Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware running in background


  • This topic is locked This topic is locked
81 replies to this topic

#1 looney2340

looney2340

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:08:30 AM

Posted 25 April 2010 - 02:11 PM

Hi everyone,

I ran a malware bytes scan and it found a few things 3 password stealers and some other things which it had removed. But over past few days even with nothing running and all I.E and FireFox windows closed, im hearing advertisements with no pop-ups showing only hearing the audio that are about 3 - 4 sec. clips. Can someone look over my log and see what is going on there also was an issue a few times with local host services being stopped but haven't seen that in a say or so.......Thanks


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:31:46 PM, on 4/25/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\mdm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu .exe
C:\Program Files\Common Files\Java\Java Update\jusched .exe
C:\Program Files\Lexmark 1300 Series\lxdcamon .exe
C:\Windows\system32\taskeng.exe
C:\Users\Henry\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.myway.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1242155616\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\Windows\system32\lxdccoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

--
End of file - 5944 bytes








BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:30 PM

Posted 30 April 2010 - 11:13 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 looney2340

looney2340
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:08:30 AM

Posted 30 April 2010 - 11:33 AM

Hello thank you for the reply,

I will be away for the weekend and will download and respond on Sunday 5/2/10. Again thank you for the help



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:30 PM

Posted 30 April 2010 - 01:40 PM

Ok smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 looney2340

looney2340
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:08:30 AM

Posted 01 May 2010 - 10:55 PM

Here is the DDS file:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Henry at 23:35:22.85 on Sat 05/01/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_19
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.987 [GMT -4:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============





Here is my gmer log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-01 23:54:31
Windows 6.0.6002 Service Pack 2
Running: qhmt63bo.exe; Driver: C:\Users\Henry\AppData\Local\Temp\fxldipow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8EE2479E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8EE24738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8EE2474C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8EE247DC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8EE24710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8EE24724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8EE247B2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8EE2478A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8EE24776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8EE2480B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8EE247F2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8EE247C8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8EE24762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8E2D2AC8

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Windows\system32\lxdccoms.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\UpdReg.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu .exe
C:\Program Files\Lexmark 1300 Series\lxdcamon .exe
C:\Program Files\Common Files\Java\Java Update\jusched .exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\mdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Henry\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.my.myway.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AOL Fast Start] "c:\program files\aol 9.0\AOL.EXE" -b
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HostManager] c:\program files\common files\aol\1242155616\ee\AOLSoftware.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [lxdcmon.exe] "c:\program files\lexmark 1300 series\lxdcmon.exe"
mRun: [lxdcamon] "c:\program files\lexmark 1300 series\lxdcamon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
mASetup: {EC5738BF-72C3-416F-9D09-24A21222BE58} - rundll32 fycwdn11.dll,laspi

================= FIREFOX ===================

FF - ProfilePath - c:\users\henry\appdata\roaming\mozilla\firefox\profiles\p17avemr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.my.myway.com/
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\henry\appdata\roaming\mozilla\firefox\profiles\p17avemr.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-11 214664]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-3-6 47640]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-11 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-11 35272]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-11 34248]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-11 40552]

=============== Created Last 30 ================

2010-04-25 21:46:03 0 d-----w- C:\VundoFix Backups
2010-04-25 19:29:22 0 d-----w- c:\windows\system32\eu-ES
2010-04-25 19:29:22 0 d-----w- c:\windows\system32\ca-ES
2010-04-25 19:29:21 0 d-----w- c:\windows\system32\vi-VN
2010-04-25 19:12:28 0 d-----w- c:\windows\system32\EventProviders
2010-04-23 18:11:43 66562 ----a-w- c:\programdata\Sm5M6OaD.exe
2010-04-23 09:47:25 112 ----a-w- c:\programdata\io2guibM.dat
2010-04-19 22:08:04 3519 ----a-w- c:\windows\system32\gzdjl
2010-04-19 22:08:03 60928 ----a-w- c:\windows\system32\klgd.bmp
2010-04-18 16:47:27 414 ----a-w- c:\windows\system32\lame_acm.xml
2010-04-18 16:47:27 38 ----a-w- c:\windows\avisplitter.ini
2010-04-18 16:47:27 165376 ----a-w- c:\windows\system32\unrar.dll
2010-04-18 16:47:26 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-04-18 16:47:26 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-04-18 16:47:26 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-04-18 16:47:26 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-04-18 16:47:26 151552 ----a-w- c:\windows\system32\ac3acm.acm
2010-04-18 16:47:24 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-04-18 16:47:24 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2010-04-18 16:47:23 0 d-----w- c:\program files\K-Lite Codec Pack
2010-04-14 12:17:33 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 12:17:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 12:17:32 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 12:17:25 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 12:17:25 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 12:17:13 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 12:17:11 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-14 12:17:11 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-04-14 12:17:05 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 12:17:04 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 12:17:04 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 12:16:17 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 12:15:37 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-04 16:32:08 0 d-----w- c:\programdata\Sun

==================== Find3M ====================

2010-04-25 19:37:31 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-04-25 19:37:31 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-25 19:37:31 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-25 19:29:12 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-25 19:22:20 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-04-23 09:46:44 37380 ----a-w- c:\windows\UpdReg.EXE
2010-04-21 18:21:49 40910 ----a-w- c:\users\henry\appdata\roaming\nvModes.dat
2010-03-30 04:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-09 16:25:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 15:42:17 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 08:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-05-16 02:53:48 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2006-11-22 14:57:01 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 23:41:27.65 ===============





#6 looney2340

looney2340
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:08:30 AM

Posted 01 May 2010 - 10:57 PM

Sorry here is the DDS log


DDS (Ver_10-03-17.01) - NTFSx86
Run by Henry at 23:35:22.85 on Sat 05/01/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_19
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.987 [GMT -4:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Windows\system32\lxdccoms.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\UpdReg.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu .exe
C:\Program Files\Lexmark 1300 Series\lxdcamon .exe
C:\Program Files\Common Files\Java\Java Update\jusched .exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\mdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Henry\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.my.myway.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AOL Fast Start] "c:\program files\aol 9.0\AOL.EXE" -b
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HostManager] c:\program files\common files\aol\1242155616\ee\AOLSoftware.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [lxdcmon.exe] "c:\program files\lexmark 1300 series\lxdcmon.exe"
mRun: [lxdcamon] "c:\program files\lexmark 1300 series\lxdcamon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
mASetup: {EC5738BF-72C3-416F-9D09-24A21222BE58} - rundll32 fycwdn11.dll,laspi

================= FIREFOX ===================

FF - ProfilePath - c:\users\henry\appdata\roaming\mozilla\firefox\profiles\p17avemr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.my.myway.com/
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\henry\appdata\roaming\mozilla\firefox\profiles\p17avemr.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-11 214664]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-3-6 47640]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-11 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-11 35272]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-11 34248]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-11 40552]

=============== Created Last 30 ================

2010-04-25 21:46:03 0 d-----w- C:\VundoFix Backups
2010-04-25 19:29:22 0 d-----w- c:\windows\system32\eu-ES
2010-04-25 19:29:22 0 d-----w- c:\windows\system32\ca-ES
2010-04-25 19:29:21 0 d-----w- c:\windows\system32\vi-VN
2010-04-25 19:12:28 0 d-----w- c:\windows\system32\EventProviders
2010-04-23 18:11:43 66562 ----a-w- c:\programdata\Sm5M6OaD.exe
2010-04-23 09:47:25 112 ----a-w- c:\programdata\io2guibM.dat
2010-04-19 22:08:04 3519 ----a-w- c:\windows\system32\gzdjl
2010-04-19 22:08:03 60928 ----a-w- c:\windows\system32\klgd.bmp
2010-04-18 16:47:27 414 ----a-w- c:\windows\system32\lame_acm.xml
2010-04-18 16:47:27 38 ----a-w- c:\windows\avisplitter.ini
2010-04-18 16:47:27 165376 ----a-w- c:\windows\system32\unrar.dll
2010-04-18 16:47:26 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-04-18 16:47:26 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-04-18 16:47:26 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-04-18 16:47:26 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-04-18 16:47:26 151552 ----a-w- c:\windows\system32\ac3acm.acm
2010-04-18 16:47:24 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-04-18 16:47:24 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2010-04-18 16:47:23 0 d-----w- c:\program files\K-Lite Codec Pack
2010-04-14 12:17:33 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 12:17:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 12:17:32 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 12:17:25 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 12:17:25 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 12:17:13 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 12:17:11 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-14 12:17:11 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-04-14 12:17:05 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 12:17:04 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 12:17:04 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 12:16:17 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 12:15:37 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-04 16:32:08 0 d-----w- c:\programdata\Sun

==================== Find3M ====================

2010-04-25 19:37:31 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-04-25 19:37:31 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-25 19:37:31 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-25 19:29:12 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-25 19:22:20 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-04-23 09:46:44 37380 ----a-w- c:\windows\UpdReg.EXE
2010-04-21 18:21:49 40910 ----a-w- c:\users\henry\appdata\roaming\nvModes.dat
2010-03-30 04:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-09 16:25:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 15:42:17 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 08:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-05-16 02:53:48 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2006-11-22 14:57:01 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 23:41:27.65 ===============


#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:30 PM

Posted 02 May 2010 - 07:58 AM

Hello, looney2340
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#8 looney2340

looney2340
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:08:30 AM

Posted 03 May 2010 - 07:49 AM

Hello,
I tried to download from both sites and it says file not found so i was unable to download and run last night

#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:30 PM

Posted 04 May 2010 - 12:03 PM

Hi,
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemdrive%\*.sys /90 /md5
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#10 looney2340

looney2340
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:08:30 AM

Posted 04 May 2010 - 09:35 PM

OTL logfile created on: 5/4/2010 10:18:29 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Henry\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.00 Gb Total Space | 95.20 Gb Free Space | 69.49% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.83 Gb Free Space | 58.33% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7.72 Mb Total Space | 0.23 Mb Free Space | 3.02% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Henry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/04 22:17:46 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Henry\Desktop\OTL.exe
PRC - [2010/04/25 10:18:06 | 000,066,562 | ---- | M] () -- C:\ProgramData\Sm5M6OaD.exe
PRC - [2010/04/04 12:36:41 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched .exe
PRC - [2010/02/11 12:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/28 20:34:22 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/09/28 20:34:16 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/17 18:18:31 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/11 13:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2007/05/25 05:38:20 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxdccoms.exe
PRC - [2007/04/30 04:19:53 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 1300 Series\lxdcamon .exe
PRC - [2007/04/18 02:49:07 | 000,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0\waol.exe
PRC - [2007/04/18 02:49:05 | 000,054,832 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0\shellmon.exe
PRC - [2006/11/27 09:14:52 | 000,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu .exe
PRC - [2006/11/22 14:56:00 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [1998/05/29 00:00:00 | 000,119,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MDM.EXE


========== Modules (SafeList) ==========

MOD - [2010/05/04 22:17:46 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Henry\Desktop\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/28 20:34:22 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009/05/17 18:18:31 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/08/11 13:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/25 05:38:38 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe -- (lxdcCATSCustConnectService)
SRV - [2007/05/25 05:38:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdccoms.exe -- (lxdc_device)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [1998/06/06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV - [2009/09/28 20:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/08/11 13:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 13:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007/10/04 21:24:00 | 007,628,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/12/09 01:01:02 | 002,206,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/22 14:56:52 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/22 10:57:00 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/22 10:57:00 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/22 10:57:00 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2006/11/02 03:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 03:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/12/22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.my.myway.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.my.myway.com/"
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.586
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 12:36:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 12:36:44 | 000,000,000 | ---D | M]

[2010/03/12 19:44:16 | 000,000,000 | ---D | M] -- C:\Users\Henry\AppData\Roaming\Mozilla\Extensions
[2010/05/03 22:31:38 | 000,000,000 | ---D | M] -- C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\p17avemr.default\extensions
[2010/03/12 20:38:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\p17avemr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/12 20:38:35 | 000,000,000 | ---D | M] -- C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\p17avemr.default\extensions\LogMeInClient@logmein.com
[2010/04/04 12:31:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1242155616\ee\AOLSoftware.exe ()
O4 - HKLM..\Run: [lxdcamon] C:\Program Files\Lexmark 1300 Series\lxdcamon.exe ()
O4 - HKLM..\Run: [lxdcmon.exe] C:\Program Files\Lexmark 1300 Series\lxdcmon.exe File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\UpdReg.EXE ()
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0\AOL.EXE ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.29.103.15 24.29.103.16 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/05/15 22:43:26 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/05/04 22:17:45 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Henry\Desktop\OTL.exe
[2010/05/03 22:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/05/02 19:58:02 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Local\Adobe
[2010/04/25 17:46:03 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/04/25 15:29:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/04/25 15:29:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/04/25 15:29:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/04/25 15:12:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/04/18 12:47:26 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2010/04/18 12:47:26 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2010/04/18 12:47:26 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2010/04/18 12:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/04/18 12:44:37 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Roaming\Media Player Classic
[2010/04/18 01:12:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/04/10 11:44:23 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Roaming\U3
[2010/04/04 12:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/12 19:44:06 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Roaming\Mozilla
[2010/03/12 19:44:06 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Local\Mozilla
[2010/03/12 19:43:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/03/06 15:00:31 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Local\LogMeIn
[2010/03/06 15:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2010/03/06 15:00:20 | 000,028,984 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2010/03/06 15:00:17 | 000,083,288 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2010/03/06 15:00:17 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\LMIRfsDriver.sys
[2010/03/06 15:00:09 | 000,087,352 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2010/03/06 14:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2010/03/06 14:39:24 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Local\Deployment
[2010/03/06 14:39:24 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Local\Apps
[2010/03/02 23:24:54 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Roaming\AVS4YOU
[2010/03/02 23:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/03/02 23:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2010/03/02 23:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/03/02 00:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\Pegasys Inc
[2009/09/03 13:57:47 | 001,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxdcserv.dll
[2009/09/03 13:57:47 | 000,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxdcusb1.dll
[2009/09/03 13:57:47 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxdcinpa.dll
[2009/09/03 13:57:47 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxdciesc.dll
[2009/09/03 13:57:47 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDChcp.dll
[2009/09/03 13:57:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdcpmui.dll
[2009/09/03 13:57:46 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxdclmpm.dll
[2009/09/03 13:57:46 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxdcprox.dll
[2009/09/03 13:57:46 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxdcpplc.dll
[2009/09/03 13:57:45 | 000,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxdchbn3.dll
[2009/09/03 13:57:43 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdccomc.dll
[2009/09/03 13:57:43 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxdccomm.dll

========== Files - Modified Within 90 Days ==========

[2010/05/04 22:20:22 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ABEB773A-5A43-413D-8E1C-011A1E45C777}.job
[2010/05/04 22:18:30 | 002,621,440 | -HS- | M] () -- C:\Users\Henry\NTUSER.DAT
[2010/05/04 22:17:46 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Henry\Desktop\OTL.exe
[2010/05/04 22:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/05/04 22:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At47.job
[2010/05/04 21:56:50 | 000,040,910 | ---- | M] () -- C:\Users\Henry\AppData\Roaming\nvModes.001
[2010/05/04 21:53:15 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/04 21:53:15 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/04 21:53:15 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/04 21:49:18 | 000,017,473 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/05/04 21:48:00 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/04 21:48:00 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/04 21:47:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/04 21:47:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/04 21:47:34 | 000,250,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/04 21:46:50 | 2145,849,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/03 22:39:38 | 000,524,288 | -HS- | M] () -- C:\Users\Henry\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/03 22:39:38 | 000,065,536 | -HS- | M] () -- C:\Users\Henry\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/03 22:39:35 | 001,724,192 | -H-- | M] () -- C:\Users\Henry\AppData\Local\IconCache.db
[2010/05/03 22:33:06 | 000,297,984 | ---- | M] () -- C:\Users\Henry\Desktop\sam dr bill.doc
[2010/05/03 22:06:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/05/03 22:06:11 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/05/02 21:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010/05/02 21:00:09 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At46.job
[2010/05/02 20:43:52 | 000,206,336 | ---- | M] () -- C:\Users\Henry\Desktop\bills.xls
[2010/05/02 20:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010/05/02 20:00:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At45.job
[2010/05/02 19:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010/05/02 19:00:09 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At44.job
[2010/05/02 18:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/05/02 18:00:05 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At43.job
[2010/05/02 00:04:28 | 000,000,345 | ---- | M] () -- C:\Windows\win.ini
[2010/05/02 00:02:22 | 000,000,680 | ---- | M] () -- C:\Users\Henry\AppData\Local\d3d9caps.dat
[2010/05/01 23:30:00 | 000,055,176 | ---- | M] () -- C:\Users\Henry\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/25 21:57:15 | 004,890,584 | ---- | M] () -- C:\Users\Henry\Desktop\17_-_The_Way_You_Look_Tonight.mp3
[2010/04/25 17:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/04/25 17:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At42.job
[2010/04/25 16:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010/04/25 16:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At41.job
[2010/04/25 15:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010/04/25 15:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At40.job
[2010/04/25 14:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010/04/25 14:00:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At39.job
[2010/04/25 13:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010/04/25 13:00:03 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At38.job
[2010/04/25 12:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010/04/25 12:00:09 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At37.job
[2010/04/25 11:16:01 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/04/25 11:00:04 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At36.job
[2010/04/25 10:18:08 | 000,000,112 | ---- | M] () -- C:\ProgramData\io2guibM.dat
[2010/04/25 10:18:06 | 000,066,562 | ---- | M] () -- C:\ProgramData\Sm5M6OaD.exe
[2010/04/25 10:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010/04/25 10:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At35.job
[2010/04/25 09:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/04/25 09:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At34.job
[2010/04/25 08:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/04/25 08:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At33.job
[2010/04/25 07:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/04/25 07:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At32.job
[2010/04/25 06:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/04/25 06:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At31.job
[2010/04/25 05:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/04/25 05:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At30.job
[2010/04/25 04:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/04/25 04:00:08 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At29.job
[2010/04/25 03:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/04/25 03:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At28.job
[2010/04/25 02:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/04/25 02:00:10 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At27.job
[2010/04/25 01:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/04/25 01:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At26.job
[2010/04/25 00:37:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At25.job
[2010/04/25 00:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/04/24 23:16:01 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/04/24 23:00:08 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At48.job
[2010/04/23 05:46:44 | 000,037,380 | ---- | M] () -- C:\Windows\UpdReg.EXE
[2010/04/21 14:21:49 | 000,040,910 | ---- | M] () -- C:\Users\Henry\AppData\Roaming\nvModes.dat
[2010/04/19 18:08:04 | 000,003,519 | ---- | M] () -- C:\Windows\System32\gzdjl
[2010/04/19 18:08:03 | 000,060,928 | ---- | M] () -- C:\Windows\System32\klgd.bmp
[2010/04/18 15:21:43 | 000,067,072 | ---- | M] () -- C:\Users\Henry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/15 01:12:58 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/04/11 09:36:08 | 000,000,665 | ---- | M] () -- C:\Users\Henry\Desktop\Henry.lnk
[2010/04/01 01:00:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/03/28 22:01:14 | 008,630,022 | ---- | M] () -- C:\Users\Henry\Desktop\B.o.B. - Nothin On You Feat Bruno Mars-MIXFIEND.mp3
[2010/03/14 14:00:00 | 000,085,504 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
[2010/03/14 14:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2010/03/12 19:43:54 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/03/08 23:19:14 | 000,002,660 | ---- | M] () -- C:\Users\Henry\Desktop\329590450797_1562041547_30837045_7756266.jpg
[2010/03/07 16:01:16 | 000,000,944 | ---- | M] () -- C:\Users\Henry\Desktop\WinAVI 9.0.lnk
[2010/03/06 22:08:11 | 000,000,406 | ---- | M] () -- C:\Users\Henry\myotherdrive.properties
[2010/03/06 15:00:05 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/03/02 23:46:16 | 000,001,039 | ---- | M] () -- C:\Users\Henry\Desktop\AVS Video Converter 6.lnk
[2010/03/02 23:38:18 | 000,016,114 | ---- | M] () -- C:\Users\Henry\Desktop\[isoHunt]_AVS_Video_Converter_v6.3.1.367___Crack_[RH]____AVS_Video_Convert.4992137.TPB.torrent
[2010/03/02 00:00:00 | 000,053,248 | ---- | M] () -- C:\Windows\System32\pxhpinst.exe
[2010/02/10 13:13:48 | 000,165,376 | ---- | M] () -- C:\Windows\System32\unrar.dll

========== Files Created - No Company Name ==========

[2010/05/03 22:33:06 | 000,297,984 | ---- | C] () -- C:\Users\Henry\Desktop\sam dr bill.doc
[2010/05/03 22:06:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/05/03 22:06:11 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/05/02 17:50:47 | 2145,849,344 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/25 21:57:08 | 004,890,584 | ---- | C] () -- C:\Users\Henry\Desktop\17_-_The_Way_You_Look_Tonight.mp3
[2010/04/23 14:11:52 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At48.job
[2010/04/23 14:11:51 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At47.job
[2010/04/23 14:11:51 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At46.job
[2010/04/23 14:11:51 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At45.job
[2010/04/23 14:11:50 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At44.job
[2010/04/23 14:11:50 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At43.job
[2010/04/23 14:11:50 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At42.job
[2010/04/23 14:11:49 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At41.job
[2010/04/23 14:11:49 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At40.job
[2010/04/23 14:11:48 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At39.job
[2010/04/23 14:11:48 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At38.job
[2010/04/23 14:11:48 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At37.job
[2010/04/23 14:11:47 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At36.job
[2010/04/23 14:11:47 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At35.job
[2010/04/23 14:11:47 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At34.job
[2010/04/23 14:11:46 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At33.job
[2010/04/23 14:11:46 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At32.job
[2010/04/23 14:11:46 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At31.job
[2010/04/23 14:11:46 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At30.job
[2010/04/23 14:11:45 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At29.job
[2010/04/23 14:11:45 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At28.job
[2010/04/23 14:11:44 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At27.job
[2010/04/23 14:11:44 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At26.job
[2010/04/23 14:11:44 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At25.job
[2010/04/23 14:11:43 | 000,066,562 | ---- | C] () -- C:\ProgramData\Sm5M6OaD.exe
[2010/04/23 05:47:25 | 000,000,112 | ---- | C] () -- C:\ProgramData\io2guibM.dat
[2010/04/23 05:47:08 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At24.job
[2010/04/23 05:47:07 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At23.job
[2010/04/23 05:47:07 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At22.job
[2010/04/23 05:47:06 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At21.job
[2010/04/23 05:47:05 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At20.job
[2010/04/23 05:47:05 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At19.job
[2010/04/23 05:47:04 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At18.job
[2010/04/23 05:47:03 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At17.job
[2010/04/23 05:47:03 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At16.job
[2010/04/23 05:47:02 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At15.job
[2010/04/23 05:47:00 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At14.job
[2010/04/23 05:46:57 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At13.job
[2010/04/23 05:46:56 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At12.job
[2010/04/23 05:46:55 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At11.job
[2010/04/23 05:46:54 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At9.job
[2010/04/23 05:46:54 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At10.job
[2010/04/23 05:46:53 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At8.job
[2010/04/23 05:46:52 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At7.job
[2010/04/23 05:46:51 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At6.job
[2010/04/23 05:46:51 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At5.job
[2010/04/23 05:46:50 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010/04/23 05:46:49 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010/04/23 05:46:48 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/04/23 05:46:46 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/04/19 18:08:04 | 000,003,519 | ---- | C] () -- C:\Windows\System32\gzdjl
[2010/04/19 18:08:03 | 000,060,928 | ---- | C] () -- C:\Windows\System32\klgd.bmp
[2010/04/18 13:01:25 | 000,000,680 | ---- | C] () -- C:\Users\Henry\AppData\Local\d3d9caps.dat
[2010/04/18 12:47:27 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/04/18 12:47:27 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2010/04/18 12:47:27 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/04/18 12:47:26 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/04/18 12:47:26 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/04/18 12:47:24 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/04/18 12:47:24 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2010/04/11 09:35:47 | 000,000,665 | ---- | C] () -- C:\Users\Henry\Desktop\Henry.lnk
[2010/03/28 22:01:33 | 008,630,022 | ---- | C] () -- C:\Users\Henry\Desktop\B.o.B. - Nothin On You Feat Bruno Mars-MIXFIEND.mp3
[2010/03/12 19:43:54 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/03/08 18:43:08 | 000,002,660 | ---- | C] () -- C:\Users\Henry\Desktop\329590450797_1562041547_30837045_7756266.jpg
[2010/03/07 16:00:17 | 000,000,944 | ---- | C] () -- C:\Users\Henry\Desktop\WinAVI 9.0.lnk
[2010/03/06 15:00:04 | 000,001,024 | ---- | C] () -- C:\.rnd
[2010/03/06 14:03:43 | 000,000,406 | ---- | C] () -- C:\Users\Henry\myotherdrive.properties
[2010/03/02 23:46:16 | 000,001,039 | ---- | C] () -- C:\Users\Henry\Desktop\AVS Video Converter 6.lnk
[2010/03/02 23:38:17 | 000,016,114 | ---- | C] () -- C:\Users\Henry\Desktop\[isoHunt]_AVS_Video_Converter_v6.3.1.367___Crack_[RH]____AVS_Video_Convert.4992137.TPB.torrent
[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/09/03 14:01:17 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdccoin.dll
[2009/09/03 13:58:33 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdcrwrd.ini
[2009/09/03 13:57:48 | 000,286,720 | ---- | C] () -- C:\Windows\System32\LXDCinst.dll
[2009/09/03 13:57:44 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdcgrd.dll
[2009/08/08 16:52:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/20 23:51:38 | 000,000,126 | ---- | C] () -- C:\Windows\mdm.ini
[2009/05/17 18:42:02 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2009/05/17 18:42:00 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2009/05/17 18:42:00 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2009/05/16 19:23:14 | 000,000,636 | ---- | C] () -- C:\Windows\ODBC.INI
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/05/17 22:47:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdcvs.dll
[2005/05/06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 000,014,017 | ---- | C] () -- C:\Windows\JAUTOEXP.INI
[1998/04/24 00:00:00 | 000,000,218 | ---- | C] () -- C:\Windows\FRONTPG.INI

========== LOP Check ==========

[2009/08/30 18:19:36 | 000,000,000 | ---D | M] -- C:\Users\Henry\AppData\Roaming\Alien Skin
[2009/08/07 15:22:52 | 000,000,000 | ---D | M] -- C:\Users\Henry\AppData\Roaming\IObit
[2009/09/03 14:06:48 | 000,000,000 | ---D | M] -- C:\Users\Henry\AppData\Roaming\Lexmark Productivity Studio
[2009/11/29 00:20:19 | 000,000,000 | ---D | M] -- C:\Users\Henry\AppData\Roaming\Two Pilots
[2010/04/18 22:24:22 | 000,000,000 | ---D | M] -- C:\Users\Henry\AppData\Roaming\uTorrent
[2010/04/25 00:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/04/25 09:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2010/04/25 10:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2010/04/25 11:16:01 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2010/04/25 12:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2010/04/25 13:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2010/04/25 14:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2010/04/25 15:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2010/04/25 16:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2010/04/25 17:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2010/05/02 18:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2010/04/25 01:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/05/02 19:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2010/05/02 20:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2010/05/02 21:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2010/05/04 22:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2010/04/24 23:16:01 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2010/04/25 00:37:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2010/04/25 01:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2010/04/25 02:00:10 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2010/04/25 03:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2010/04/25 04:00:08 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2010/04/25 02:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010/04/25 05:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2010/04/25 06:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2010/04/25 07:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2010/04/25 08:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2010/04/25 09:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2010/04/25 10:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2010/04/25 11:00:04 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2010/04/25 12:00:09 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2010/04/25 13:00:03 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2010/04/25 14:00:02 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2010/04/25 03:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2010/04/25 15:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2010/04/25 16:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2010/04/25 17:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2010/05/02 18:00:05 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2010/05/02 19:00:09 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2010/05/02 20:00:02 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2010/05/02 21:00:09 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2010/05/04 22:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2010/04/24 23:00:08 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2010/04/25 04:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2010/04/25 05:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2010/04/25 06:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2010/04/25 07:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2010/04/25 08:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2010/04/15 01:12:58 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010/04/01 01:00:05 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/05/03 22:39:42 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/05/04 22:20:22 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{ABEB773A-5A43-413D-8E1C-011A1E45C777}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2006/11/22 10:57:00 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2006/11/22 10:57:00 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2006/11/22 10:57:00 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2009/05/11 17:26:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009/05/11 17:26:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009/05/11 17:26:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/19 03:34:08 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2008/01/19 03:34:08 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemdrive%\*.sys /90 /md >
Invalid Switch: md

< End of report >



OTL logfile created on: 5/4/2010 10:18:29 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Henry\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.00 Gb Total Space | 95.20 Gb Free Space | 69.49% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.83 Gb Free Space | 58.33% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7.72 Mb Total Space | 0.23 Mb Free Space | 3.02% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Henry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/04 22:17:46 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Henry\Desktop\OTL.exe
PRC - [2010/04/25 10:18:06 | 000,066,562 | ---- | M] () -- C:\ProgramData\Sm5M6OaD.exe
PRC - [2010/04/04 12:36:41 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched .exe
PRC - [2010/02/11 12:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/28 20:34:22 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/09/28 20:34:16 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/17 18:18:31 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/11 13:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2007/05/25 05:38:20 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxdccoms.exe
PRC - [2007/04/30 04:19:53 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 1300 Series\lxdcamon .exe
PRC - [2007/04/18 02:49:07 | 000,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0\waol.exe
PRC - [2007/04/18 02:49:05 | 000,054,832 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0\shellmon.exe
PRC - [2006/11/27 09:14:52 | 000,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu .exe
PRC - [2006/11/22 14:56:00 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [1998/05/29 00:00:00 | 000,119,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MDM.EXE


========== Modules (SafeList) ==========

MOD - [2010/05/04 22:17:46 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Henry\Desktop\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/28 20:34:22 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009/05/17 18:18:31 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/08/11 13:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/25 05:38:38 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe -- (lxdcCATSCustConnectService)
SRV - [2007/05/25 05:38:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdccoms.exe -- (lxdc_device)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [1998/06/06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV - [2009/09/28 20:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/08/11 13:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 13:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007/10/04 21:24:00 | 007,628,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/12/09 01:01:02 | 002,206,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/22 14:56:52 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/22 10:57:00 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/22 10:57:00 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/22 10:57:00 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2006/11/02 03:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 03:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/12/22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.my.myway.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.my.myway.com/"
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.586
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 12:36:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 12:36:44 | 000,000,000 | ---D | M]

[2010/03/12 19:44:16 | 000,000,000 | ---D | M] -- C:\Users\Henry\AppData\Roaming\Mozilla\Extensions
[2010/05/03 22:31:38 | 000,000,000 | ---D | M] -- C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\p17avemr.default\extensions
[2010/03/12 20:38:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\p17avemr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/12 20:38:35 | 000,000,000 | ---D | M] -- C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\p17avemr.default\extensions\LogMeInClient@logmein.com
[2010/04/04 12:31:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1242155616\ee\AOLSoftware.exe ()
O4 - HKLM..\Run: [lxdcamon] C:\Program Files\Lexmark 1300 Series\lxdcamon.exe ()
O4 - HKLM..\Run: [lxdcmon.exe] C:\Program Files\Lexmark 1300 Series\lxdcmon.exe File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\UpdReg.EXE ()
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0\AOL.EXE ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.29.103.15 24.29.103.16 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/05/15 22:43:26 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/05/04 22:17:45 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Henry\Desktop\OTL.exe
[2010/05/03 22:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/05/02 19:58:02 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Local\Adobe
[2010/04/25 17:46:03 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/04/25 15:29:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/04/25 15:29:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/04/25 15:29:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/04/25 15:12:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/04/18 12:47:26 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2010/04/18 12:47:26 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2010/04/18 12:47:26 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2010/04/18 12:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/04/18 12:44:37 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Roaming\Media Player Classic
[2010/04/18 01:12:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/04/10 11:44:23 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Roaming\U3
[2010/04/04 12:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/12 19:44:06 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Roaming\Mozilla
[2010/03/12 19:44:06 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Local\Mozilla
[2010/03/12 19:43:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/03/06 15:00:31 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Local\LogMeIn
[2010/03/06 15:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2010/03/06 15:00:20 | 000,028,984 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2010/03/06 15:00:17 | 000,083,288 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2010/03/06 15:00:17 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\LMIRfsDriver.sys
[2010/03/06 15:00:09 | 000,087,352 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2010/03/06 14:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2010/03/06 14:39:24 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Local\Deployment
[2010/03/06 14:39:24 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Local\Apps
[2010/03/02 23:24:54 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Roaming\AVS4YOU
[2010/03/02 23:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/03/02 23:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2010/03/02 23:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/03/02 00:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\Pegasys Inc
[2009/09/03 13:57:47 | 001,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxdcserv.dll
[2009/09/03 13:57:47 | 000,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxdcusb1.dll
[2009/09/03 13:57:47 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxdcinpa.dll
[2009/09/03 13:57:47 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxdciesc.dll
[2009/09/03 13:57:47 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDChcp.dll
[2009/09/03 13:57:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdcpmui.dll
[2009/09/03 13:57:46 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxdclmpm.dll
[2009/09/03 13:57:46 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxdcprox.dll
[2009/09/03 13:57:46 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxdcpplc.dll
[2009/09/03 13:57:45 | 000,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxdchbn3.dll
[2009/09/03 13:57:43 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdccomc.dll
[2009/09/03 13:57:43 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxdccomm.dll

========== Files - Modified Within 90 Days ==========

[2010/05/04 22:20:22 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ABEB773A-5A43-413D-8E1C-011A1E45C777}.job
[2010/05/04 22:18:30 | 002,621,440 | -HS- | M] () -- C:\Users\Henry\NTUSER.DAT
[2010/05/04 22:17:46 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Henry\Desktop\OTL.exe
[2010/05/04 22:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/05/04 22:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At47.job
[2010/05/04 21:56:50 | 000,040,910 | ---- | M] () -- C:\Users\Henry\AppData\Roaming\nvModes.001
[2010/05/04 21:53:15 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/04 21:53:15 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/04 21:53:15 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/04 21:49:18 | 000,017,473 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/05/04 21:48:00 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/04 21:48:00 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/04 21:47:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/04 21:47:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/04 21:47:34 | 000,250,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/04 21:46:50 | 2145,849,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/03 22:39:38 | 000,524,288 | -HS- | M] () -- C:\Users\Henry\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/03 22:39:38 | 000,065,536 | -HS- | M] () -- C:\Users\Henry\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/03 22:39:35 | 001,724,192 | -H-- | M] () -- C:\Users\Henry\AppData\Local\IconCache.db
[2010/05/03 22:33:06 | 000,297,984 | ---- | M] () -- C:\Users\Henry\Desktop\sam dr bill.doc
[2010/05/03 22:06:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/05/03 22:06:11 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/05/02 21:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010/05/02 21:00:09 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At46.job
[2010/05/02 20:43:52 | 000,206,336 | ---- | M] () -- C:\Users\Henry\Desktop\bills.xls
[2010/05/02 20:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010/05/02 20:00:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At45.job
[2010/05/02 19:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010/05/02 19:00:09 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At44.job
[2010/05/02 18:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/05/02 18:00:05 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At43.job
[2010/05/02 00:04:28 | 000,000,345 | ---- | M] () -- C:\Windows\win.ini
[2010/05/02 00:02:22 | 000,000,680 | ---- | M] () -- C:\Users\Henry\AppData\Local\d3d9caps.dat
[2010/05/01 23:30:00 | 000,055,176 | ---- | M] () -- C:\Users\Henry\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/25 21:57:15 | 004,890,584 | ---- | M] () -- C:\Users\Henry\Desktop\17_-_The_Way_You_Look_Tonight.mp3
[2010/04/25 17:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/04/25 17:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At42.job
[2010/04/25 16:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010/04/25 16:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At41.job
[2010/04/25 15:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010/04/25 15:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At40.job
[2010/04/25 14:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010/04/25 14:00:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At39.job
[2010/04/25 13:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010/04/25 13:00:03 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At38.job
[2010/04/25 12:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010/04/25 12:00:09 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At37.job
[2010/04/25 11:16:01 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/04/25 11:00:04 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At36.job
[2010/04/25 10:18:08 | 000,000,112 | ---- | M] () -- C:\ProgramData\io2guibM.dat
[2010/04/25 10:18:06 | 000,066,562 | ---- | M] () -- C:\ProgramData\Sm5M6OaD.exe
[2010/04/25 10:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010/04/25 10:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At35.job
[2010/04/25 09:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/04/25 09:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At34.job
[2010/04/25 08:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/04/25 08:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At33.job
[2010/04/25 07:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/04/25 07:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At32.job
[2010/04/25 06:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/04/25 06:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At31.job
[2010/04/25 05:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/04/25 05:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At30.job
[2010/04/25 04:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/04/25 04:00:08 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At29.job
[2010/04/25 03:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/04/25 03:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At28.job
[2010/04/25 02:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/04/25 02:00:10 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At27.job
[2010/04/25 01:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/04/25 01:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At26.job
[2010/04/25 00:37:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At25.job
[2010/04/25 00:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/04/24 23:16:01 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/04/24 23:00:08 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At48.job
[2010/04/23 05:46:44 | 000,037,380 | ---- | M] () -- C:\Windows\UpdReg.EXE
[2010/04/21 14:21:49 | 000,040,910 | ---- | M] () -- C:\Users\Henry\AppData\Roaming\nvModes.dat
[2010/04/19 18:08:04 | 000,003,519 | ---- | M] () -- C:\Windows\System32\gzdjl
[2010/04/19 18:08:03 | 000,060,928 | ---- | M] () -- C:\Windows\System32\klgd.bmp
[2010/04/18 15:21:43 | 000,067,072 | ---- | M] () -- C:\Users\Henry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/15 01:12:58 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/04/11 09:36:08 | 000,000,665 | ---- | M] () -- C:\Users\Henry\Desktop\Henry.lnk
[2010/04/01 01:00:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/03/28 22:01:14 | 008,630,022 | ---- | M] () -- C:\Users\Henry\Desktop\B.o.B. - Nothin On You Feat Bruno Mars-MIXFIEND.mp3
[2010/03/14 14:00:00 | 000,085,504 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
[2010/03/14 14:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2010/03/12 19:43:54 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/03/08 23:19:14 | 000,002,660 | ---- | M] () -- C:\Users\Henry\Desktop\329590450797_1562041547_30837045_7756266.jpg
[2010/03/07 16:01:16 | 000,000,944 | ---- | M] () -- C:\Users\Henry\Desktop\WinAVI 9.0.lnk
[2010/03/06 22:08:11 | 000,000,406 | ---- | M] () -- C:\Users\Henry\myotherdrive.properties
[2010/03/06 15:00:05 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/03/02 23:46:16 | 000,001,039 | ---- | M] () -- C:\Users\Henry\Desktop\AVS Video Converter 6.lnk
[2010/03/02 23:38:18 | 000,016,114 | ---- | M] () -- C:\Users\Henry\Desktop\[isoHunt]_AVS_Video_Converter_v6.3.1.367___Crack_[RH]____AVS_Video_Convert.4992137.TPB.torrent
[2010/03/02 00:00:00 | 000,053,248 | ---- | M] () -- C:\Windows\System32\pxhpinst.exe
[2010/02/10 13:13:48 | 000,165,376 | ---- | M] () -- C:\Windows\System32\unrar.dll

========== Files Created - No Company Name ==========

[2010/05/03 22:33:06 | 000,297,984 | ---- | C] () -- C:\Users\Henry\Desktop\sam dr bill.doc
[2010/05/03 22:06:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/05/03 22:06:11 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/05/02 17:50:47 | 2145,849,344 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/25 21:57:08 | 004,890,584 | ---- | C] () -- C:\Users\Henry\Desktop\17_-_The_Way_You_Look_Tonight.mp3
[2010/04/23 14:11:52 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At48.job
[2010/04/23 14:11:51 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At47.job
[2010/04/23 14:11:51 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At46.job
[2010/04/23 14:11:51 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At45.job
[2010/04/23 14:11:50 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At44.job
[2010/04/23 14:11:50 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At43.job
[2010/04/23 14:11:50 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At42.job
[2010/04/23 14:11:49 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At41.job
[2010/04/23 14:11:49 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At40.job
[2010/04/23 14:11:48 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At39.job
[2010/04/23 14:11:48 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At38.job
[2010/04/23 14:11:48 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At37.job
[2010/04/23 14:11:47 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At36.job
[2010/04/23 14:11:47 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At35.job
[2010/04/23 14:11:47 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At34.job
[2010/04/23 14:11:46 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At33.job
[2010/04/23 14:11:46 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At32.job
[2010/04/23 14:11:46 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At31.job
[2010/04/23 14:11:46 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At30.job
[2010/04/23 14:11:45 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At29.job
[2010/04/23 14:11:45 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At28.job
[2010/04/23 14:11:44 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At27.job
[2010/04/23 14:11:44 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At26.job
[2010/04/23 14:11:44 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At25.job
[2010/04/23 14:11:43 | 000,066,562 | ---- | C] () -- C:\ProgramData\Sm5M6OaD.exe
[2010/04/23 05:47:25 | 000,000,112 | ---- | C] () -- C:\ProgramData\io2guibM.dat
[2010/04/23 05:47:08 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At24.job
[2010/04/23 05:47:07 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At23.job
[2010/04/23 05:47:07 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At22.job
[2010/04/23 05:47:06 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At21.job
[2010/04/23 05:47:05 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At20.job
[2010/04/23 05:47:05 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At19.job
[2010/04/23 05:47:04 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At18.job
[2010/04/23 05:47:03 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At17.job
[2010/04/23 05:47:03 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At16.job
[2010/04/23 05:47:02 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At15.job
[2010/04/23 05:47:00 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At14.job
[2010/04/23 05:46:57 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At13.job
[2010/04/23 05:46:56 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At12.job
[2010/04/23 05:46:55 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At11.job
[2010/04/23 05:46:54 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At9.job
[2010/04/23 05:46:54 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At10.job
[2010/04/23 05:46:53 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At8.job
[2010/04/23 05:46:52 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At7.job
[2010/04/23 05:46:51 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At6.job
[2010/04/23 05:46:51 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At5.job
[2010/04/23 05:46:50 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010/04/23 05:46:49 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010/04/23 05:46:48 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/04/23 05:46:46 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/04/19 18:08:04 | 000,003,519 | ---- | C] () -- C:\Windows\System32\gzdjl
[2010/04/19 18:08:03 | 000,060,928 | ---- | C] () -- C:\Windows\System32\klgd.bmp
[2010/04/18 13:01:25 | 000,000,680 | ---- | C] () -- C:\Users\Henry\AppData\Local\d3d9caps.dat
[2010/04/18 12:47:27 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/04/18 12:47:27 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2010/04/18 12:47:27 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/04/18 12:47:26 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/04/18 12:47:26 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/04/18 12:47:24 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/04/18 12:47:24 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2010/04/11 09:35:47 | 000,000,665 | ---- | C] () -- C:\Users\Henry\Desktop\Henry.lnk
[2010/03/28 22:01:33 | 008,630,022 | ---- | C] () -- C:\Users\Henry\Desktop\B.o.B. - Nothin On You Feat Bruno Mars-MIXFIEND.mp3
[2010/03/12 19:43:54 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/03/08 18:43:08 | 000,002,660 | ---- | C] () -- C:\Users\Henry\Desktop\329590450797_1562041547_30837045_7756266.jpg
[2010/03/07 16:00:17 | 000,000,944 | ---- | C] () -- C:\Users\Henry\Desktop\WinAVI 9.0.lnk
[2010/03/06 15:00:04 | 000,001,024 | ---- | C] () -- C:\.rnd
[2010/03/06 14:03:43 | 000,000,406 | ---- | C] () -- C:\Users\Henry\myotherdrive.properties
[2010/03/02 23:46:16 | 000,001,039 | ---- | C] () -- C:\Users\Henry\Desktop\AVS Video Converter 6.lnk
[2010/03/02 23:38:17 | 000,016,114 | ---- | C] () -- C:\Users\Henry\Desktop\[isoHunt]_AVS_Video_Converter_v6.3.1.367___Crack_[RH]____AVS_Video_Convert.4992137.TPB.torrent
[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/09/03 14:01:17 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdccoin.dll
[2009/09/03 13:58:33 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdcrwrd.ini
[2009/09/03 13:57:48 | 000,286,720 | ---- | C] () -- C:\Windows\System32\LXDCinst.dll
[2009/09/03 13:57:44 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdcgrd.dll
[2009/08/08 16:52:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/20 23:51:38 | 000,000,126 | ---- | C] () -- C:\Windows\mdm.ini
[2009/05/17 18:42:02 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2009/05/17 18:42:00 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2009/05/17 18:42:00 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2009/05/16 19:23:14 | 000,000,636 | ---- | C] () -- C:\Windows\ODBC.INI
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/05/17 22:47:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdcvs.dll
[2005/05/06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 000,014,017 | ---- | C] () -- C:\Windows\JAUTOEXP.INI
[1998/04/24 00:00:00 | 000,000,218 | ---- | C] () -- C:\Windows\FRONTPG.INI

========== LOP Check ==========

[2009/08/30 18:19:36 | 000,000,000 | ---D | M] -- C:\Users\Henry\AppData\Roaming\Alien Skin
[2009/08/07 15:22:52 | 000,000,000 | ---D | M] -- C:\Users\Henry\AppData\Roaming\IObit
[2009/09/03 14:06:48 | 000,000,000 | ---D | M] -- C:\Users\Henry\AppData\Roaming\Lexmark Productivity Studio
[2009/11/29 00:20:19 | 000,000,000 | ---D | M] -- C:\Users\Henry\AppData\Roaming\Two Pilots
[2010/04/18 22:24:22 | 000,000,000 | ---D | M] -- C:\Users\Henry\AppData\Roaming\uTorrent
[2010/04/25 00:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/04/25 09:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2010/04/25 10:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2010/04/25 11:16:01 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2010/04/25 12:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2010/04/25 13:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2010/04/25 14:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2010/04/25 15:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2010/04/25 16:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2010/04/25 17:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2010/05/02 18:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2010/04/25 01:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/05/02 19:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2010/05/02 20:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2010/05/02 21:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2010/05/04 22:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2010/04/24 23:16:01 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2010/04/25 00:37:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2010/04/25 01:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2010/04/25 02:00:10 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2010/04/25 03:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2010/04/25 04:00:08 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2010/04/25 02:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010/04/25 05:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2010/04/25 06:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2010/04/25 07:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2010/04/25 08:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2010/04/25 09:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2010/04/25 10:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2010/04/25 11:00:04 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2010/04/25 12:00:09 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2010/04/25 13:00:03 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2010/04/25 14:00:02 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2010/04/25 03:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2010/04/25 15:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2010/04/25 16:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2010/04/25 17:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2010/05/02 18:00:05 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2010/05/02 19:00:09 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2010/05/02 20:00:02 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2010/05/02 21:00:09 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2010/05/04 22:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2010/04/24 23:00:08 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2010/04/25 04:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2010/04/25 05:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2010/04/25 06:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2010/04/25 07:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2010/04/25 08:16:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2010/04/15 01:12:58 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010/04/01 01:00:05 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/05/03 22:39:42 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/05/04 22:20:22 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{ABEB773A-5A43-413D-8E1C-011A1E45C777}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2006/11/22 10:57:00 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2006/11/22 10:57:00 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2006/11/22 10:57:00 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2009/05/11 17:26:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009/05/11 17:26:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009/05/11 17:26:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/19 03:34:08 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2008/01/19 03:34:08 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemdrive%\*.sys /90 /md >
Invalid Switch: md

< End of report >







#11 looney2340

looney2340
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:08:30 AM

Posted 04 May 2010 - 09:43 PM

OTL Extras logfile created on: 5/4/2010 10:18:29 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Henry\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.00 Gb Total Space | 95.20 Gb Free Space | 69.49% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.83 Gb Free Space | 58.33% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7.72 Mb Total Space | 0.23 Mb Free Space | 3.02% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Henry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C7AB16-E1DF-4A5B-94F7-E4E4367AF51A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdcpswx.exe |
"{1A8C1A66-C6E1-43DD-A3B8-0C05DDEAF3A4}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{21A94F6C-173A-4053-97C3-A50DD35A22C0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{22C85F40-30D3-4736-AF3C-8C7D3578712F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{29B2D3BA-2A18-4DBB-9DAA-8A3D9AC73D60}" = protocol=17 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
"{2EE18ED4-2A83-453C-B126-5EE9E3EE38C7}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{2F3C9A63-177F-43FA-9F7B-CEE3D535E5AF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{322F5CEB-1F74-42C4-BE03-603890B484F3}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{41259F9E-5885-4F7A-B616-8975635F22B3}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{529CC0B4-2E18-4B2B-B7D5-B07A7B0B1C49}" = protocol=6 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
"{52BE4AF4-2241-4A65-8574-8955CE7AF2F7}" = protocol=6 | dir=in | app=c:\program files\lexmark 1300 series\app4r.exe |
"{5CF52D84-E74D-4EFB-A951-72AF81233C45}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{6B27C9C3-3955-492E-B54A-364C3281BE76}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1242155616\ee\aolsoftware.exe |
"{733BB58A-DA5B-492A-BCC6-EACB3B5F0ADD}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdcpswx.exe |
"{7CE25725-390A-4EFD-B290-310533DC6EC5}" = protocol=17 | dir=in | app=c:\program files\lexmark 1300 series\app4r.exe |
"{7FC8FFAB-6E10-4BA7-8723-175433A3BB8D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdcjswx.exe |
"{80072814-C26B-424E-935C-555BBA2E569C}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{876917ED-23C5-4E0B-8C0B-9EA665B41442}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{93BFA8B4-39A5-4557-96BF-E5CAC22C9E46}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{993CA712-B2D6-49E1-9D00-5A3C9EC16B19}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9EB1393D-9D53-4FD8-9CEC-51B7B3530A11}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{A94E43D8-5CA7-4A12-B865-ACBEAAEC7A71}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A9F4F2A4-74D0-4D58-85BF-6E4A2D9BECC6}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{BE3EB454-9ECE-48CF-86D7-87DE3DF954D1}" = protocol=17 | dir=in | app=c:\windows\system32\lxdccoms.exe |
"{C3D9DC9A-74E2-4D15-9971-BED12DD7C9C4}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{C81C4F61-C310-4EF6-A71D-8CF56FF5EE6C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdcjswx.exe |
"{D8662313-9018-452D-B5B6-17526405C581}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{DFAED1E7-110B-48EC-BE72-0DF84394AB13}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E1643740-51A1-4C7A-B914-09154889BCA7}" = protocol=6 | dir=in | app=c:\windows\system32\lxdccoms.exe |
"{E343A7E0-A01E-4F0D-B677-50CD5D7612DA}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdctime.exe |
"{E7AA99DC-D1BF-47D4-8CD9-B9492D625429}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdctime.exe |
"{F8780228-C295-4CD8-B964-C42EE103C09B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1242155616\ee\aolsoftware.exe |
"{FCF91CB3-1EAA-457E-9F13-8691D26A8EDE}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{FE61C8D0-BA19-4B22-AC15-5862C0ACFA17}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 19
"{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3248F0A8-6813-11D6-A77B-00B0D0150170}" = J2SE Runtime Environment 5.0 Update 17
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{49062DAB-7009-4EBD-903A-830B283407C4}" = TMPGEnc DVD Author 1.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Free Photo Viewer_is1" = Free Photo Viewer
"HijackThis" = HijackThis 2.0.2
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Full)
"Lexmark 1300 Series" = Lexmark 1300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSC" = McAfee SecurityCenter
"MsJavaVM" = Microsoft VM for Java
"NVIDIA Drivers" = NVIDIA Drivers
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WinAVI Video Converter 9.09.0" = WinAVI Video Converter 9.0
"WinMPG VideoConvert_is1" = WinMPG VideoConvert 6.8
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/2/2010 6:11:12 PM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc000071b, fault offset 0x000888f5, process id 0x424, application
start time 0x01caea418d02ff97.

Error - 5/2/2010 6:49:31 PM | Computer Name = Home | Source = SPP | ID = 16387
Description =

Error - 5/2/2010 6:49:31 PM | Computer Name = Home | Source = System Restore | ID = 8193
Description =

Error - 5/2/2010 6:49:31 PM | Computer Name = Home | Source = System Restore | ID = 8210
Description =

Error - 5/2/2010 8:39:27 PM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc000071b, fault offset 0x000888f5, process id 0x450, application
start time 0x01caea4de1186599.

Error - 5/2/2010 9:50:49 PM | Computer Name = Home | Source = SPP | ID = 16387
Description =

Error - 5/2/2010 9:50:49 PM | Computer Name = Home | Source = System Restore | ID = 8193
Description =

Error - 5/2/2010 9:51:17 PM | Computer Name = Home | Source = SPP | ID = 16387
Description =

Error - 5/2/2010 9:51:17 PM | Computer Name = Home | Source = System Restore | ID = 8193
Description =

Error - 5/4/2010 10:19:26 PM | Computer Name = Home | Source = SPP | ID = 16387
Description =

[ Media Center Events ]
Error - 10/11/2009 10:39:05 PM | Computer Name = Hankster | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 9/26/2009 10:02:05 PM | Computer Name = Hankster | Source = BROWSER | ID = 8032
Description =

Error - 9/26/2009 10:10:25 PM | Computer Name = Hankster | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 9/26/2009 10:10:37 PM | Computer Name = Hankster | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 9/26/2009 10:10:49 PM | Computer Name = Hankster | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 9/26/2009 10:11:01 PM | Computer Name = Hankster | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 9/26/2009 10:11:13 PM | Computer Name = Hankster | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 9/26/2009 10:11:25 PM | Computer Name = Hankster | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 9/26/2009 10:11:37 PM | Computer Name = Hankster | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 9/26/2009 10:11:48 PM | Computer Name = Hankster | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 9/26/2009 10:12:00 PM | Computer Name = Hankster | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.


< End of report >


#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:30 PM

Posted 06 May 2010 - 12:52 PM

Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :OTL
    PRC - [2010/04/25 10:18:06 | 000,066,562 | ---- | M] () -- C:\ProgramData\Sm5M6OaD.exe
    [2010/04/25 10:18:08 | 000,000,112 | ---- | M] () -- C:\ProgramData\io2guibM.dat
    [2010/04/25 10:18:06 | 000,066,562 | ---- | M] () -- C:\ProgramData\Sm5M6OaD.exe
    :files
    C:\Windows\tasks\At*.job
    :Commands
    [emptytemp]
    [resethosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Please try Combofix again.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 looney2340

looney2340
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:08:30 AM

Posted 06 May 2010 - 09:55 PM

HERE IS THE LOG REQUESTED.

I DOWNLOADED COMBOFIX AND EVERY TIME I WENT TO RENAME IT MCAFEE CAUGHT IT AS A TROJAN AND DELETED IT. SO I DIDNT RENAME IT AND IT RAN BUT KEPT SAYING COMBOFIX FOUND ROOTKIT ACTIVITY AND NEEDS TO REBOOT MACHINE. IT DID THIS 3 TIMES AND DIDN'T FULLY RUN.




All processes killed
Error: Unable to interpret <OTL> in the current context!
Error: Unable to interpret <PRC - [2010/04/25 10:18:06 | 000,066,562 | ---- | M] () -- C:\ProgramData\Sm5M6OaD.exe> in the current context!
Error: Unable to interpret <[2010/04/25 10:18:08 | 000,000,112 | ---- | M] () -- C:\ProgramData\io2guibM.dat> in the current context!
Error: Unable to interpret <[2010/04/25 10:18:06 | 000,066,562 | ---- | M] () -- C:\ProgramData\Sm5M6OaD.exe> in the current context!
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At13.job moved successfully.
C:\Windows\tasks\At14.job moved successfully.
C:\Windows\tasks\At15.job moved successfully.
C:\Windows\tasks\At16.job moved successfully.
C:\Windows\tasks\At17.job moved successfully.
C:\Windows\tasks\At18.job moved successfully.
C:\Windows\tasks\At19.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At20.job moved successfully.
C:\Windows\tasks\At21.job moved successfully.
C:\Windows\tasks\At22.job moved successfully.
C:\Windows\tasks\At23.job moved successfully.
C:\Windows\tasks\At24.job moved successfully.
C:\Windows\tasks\At25.job moved successfully.
C:\Windows\tasks\At26.job moved successfully.
C:\Windows\tasks\At27.job moved successfully.
C:\Windows\tasks\At28.job moved successfully.
C:\Windows\tasks\At29.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At30.job moved successfully.
C:\Windows\tasks\At31.job moved successfully.
C:\Windows\tasks\At32.job moved successfully.
C:\Windows\tasks\At33.job moved successfully.
C:\Windows\tasks\At34.job moved successfully.
C:\Windows\tasks\At35.job moved successfully.
C:\Windows\tasks\At36.job moved successfully.
C:\Windows\tasks\At37.job moved successfully.
C:\Windows\tasks\At38.job moved successfully.
C:\Windows\tasks\At39.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At40.job moved successfully.
C:\Windows\tasks\At41.job moved successfully.
C:\Windows\tasks\At42.job moved successfully.
C:\Windows\tasks\At43.job moved successfully.
C:\Windows\tasks\At44.job moved successfully.
C:\Windows\tasks\At45.job moved successfully.
C:\Windows\tasks\At46.job moved successfully.
C:\Windows\tasks\At47.job moved successfully.
C:\Windows\tasks\At48.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At9.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Henry
->Temp folder emptied: 155436 bytes
->Temporary Internet Files folder emptied: 77637190 bytes
->Java cache emptied: 41646341 bytes
->FireFox cache emptied: 47025043 bytes
->Flash cache emptied: 70424 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2339869 bytes
RecycleBin emptied: 989961 bytes

Total Files Cleaned = 162.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.4.1 log created on 05062010_223232

Files\Folders moved on Reboot...
C:\Windows\temp\hsperfdata_HOME$\9268 moved successfully.
File\Folder C:\Windows\temp\mcafee_5CgMdA0HWWo46y7 not found!
File\Folder C:\Windows\temp\mcafee_IsttazViQzWpOOZ not found!
File\Folder C:\Windows\temp\mcmsc_3BzM26xoriFdCBi not found!
File\Folder C:\Windows\temp\mcmsc_8BrBr3nmZeSt7no not found!
File\Folder C:\Windows\temp\mcmsc_ekHRzWIjnOl2x0s not found!
File\Folder C:\Windows\temp\mcmsc_hpVxCpAcqBYPzWa not found!
File\Folder C:\Windows\temp\mcmsc_iigm5SUruYDUmhT not found!
File\Folder C:\Windows\temp\mcmsc_t7ybXo8zYmRbNEQ not found!
File\Folder C:\Windows\temp\sqlite_av4BQcrTV3zlQg1 not found!
File\Folder C:\Windows\temp\sqlite_DtbcI6BX5wMTTce not found!
File\Folder C:\Windows\temp\sqlite_MzBI6sfSTH8BPss not found!
File\Folder C:\Windows\temp\sqlite_uV1AkhdrsByehNi not found!

Registry entries deleted on Reboot...


#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:30 PM

Posted 08 May 2010 - 06:28 AM

Hi,


First, you must verify that you can access the Vista Recovery Environment.
To do so, restart your computer and begin tapping the F8 key to enable the Advanced Start menu.
If the option 'Repair your computer' is available, select it.

If not available, you will need to insert your Vista installation dvd and restart, then press any key when prompted to boot from the cd.
At the Install Windows screen, select Repair your computer. (image below)



Next, please download maxlook, saving the file to your desktop.
Double click maxlook.exe to run it. Note - you must run it only once!
As instructed when the tool runs, restart the computer and logon to the Recovery Environment.
Once you get to the System Recovery Options screen, first take note of the drive letter assigned to the operating system, then select Command Prompt.



Type the following bolded command at the x:\sources> prompt (or x:\windows\system32>) then hit Enter.

cd /d x:\windows <--- the red x represents your operating system drive letter, as shown in the image below




At the C:\Windows> prompt type the following command then hit Enter

look.bat

You will see many files copied then return to the x:\windows> prompt.
Type Exit then restart your computer and logon in normal mode.

Please go to start > run and type

maxlook -sig

and hit enter. A logfile will open, please post back with the content of the log.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 looney2340

looney2340
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:08:30 AM

Posted 09 May 2010 - 09:37 PM

Here is the requested Log. I have a question the program i just ran what does it do exactly ??



CODE
Run from C:\Users\Henry\Desktop\maxlook.exe on Sun 05/09/2010 at 22:35:45.34

--------- maxlook unsigned files ---------

c:\windows\maxdriver\Pcouffin.sys:
    Verified:    Unsigned
    File date:    12:15 AM 1/23/2010
    Publisher:    VSO Software
    Description:    Patin-Couffin low level access layer for CD devices
    Product:    Patin couffin engine
    Version:    1.35
    File version:    1.35
c:\windows\maxdriver\pxhelp20.sys:
    Verified:    Unsigned
    File date:    11:53 PM 1/22/2010
    Publisher:    Sonic Solutions
    Description:    Px Engine Device Driver for Windows 2000/XP
    Product:    PxHelp20
    Version:    n/a
    File version:    2.02.62a
c:\windows\maxdriver\RDPCDD.sys:
    Verified:    Unsigned
    File date:    7:48 AM 5/7/2010
    Publisher:    n/a
    Description:    n/a
    Product:    n/a
    Version:    n/a
    File version:    n/a
c:\windows\maxdriver\windrvr.sys:
    Verified:    Unsigned
    File date:    12:49 PM 8/24/2006
    Publisher:    Jungo
    Description:    WinDriver Device Driver 4.33
    Product:    WinDriver Device Driver
    Version:    4.33
    File version:    4.33

--------- system32\drivers unsigned files ---------

c:\windows\system32\drivers\Pcouffin.sys:
    Verified:    Unsigned
    File date:    12:15 AM 1/23/2010
    Publisher:    VSO Software
    Description:    Patin-Couffin low level access layer for CD devices
    Product:    Patin couffin engine
    Version:    1.35
    File version:    1.35
c:\windows\system32\drivers\pxhelp20.sys:
    Verified:    Unsigned
    File date:    11:53 PM 1/22/2010
    Publisher:    Sonic Solutions
    Description:    Px Engine Device Driver for Windows 2000/XP
    Product:    PxHelp20
    Version:    n/a
    File version:    2.02.62a
c:\windows\system32\drivers\windrvr.sys:
    Verified:    Unsigned
    File date:    12:49 PM 8/24/2006
    Publisher:    Jungo
    Description:    WinDriver Device Driver 4.33
    Product:    WinDriver Device Driver
    Version:    4.33
    File version:    4.33

Edited by looney2340, 09 May 2010 - 09:38 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users