7313B-9399-4168-955C-EB493287DC73}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B84E9BB0-520B-4EBB-8937-EE792BA9DF16}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{BE4F8D4D-753B-4E7C-8F62-76507C754B61}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C42EC10C-36C1-4938-AFE0-DF35DA07977D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CA8629E6-D0A8-4232-9206-A4E74688098F}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{CDCEAB3D-76CF-4F91-8EE5-A4B6113ED6FA}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{D5ABF77A-C92F-4A08-A373-B215521D9AB0}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{DA4E9477-65FC-4BB4-9E6E-0DC63B125384}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0A10FE5-06FB-472C-8274-33B4EE215324}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E746E8E8-F0DA-4BA9-8FB1-97098E0BE961}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{EA3194AD-5590-4D28-A076-78FB8512E36C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF2FC9BE-D64B-4B83-BD6A-35406811B389}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{EFE9203C-CD6B-49C0-85D5-DBB5EE6D4420}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F4F858C3-C75D-4F61-93B6-938E734C45B7}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F60FFE99-7116-4A5D-83B6-EEE831202FC4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F9EB8B3E-9FF6-401E-949D-0AA43B4EB74A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4300
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{11A80E40-621F-489C-A626-58886B60FEAC}" = Uninstall Dell PC Fax
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1C643154-0ADF-4B4C-AF17-E315C946A54B}" = MotoConnect
"{1EBEC42C-5E3F-4077-933B-411E33A0C3A4}" = Motorola Driver Installation 4.6.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{448E2D77-E504-4221-B2C2-93646B344729}" = Mouse Suite for Desktop Computers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5887D64D-2663-43FB-B4BD-7464C56AB425}" = NVIDIA System Monitor
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{88B746D6-1956-4D98-BE82-46E45AAA5BC2}" = Garmin Training Center
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95381165-5D16-4CD4-9162-57799A3F3AB5}" = JetLan USB 2.0 Networking - Data Transfer Cable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B1D861B6-F8BD-43A2-9B08-E0FC28883B98}" = Garmin Training Center
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6AC9178-8DE8-4654-97C8-7B71C7CBE683}" = Microsoft LifeCam
"{B6B45398-B8E9-4BA2-ACD8-65D61C65B8AE}" = MyVirtualHome
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{CA72A82C-7DBC-4814-8CCB-E5BFAC59FAEF}" = ArcSoft MediaImpression for Kodak
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{FB3F4A45-D3F8-4A6B-8AEC-26BBB15ED0D1}" = Garmin ANT Agent
"24DA573F901348FFDFF7717497830D45BE0C362E" = Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"ALchemy X-Fi" = Creative ALchemy (X-Fi Edition)
"Audacity_is1" = Audacity 1.2.6
"AudioCS" = Creative Audio Control Panel
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"Crystal Report ActiveX Viewer" = Crystal Report ActiveX Viewer
"Dell Laser MFP 1815" = Dell Laser MFP 1815 Software Uninstall
"Dell Support Center" = Dell Support Center
"Dell Video Chat" = Dell Video Chat (remove only)
"FrostWire" = FrostWire 4.21.3
"FrostWire 5" = FrostWire 5.0.8
"Glary Utilities_is1" = Glary Utilities 2.35.0.1216
"GoToAssist" = GoToAssist Corporate
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{5887D64D-2663-43FB-B4BD-7464C56AB425}" = NVIDIA System Monitor
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"McAfee Security Scan" = McAfee Security Scan Plus
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 5.0.1 (x86 en-US)" = Mozilla Firefox 5.0.1 (x86 en-US)
"MSC" = McAfee SecurityCenter
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"OUTLOOKR" = Microsoft Office Outlook 2007
"PDF reDirect" = PDF reDirect (remove only)
"RAR File Open Knife - Free Opener" = RAR File Open Knife - Free Opener
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Trillian" = Trillian
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3846136161-3858483316-3222689210-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/28/2011 2:09:28 PM | Computer Name = XPS730.o********m.com | Source = Windows Search Service | ID = 3013
Description =

Error - 7/28/2011 2:09:28 PM | Computer Name = XPS730.o********m.com | Source = Windows Search Service | ID = 3013
Description =

Error - 7/28/2011 2:09:28 PM | Computer Name = XPS730.o********m.com | Source = Windows Search Service | ID = 3013
Description =

Error - 7/28/2011 2:09:28 PM | Computer Name = XPS730.o********m.com | Source = Windows Search Service | ID = 3013
Description =

Error - 7/28/2011 2:09:28 PM | Computer Name = XPS730.o********m.com | Source = Windows Search Service | ID = 3013
Description =

Error - 7/28/2011 2:09:28 PM | Computer Name = XPS730.o********m.com | Source = Windows Search Service | ID = 3013
Description =

Error - 7/28/2011 2:09:28 PM | Computer Name = XPS730.o********m.com | Source = Windows Search Service | ID = 3013
Description =

Error - 7/28/2011 2:09:28 PM | Computer Name = XPS730.o********m.com | Source = Windows Search Service | ID = 3013
Description =

Error - 7/28/2011 2:09:29 PM | Computer Name = XPS730.o********m.com | Source = Windows Search Service | ID = 3013
Description =

Error - 7/28/2011 2:09:29 PM | Computer Name = XPS730.o********m.com | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 11/4/2008 12:48:24 AM | Computer Name = XPS730.o********m.com | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/16/2008 12:58:31 AM | Computer Name = XPS730.o********m.com | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/11/2009 1:31:11 AM | Computer Name = XPS730.o********m.com | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 4/30/2010 9:56:03 PM | Computer Name = XPS730.o********m.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 304609
seconds with 240 seconds of active time. This session ended with a crash.

Error - 8/18/2010 8:41:59 AM | Computer Name = XPS730.o********m.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 38
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/14/2010 4:48:52 PM | Computer Name = XPS730.o********m.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26425
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/8/2011 3:17:32 PM | Computer Name = XPS730.o********m.com | Source = DCOM | ID = 10010
Description =

Error - 8/8/2011 4:48:25 PM | Computer Name = XPS730.o********m.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain o********m due to the following: %%1311 This may lead to authentication
problems. Make sure that this computer is connected to the network. If the problem
persists, please contact your domain administrator. ADDITIONAL INFO If this computer
is a domain controller for the specified domain, it sets up the secure session to
the primary domain controller emulator in the specified domain. Otherwise, this
computer sets up the secure session to any domain controller in the specified domain.

Error - 8/8/2011 4:48:52 PM | Computer Name = XPS730.o********m.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 8/8/2011 4:48:59 PM | Computer Name = XPS730.o********m.com | Source = Service Control Manager | ID = 7000
Description =

Error - 8/8/2011 4:48:59 PM | Computer Name = XPS730.o********m.com | Source = Service Control Manager | ID = 7009
Description =

Error - 8/8/2011 4:48:59 PM | Computer Name = XPS730.o********m.com | Source = Service Control Manager | ID = 7000
Description =

Error - 8/8/2011 4:50:58 PM | Computer Name = XPS730.o********m.com | Source = bowser | ID = 8003
Description =

Error - 8/8/2011 4:51:09 PM | Computer Name = XPS730.o********m.com | Source = DCOM | ID = 10005
Description =

Error - 8/8/2011 4:51:09 PM | Computer Name = XPS730.o********m.com | Source = Service Control Manager | ID = 7000
Description =

Error - 8/8/2011 4:53:03 PM | Computer Name = XPS730.o********m.com | Source = Service Control Manager | ID = 7000
Description =

< End of report >

This post has been edited by SwordSlayer954: 08 August 2011 - 04:03 PM

#13 Farbar

Just Curious

Group: Malware Response Instructor
Posts: 17,817
Joined: 08-December 07
Gender:Male
Location:The Netherlands

Posted 08 August 2011 - 04:09 PM

Please do the step 2 and post the log.

#14 SwordSlayer954

Member

Group: Members
Posts: 15
Joined: 08-June 11

Posted 08 August 2011 - 05:24 PM

Sorry about that

DDS LOG

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_26
Run by e*******n at 18:20:25 on 2011-08-08
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2557.1230 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\System32\ico.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Garmin\ANT Agent\ANT Agent.exe
C:\Program Files\Garmin\gStart.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\e*******n\Desktop\OTL.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080913
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080913
mStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080913
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080913
uInternet Settings,ProxyServer = http=127.0.0.1:50485
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110729175515.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\e*******n\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" resetprofile
uRun: [ANT Agent] c:\program files\garmin\ant agent\ANT Agent.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [gStart] c:\program files\garmin\gStart.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
mRun: [PMX Daemon] ICO.EXE
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
dRun: [CtxfiReg] CTXFIREG.exe /FAIL2
StartupFolder: c:\users\elital~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: gotvmail.net\confluence
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 10.2.0.12
TCP: Interfaces\{97F5ABB9-CA7B-4A12-BA4B-F455D59CFEFE} : NameServer = 205.152.144.23,8.8.8.8
TCP: Interfaces\{97F5ABB9-CA7B-4A12-BA4B-F455D59CFEFE} : DhcpNameServer = 10.2.0.12
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\e*******n\appdata\roaming\mozilla\firefox\profiles\001s5co7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\users\e*******n\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 459728]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-7-28 64648]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-7-28 163400]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-20 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-28 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-28 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-28 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-28 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-7-28 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-7-28 148520]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\ssport.sys [2008-10-6 5120]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-7-28 57432]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-3 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-3 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-3 72728]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-7-28 179248]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-7-28 337912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-14 136176]
S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-7-28 165000]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\common files\creative labs shared\service\AL1Licensing.exe [2008-9-12 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-7-28 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-3 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-3 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-3 72728]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-14 136176]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2009-2-19 1222680]
S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2009-7-7 28160]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-7-28 59288]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-7-28 85984]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-6-19 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-1-25 9472]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-9-12 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-9-12 19008]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-10-24 91456]
.
=============== Created Last 30 ================
.
2011-08-08 21:48:05 -------- d-----w- C:\FRST
2011-08-08 19:18:45 273408 ----a-w- C:\afd.sys
2011-07-29 21:55:15 24376 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
2011-07-29 13:49:12 100736 ----a-w- C:\fxldipod.sys
2011-07-28 16:39:55 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-07-28 16:39:39 85984 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-07-28 16:39:39 64648 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-07-28 16:39:39 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-07-28 16:39:39 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-07-28 16:39:39 337912 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-07-28 16:39:39 179248 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-07-28 16:39:39 163400 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-07-28 16:39:23 -------- d-----w- c:\program files\McAfee.com
2011-07-28 16:39:23 -------- d-----w- c:\program files\common files\Mcafee
2011-07-28 16:39:22 -------- d-----w- c:\program files\McAfee
2011-07-28 16:22:34 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-07-28 16:03:59 -------- d-----w- C:\mfe
2011-07-28 13:46:16 -------- d-----w- c:\users\e*******n\appdata\roaming\McAfee
2011-07-28 12:47:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-07-28 12:47:04 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-07-28 12:47:04 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-07-28 12:47:04 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-07-28 12:47:04 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-07-28 12:47:04 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-07-28 12:47:04 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-07-28 12:47:04 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-07-28 12:47:04 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-07-28 12:47:04 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-07-28 12:16:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-28 12:16:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-28 12:13:47 -------- d-----w- c:\programdata\InstallMate
2011-07-28 12:13:47 -------- d-----w- c:\program files\BillP Studios
2011-07-28 12:13:12 208896 ----a-w- c:\windows\MBR.exe
2011-07-28 12:13:10 256000 ----a-w- c:\windows\PEV.exe
2011-07-28 12:13:09 98816 ----a-w- c:\windows\sed.exe
2011-07-28 12:13:09 518144 ----a-w- c:\windows\SWREG.exe
2011-07-28 12:12:55 -------- d-s---w- C:\ComboFix
2011-07-28 11:16:34 -------- d-----w- c:\users\e*******n\appdata\roaming\Malwarebytes
2011-07-28 11:16:25 -------- d-----w- c:\programdata\Malwarebytes
2011-07-28 11:16:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-25 12:36:42 -------- d-----w- c:\program files\iPod
2011-07-25 12:31:23 -------- d-----w- c:\program files\Bonjour
2011-07-24 16:16:27 -------- d-----w- c:\users\e*******n\FrostWire
2011-07-24 16:16:04 -------- d-----w- c:\users\e*******n\.frostwire5
2011-07-24 16:15:06 -------- d-----w- c:\program files\FrostWire 5
2011-07-13 03:26:46 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 03:26:46 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 03:26:42 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 03:26:38 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-13 03:26:38 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
.
==================== Find3M ====================
.
2011-06-15 10:57:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-28 06:08:58 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10:26 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 18:20:59.80 ===============

This post has been edited by farbar: 08 August 2011 - 06:16 PM

#15 Farbar

Just Curious

Group: Malware Response Instructor
Posts: 17,817
Joined: 08-December 07
Gender:Male
Location:The Netherlands

Posted 08 August 2011 - 06:21 PM

No worries.

First download the tools for step 2 and step 3. Please do all the steps and in the order they are written.

Run command Prompt as Administrator. To do that:
Go to Start and type cmd.exe in the Search box.
It gives you cmd.exe in the upper part. Right-click cmd.exe and select "Run As Administrator".
Copy the following command, right-click in the open Command prompt window and select Paste the press Enter:

netsh winsock reset

Let me know if it gives you any error. Close the command prompt.
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
- Ensure all Firefox windows are closed.
- To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
- When prompted to run the scan, click Yes.
- GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
Please download MiniToolBox and save it to your desktop and run it.

Checkmark following checkboxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- Report FF Proxy Settings
- Reset FF Proxy Settings
- List IP configuration
Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
Please restart the computer.
After restart run DDS and post the DDS.txt please.