Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System settings messed up after infestation. In a continuous shutdown loop with no sound, internet, taskbar, service controls, Mcafee or mbam


  • This topic is locked This topic is locked
128 replies to this topic

#1 eds1011

eds1011

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 25 January 2011 - 07:00 PM

I just realized I posted about this in the wrong place earlier (Am infected. What do I do?) and without the proper preparation. I sincerely apologize.

I am on Windows XP SP2 and my problems started with Memory fixer which I believe got on my system because I had an outdated copy of Java. I got rid of the memory fixer virus with Malwarbytes and a program called iexplore.exe because I read on a site that's what I needed to do. (I'm not sure using iexplore was the correct thing to do however.) I also ran ccleaner and I believe (though I've tried so many fixes I'm no longer entirely sure) that it was after that that my computer got caught in a continuous shutdown loop with the message "The system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT Authority\System" followed by a 60 second "Time Before Shutdown" countdown.

Several services are not running and I cannot access them properly in services to start them or change their properties. I have no networking, no internet, no copy and paste, no taskbar, no sound and any attempt to run or reinstall Mcafee or Malwarebytes doesn't work. I can abort the shutdown using shutdown - a and If I simply stop enough running processes the 60 second shutdown loop stops but I still get the shutdown warning and countdown on certain actions like opening a new program.

Fortunately I happen to have unlocker which has a move file function so I'm able to get files on and off the computer. I've now downloaded many programs to help including superantispyware, gmer, DDS, etc., (running them I also found that I had AVscan) and have been able to do everything to properly post logs here now. (Again, I apologize for posting incorrectly earlier and would be grateful if an admin could delete my earlier incorrect post.)

I've attached my GMER log. Here is my DDS file:



DDS (Ver_10-12-12.02) - NTFSx86
Run by Evan's profile at 21:52:18.85 on Thu 01/20/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

============== Running Processes ===============

C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\WINDOWS\system32\GEARSEC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Documents and Settings\Evan's profile.EVAN\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyServer = http=127.0.0.1:8074
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.ask.com/web?q={searchTerms}&o=14482&l=dis
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101108200744.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [McAfee Update] c:\docume~1\evan's~1.eva\locals~1\temp\mcupdate_1279476401.exe /insfin c:\docume~1\evan's~1.eva\locals~1\temp\mcupdate_1279476402.ini /syncfin
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [PMCRemote]
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [Google Update] "c:\documents and settings\evan's profile.evan\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SSBkgdUpdate] c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe -Embedding -boot
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [MacDrive application] "c:\program files\mediafour\macdrive 7\MacDrive.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers
mRun: [Getting started with MacDrive] "c:\program files\mediafour\macdrive 7\MDGetStarted.exe" /auto
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Document Manager] c:\program files\wave systems corp\services manager\docmgr\bin\docmgr.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunServices: [SchedulingAgent] c:\windows\system32\mstask.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth
mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:\program files\pixiepack codec pack\InstallerHelper.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\evan's~1.eva\applic~1\mozilla\firefox\profiles\9d86enqs.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63111
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\evan's profile.evan\application data\mozilla\firefox\profiles\9d86enqs.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\progra~1\palmone\packag~1\NPInstal.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\NPSIStub.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {BE3B973C-4204-4DB4-8C56-755477CECA43} - c:\documents and settings\evan's profile.evan\local settings\application data\{BE3B973C-4204-4DB4-8C56-755477CECA43}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R? aawservice;Ad-Aware 2007 Service
R? cfwids;McAfee Inc. cfwids
R? DSSUSB1;DSSUSB1 Device
R? Flamethrower;Flamethrower
R? JakNDis;Jaksta Service
R? McMPFSvc;McAfee Personal Firewall Service
R? McNaiAnn;McAfee VirusScan Announcer
R? McProxy;McAfee Proxy Service
R? mfendisk;McAfee Core NDIS Intermediate Filter
R? mferkdet;McAfee Inc. mferkdet
R? NuVision;Hauppauge WinTV USB Pro (NTSC)
S? JakNDisMP;JakNDisMP
S? MacDriveService;MacDrive service
S? McShield;McShield
S? MDFSYSNT;MacDrive file system driver
S? MDPMGRNT;MacDrive partition driver
S? mfeavfk;McAfee Inc. mfeavfk
S? mfebopk;McAfee Inc. mfebopk
S? mfefire;McAfee Firewall Core Service
S? mfefirek;McAfee Inc. mfefirek
S? mfehidk;McAfee Inc. mfehidk
S? mfendiskmp;mfendiskmp
S? mfetdi2k;McAfee Inc. mfetdi2k
S? mfevtp;McAfee Validation Trust Protection Service
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL

=============== Created Last 30 ================

2011-01-16 19:01:38 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-01-11 23:17:53 388608 ----a-w- c:\program files\HijackThis.exe
2011-01-10 13:22:31 230120 ----a-w- c:\windows\WBDBU32I.DLL
2011-01-10 01:24:31 -------- d-----w- c:\docume~1\evan's~1.eva\applic~1\SUPERAntiSpyware.com
2011-01-10 01:24:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-10 01:24:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-10 01:20:32 -------- d-----w- c:\program files\SpywareBlaster
2011-01-08 01:36:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-08 01:36:12 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-01-08 01:18:18 -------- d-----w- c:\docume~1\evan's~1.eva\locals~1\applic~1\Secunia PSI
2011-01-08 01:17:51 -------- d-----w- c:\program files\Secunia
2011-01-05 23:41:00 53248 ----a-w- c:\windows\system32\drivers\sst227.sys
2011-01-05 23:41:00 0 ----a-w- c:\windows\system32\drivers\sst227.tmp
2011-01-03 22:33:43 -------- d-----w- c:\docume~1\evan's~1.eva\locals~1\applic~1\Jaksta_Pty_Ltd
2011-01-03 22:32:32 -------- d-----w- c:\docume~1\evan's~1.eva\applic~1\Jaksta
2011-01-03 22:32:21 -------- d-----w- c:\program files\Applian Technologies

==================== Find3M ====================

2010-12-14 01:56:29 2790864 ----a-w- c:\program files\install_flash_player.exe
2010-11-16 02:10:45 1685569 ----a-w- c:\program files\FileZilla_Server-0_9_37.exe
2010-11-16 02:10:14 4198724 ----a-w- c:\program files\FileZilla_3.3.4.1_win32-setup.exe
2010-11-12 21:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-18 20:54:05 2463272 ----a-w- c:\program files\TreeSizeFreeSetup.exe
2010-07-22 01:39:22 3059184 ----a-w- c:\program files\DMSetup.exe
2010-07-19 02:30:12 1584 ----a-w- c:\program files\runme.bat
2010-07-19 02:28:26 135168 ----a-w- c:\program files\McPreInstall.exe
2010-07-18 18:21:02 3048960 ----a-w- c:\program files\mvt_en-us.msi
2010-07-11 03:41:54 8589088 ----a-w- c:\program files\Firefox Setup 3.6.6.exe
2010-07-02 01:57:44 6153352 ----a-w- c:\program files\mbam-setup-1.46.exe
2010-06-06 22:18:46 10367552 ----a-w- c:\program files\Opera_1053_en_Setup.exe
2010-03-26 00:08:49 1683240 ----a-w- c:\program files\SkypeSetup.exe
2010-02-24 20:25:20 8327264 ----a-w- c:\program files\Firefox Setup 3.6.exe
2009-12-16 23:55:05 4844296 ----a-w- c:\program files\mbam-setup.exe
2009-11-18 19:40:29 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2009-10-28 18:40:23 7692288 ----a-w- c:\program files\Data_Transfer_Assistant_1_1.exe
2009-10-27 21:09:14 73233320 ----a-w- c:\program files\PalmDesktopWin62.exe
2009-09-15 18:56:20 641881 ----a-w- c:\program files\windirstat1_1_2_setup.exe
2009-09-14 17:09:30 1048000 ----a-w- c:\program files\ccsetup223_slim.exe
2009-09-14 16:06:05 16664352 ----a-w- c:\program files\jre-6u16-windows-i586.exe
2009-08-29 18:20:47 4928376 ----a-w- c:\program files\Silverlight.exe
2009-08-19 03:51:13 5520384 ----a-w- c:\program files\icytower14_install.exe
2009-07-14 22:15:16 8114720 ----a-w- c:\program files\Firefox Setup 3.5.exe
2009-07-07 00:39:24 15452536 ----a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2009-06-22 18:57:49 4008201 ----a-w- c:\program files\FileZilla_3.2.5_win32-setup.exe
2009-06-18 17:19:11 150923504 ----a-w- c:\program files\acidpro70c.exe
2009-04-28 00:49:39 198064 ----a-w- c:\program files\MoveMediaPlayer_071303000006.exe
2009-04-15 20:12:28 14032184 ----a-w- c:\program files\download.dataviz.com
2009-03-12 22:39:19 5287664 ----a-w- c:\program files\macdrive_7.2.6_en_setup.exe
2009-03-12 20:56:14 5287664 ----a-w- c:\program files\macdrive
2008-11-12 05:59:31 2320897 ----a-w- c:\program files\qcd451.exe
2008-11-06 18:11:40 5613360 ----a-w- c:\program files\Opera_962_en_Setup.exe
2008-10-30 14:15:07 5831451 ----a-w- c:\program files\Jaksta.v230.exe
2008-10-28 13:31:45 850374 ----a-w- c:\program files\SmartMorph.exe
2008-10-02 02:24:41 460280 ----a-w- c:\program files\RealDVDv1GOLD.exe
2008-10-01 11:59:06 4327128 ----a-w- c:\program files\AM_CDBurner.exe
2008-09-12 02:21:04 22448944 ----a-w- c:\program files\snagit.exe
2008-09-10 16:06:02 5212808 ----a-w- c:\program files\macdrive_7.2.2_en_setup.exe
2008-06-06 22:12:16 3560545 ----a-w- c:\program files\acaladvdpocketripper.exe
2008-03-14 14:18:48 2704896 ----a-w- c:\program files\WacomTablet_493-3.exe
2008-03-10 23:55:27 5910696 ----a-w- c:\program files\fdminst.exe
2008-03-04 20:20:31 12569040 ----a-w- c:\program files\cinemaforge.exe
2008-02-14 19:37:42 2893669 ----a-w- c:\program files\PrintScreen43_Setup.exe
2007-08-24 15:54:58 2228534 ----a-w- c:\program files\audacity-win-1.2.6.exe
2007-02-28 20:56:13 1035271 ----a-w- c:\program files\wrar362.exe

============= FINISH: 22:00:20.46 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:40 AM

Posted 31 January 2011 - 03:09 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.


Regards,
Georgi :hello:

cXfZ4wS.png


#3 eds1011

eds1011
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 01 February 2011 - 12:08 PM

Thanks very much for responding.

I'm still experiencing the same problems. I'm running Windows XP SP2 32bit (on a Dell laptop) and I have my original Windows disk available. I ran DDS again last night as well as GMER. (Logs below and attached.)

I tried to disable all my antivirus programs but was unable to terminate, uninstall or delete Mcafee.

Here's my description of the problem from my original post:

"...my problems started with Memory fixer which I believe got on my system because I had an outdated copy of Java. I got rid of the memory fixer virus with Malwarbytes and a program called iexplore.exe because I read on a site that's what I needed to do. (I'm not sure using iexplore was the correct thing to do however.) I also ran ccleaner and I believe (though I've tried so many fixes I'm no longer entirely sure) that it was after that that my computer got caught in a continuous shutdown loop with the message "The system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT Authority\System" followed by a 60 second "Time Before Shutdown" countdown.

Several services are not running and I cannot access them properly in services to start them or change their properties. I have no networking, no internet, no copy and paste, no taskbar, no sound and any attempt to run or reinstall Mcafee or Malwarebytes doesn't work. I can abort the shutdown using shutdown - a and If I simply stop enough running processes the 60 second shutdown loop stops but I still get the shutdown warning and countdown on certain actions like opening a new program.

Fortunately I happen to have unlocker which has a move file function so I'm able to get files on and off the computer. I've now downloaded many programs to help including superantispyware, gmer, DDS, etc., (running them I also found that I had AVscan)"

Since my original post I've also discovered that my DVD drive is functioning abnormally. Discs (DVD, CD and data) do not autostart although I can see their contents and get some files on them to run (although DVD's play so poorly as to be unwatchable.)

I also discovered that GMER shows some of my registry folders in red. I don't know if that's irrelevant information at this stage but in case it's not I've attached a screenshot of it showing my security folders in red.

Please help!

Thanks again for responding.



DDS (Ver_10-12-12.02) - NTFSx86
Run by Evan's profile at 22:00:08.53 on Mon 01/31/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

============== Running Processes ===============

C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\WINDOWS\system32\GEARSEC.EXE
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Documents and Settings\Evan's profile.EVAN\Desktop\dds.scr
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyServer = http=127.0.0.1:8074
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.ask.com/web?q={searchTerms}&o=14482&l=dis
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101108200744.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [McAfee Update] c:\docume~1\evan's~1.eva\locals~1\temp\mcupdate_1279476401.exe /insfin c:\docume~1\evan's~1.eva\locals~1\temp\mcupdate_1279476402.ini /syncfin
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [PMCRemote]
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [Google Update] "c:\documents and settings\evan's profile.evan\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SSBkgdUpdate] c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe -Embedding -boot
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [MacDrive application] "c:\program files\mediafour\macdrive 7\MacDrive.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers
mRun: [Getting started with MacDrive] "c:\program files\mediafour\macdrive 7\MDGetStarted.exe" /auto
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Document Manager] c:\program files\wave systems corp\services manager\docmgr\bin\docmgr.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunServices: [SchedulingAgent] c:\windows\system32\mstask.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth
mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:\program files\pixiepack codec pack\InstallerHelper.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\evan's~1.eva\applic~1\mozilla\firefox\profiles\9d86enqs.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63111
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\evan's profile.evan\application data\mozilla\firefox\profiles\9d86enqs.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\progra~1\palmone\packag~1\NPInstal.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\NPSIStub.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {BE3B973C-4204-4DB4-8C56-755477CECA43} - c:\documents and settings\evan's profile.evan\local settings\application data\{BE3B973C-4204-4DB4-8C56-755477CECA43}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R? aawservice;Ad-Aware 2007 Service
R? cfwids;McAfee Inc. cfwids
R? DSSUSB1;DSSUSB1 Device
R? Flamethrower;Flamethrower
R? JakNDis;Jaksta Service
R? McMPFSvc;McAfee Personal Firewall Service
R? McNaiAnn;McAfee VirusScan Announcer
R? McProxy;McAfee Proxy Service
R? mfendisk;McAfee Core NDIS Intermediate Filter
R? mferkdet;McAfee Inc. mferkdet
R? NuVision;Hauppauge WinTV USB Pro (NTSC)
S? JakNDisMP;JakNDisMP
S? MacDriveService;MacDrive service
S? McShield;McShield
S? MDFSYSNT;MacDrive file system driver
S? MDPMGRNT;MacDrive partition driver
S? mfeavfk;McAfee Inc. mfeavfk
S? mfebopk;McAfee Inc. mfebopk
S? mfefire;McAfee Firewall Core Service
S? mfefirek;McAfee Inc. mfefirek
S? mfehidk;McAfee Inc. mfehidk
S? mfendiskmp;mfendiskmp
S? mfetdi2k;McAfee Inc. mfetdi2k
S? mfevtp;McAfee Validation Trust Protection Service
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL

=============== Created Last 30 ================

2011-01-22 01:34:50 -------- d-----w- c:\docume~1\evan's~1.eva\applic~1\Wave Systems Corp
2011-01-16 19:01:38 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-01-11 23:17:53 388608 ----a-w- c:\program files\HijackThis.exe
2011-01-10 13:22:31 230120 ----a-w- c:\windows\WBDBU32I.DLL
2011-01-10 01:24:31 -------- d-----w- c:\docume~1\evan's~1.eva\applic~1\SUPERAntiSpyware.com
2011-01-10 01:24:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-10 01:24:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-10 01:20:32 -------- d-----w- c:\program files\SpywareBlaster
2011-01-08 01:36:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-08 01:36:12 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-01-08 01:18:18 -------- d-----w- c:\docume~1\evan's~1.eva\locals~1\applic~1\Secunia PSI
2011-01-08 01:17:51 -------- d-----w- c:\program files\Secunia
2011-01-05 23:41:00 53248 ----a-w- c:\windows\system32\drivers\sst227.sys
2011-01-05 23:41:00 0 ----a-w- c:\windows\system32\drivers\sst227.tmp
2011-01-03 22:33:43 -------- d-----w- c:\docume~1\evan's~1.eva\locals~1\applic~1\Jaksta_Pty_Ltd
2011-01-03 22:32:32 -------- d-----w- c:\docume~1\evan's~1.eva\applic~1\Jaksta
2011-01-03 22:32:21 -------- d-----w- c:\program files\Applian Technologies

==================== Find3M ====================

2010-12-14 01:56:29 2790864 ----a-w- c:\program files\install_flash_player.exe
2010-11-16 02:10:45 1685569 ----a-w- c:\program files\FileZilla_Server-0_9_37.exe
2010-11-16 02:10:14 4198724 ----a-w- c:\program files\FileZilla_3.3.4.1_win32-setup.exe
2010-11-12 21:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-18 20:54:05 2463272 ----a-w- c:\program files\TreeSizeFreeSetup.exe
2010-07-22 01:39:22 3059184 ----a-w- c:\program files\DMSetup.exe
2010-07-19 02:30:12 1584 ----a-w- c:\program files\runme.bat
2010-07-18 18:21:02 3048960 ----a-w- c:\program files\mvt_en-us.msi
2010-07-11 03:41:54 8589088 ----a-w- c:\program files\Firefox Setup 3.6.6.exe
2010-07-02 01:57:44 6153352 ----a-w- c:\program files\mbam-setup-1.46.exe
2010-06-06 22:18:46 10367552 ----a-w- c:\program files\Opera_1053_en_Setup.exe
2010-03-26 00:08:49 1683240 ----a-w- c:\program files\SkypeSetup.exe
2010-02-24 20:25:20 8327264 ----a-w- c:\program files\Firefox Setup 3.6.exe
2009-12-16 23:55:05 4844296 ----a-w- c:\program files\mbam-setup.exe
2009-11-18 19:40:29 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2009-10-28 18:40:23 7692288 ----a-w- c:\program files\Data_Transfer_Assistant_1_1.exe
2009-10-27 21:09:14 73233320 ----a-w- c:\program files\PalmDesktopWin62.exe
2009-09-15 18:56:20 641881 ----a-w- c:\program files\windirstat1_1_2_setup.exe
2009-09-14 17:09:30 1048000 ----a-w- c:\program files\ccsetup223_slim.exe
2009-09-14 16:06:05 16664352 ----a-w- c:\program files\jre-6u16-windows-i586.exe
2009-08-29 18:20:47 4928376 ----a-w- c:\program files\Silverlight.exe
2009-08-19 03:51:13 5520384 ----a-w- c:\program files\icytower14_install.exe
2009-07-14 22:15:16 8114720 ----a-w- c:\program files\Firefox Setup 3.5.exe
2009-07-07 00:39:24 15452536 ----a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2009-06-22 18:57:49 4008201 ----a-w- c:\program files\FileZilla_3.2.5_win32-setup.exe
2009-06-18 17:19:11 150923504 ----a-w- c:\program files\acidpro70c.exe
2009-04-28 00:49:39 198064 ----a-w- c:\program files\MoveMediaPlayer_071303000006.exe
2009-04-15 20:12:28 14032184 ----a-w- c:\program files\download.dataviz.com
2009-03-12 22:39:19 5287664 ----a-w- c:\program files\macdrive_7.2.6_en_setup.exe
2009-03-12 20:56:14 5287664 ----a-w- c:\program files\macdrive
2008-11-12 05:59:31 2320897 ----a-w- c:\program files\qcd451.exe
2008-11-06 18:11:40 5613360 ----a-w- c:\program files\Opera_962_en_Setup.exe
2008-10-30 14:15:07 5831451 ----a-w- c:\program files\Jaksta.v230.exe
2008-10-28 13:31:45 850374 ----a-w- c:\program files\SmartMorph.exe
2008-10-02 02:24:41 460280 ----a-w- c:\program files\RealDVDv1GOLD.exe
2008-10-01 11:59:06 4327128 ----a-w- c:\program files\AM_CDBurner.exe
2008-09-12 02:21:04 22448944 ----a-w- c:\program files\snagit.exe
2008-09-10 16:06:02 5212808 ----a-w- c:\program files\macdrive_7.2.2_en_setup.exe
2008-06-06 22:12:16 3560545 ----a-w- c:\program files\acaladvdpocketripper.exe
2008-03-14 14:18:48 2704896 ----a-w- c:\program files\WacomTablet_493-3.exe
2008-03-10 23:55:27 5910696 ----a-w- c:\program files\fdminst.exe
2008-03-04 20:20:31 12569040 ----a-w- c:\program files\cinemaforge.exe
2008-02-14 19:37:42 2893669 ----a-w- c:\program files\PrintScreen43_Setup.exe
2007-08-24 15:54:58 2228534 ----a-w- c:\program files\audacity-win-1.2.6.exe
2007-02-28 20:56:13 1035271 ----a-w- c:\program files\wrar362.exe

============= FINISH: 22:09:38.25 ===============

Attached File  gmer log 13111.log   119.28KB   6 downloads

Attached File  GMER Registry shows red folders.jpg   194.16KB   5 downloads

#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:10:40 AM

Posted 02 February 2011 - 02:18 AM

Hello and welcome to Bleeping Computer. :)

*Please enable topic reply notification, follow step # 4 -> Here.

*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.

*Please do not attach logs unless instructed.

*You must reply within 5 days otherwise this topic will be closed.


=======================================


I can see base on your description that the PC have multiple problems, we will try to solve them one at a time and we will begin by removing all seen malwares.


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



2. We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 eds1011

eds1011
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 02 February 2011 - 11:19 AM

Hi,

I downloaded and ran both Security Check and OTL.

When I ran Security Check I had the following problem:

While security check showed “Preparing” in the black box an error message popped up which said "AutoIt Error. Line -1: Error: Variable must be of type “Object”. " When I clicked OK on the error message the message in the security check black box changed to “Preparing Done” but no notepad box appeared. Nothing else happened with Security Check.

OTL worked fine and I've pasted the results below.

I also realized that thus far, while I have tried to disable Mcafee in multiple ways, I have failed to try to disable my Mcafee AV Plus firewall from within the Mcafee settings dialog. (I actually really didn't think I could still access it with the other myriad problems I've had.) I don't want to make any changes to my system without your permission so will you please tell me if it's now okay to go ahead and try to turn off the Mcafee firewall in this way?

Thanks.



OTL Logs:

OTL logfile created on: 2/2/2011 10:53:34 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Evan's profile.EVAN\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 528.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.99 Gb Total Space | 17.39 Gb Free Space | 11.67% Space Free | Partition Type: NTFS
Drive E: | 14.89 Gb Total Space | 9.26 Gb Free Space | 62.15% Space Free | Partition Type: FAT32

Computer Name: EVAN | User Name: Evan's profile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/26 01:58:46 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\OTL.exe
PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/09/30 13:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2008/03/01 00:10:57 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2007/12/27 14:08:00 | 000,364,544 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/28 14:29:39 | 015,900,672 | ---- | M] (Adobe Systems, Incorporated) -- C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
PRC - [2007/02/22 18:32:12 | 000,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
PRC - [2006/06/12 11:01:14 | 000,180,224 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
PRC - [2006/03/24 17:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/19 14:31:52 | 000,749,568 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2005/09/08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/02/16 15:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2001/09/25 05:00:52 | 000,061,440 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\GEARSEC.EXE


========== Modules (SafeList) ==========

MOD - [2011/01/26 01:58:46 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\OTL.exe
MOD - [2008/03/01 00:10:47 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2006/08/25 09:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/11/06 09:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2008/11/26 08:23:46 | 000,150,528 | ---- | M] (Mediafour Corporation) [Auto | Stopped] -- C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe -- (MacDriveService)
SRV - [2007/10/29 12:27:04 | 000,587,096 | ---- | M] (Lavasoft AB) [Auto | Stopped] -- C:\Program Files\Lavasoft\adaware 7\aawservice.exe -- (aawservice)
SRV - [2007/03/16 00:23:32 | 000,049,152 | ---- | M] (Avid Technology, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\AvidSDMService.exe -- (AvidSDMService)
SRV - [2007/03/16 00:23:02 | 001,536,000 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\AvidStartup.exe -- (AvidStartup)
SRV - [2006/06/29 13:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/06/12 11:01:14 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2006/05/15 20:19:00 | 000,315,392 | ---- | M] (Wave Systems Corp.) [Auto | Stopped] -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe -- (DataSvr2)
SRV - [2005/10/19 14:31:52 | 000,749,568 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2004/06/29 21:36:08 | 000,065,536 | ---- | M] (OLYMPUS Corporation) [Auto | Stopped] -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service)
SRV - [2001/09/25 05:00:52 | 000,061,440 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\GEARSEC.EXE -- (GEARSecurity)


========== Driver Services (SafeList) ==========

DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/06/24 13:52:08 | 000,028,256 | ---- | M] (Jaksta LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\JakNDis.sys -- (JakNDisMP)
DRV - [2010/06/24 13:52:08 | 000,028,256 | ---- | M] (Jaksta LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\JakNDis.sys -- (JakNDis)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/16 11:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/05/19 13:19:26 | 000,020,992 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2009/04/30 17:18:20 | 000,284,416 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2008/09/25 11:33:16 | 000,043,552 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2008/04/01 16:29:08 | 000,445,184 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2007/03/16 06:12:26 | 000,145,536 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Flamethrower.sys -- (Flamethrower)
DRV - [2007/03/16 01:23:48 | 000,056,832 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AvidXPSerial.sys -- (Serial)
DRV - [2007/03/15 22:32:40 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [2007/02/21 20:26:07 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2006/11/22 18:34:36 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/10/05 17:07:28 | 000,072,608 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2006/04/07 17:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/21 20:03:00 | 003,652,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/03/14 07:22:00 | 000,090,176 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2006/03/14 07:22:00 | 000,028,216 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2006/03/08 12:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/12/09 16:35:00 | 000,018,816 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pbadrv.sys -- (PBADRV)
DRV - [2005/12/01 01:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 01:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 01:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/11/10 10:25:14 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/09/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/07/14 17:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 16:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 18:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/07/08 16:40:42 | 000,260,144 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Nuvision.sys -- (NuVision) Hauppauge WinTV USB Pro (NTSC)
DRV - [2005/05/13 16:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2004/08/12 18:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 00:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 00:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004/08/03 23:10:12 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2004/08/03 23:10:12 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2004/08/03 23:10:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2004/08/03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2003/03/13 08:23:28 | 000,019,712 | R--- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxofwfp.sys -- (MaxtorFrontPanel1)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:05:48 | 000,314,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamDrO21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000 (08B0)
DRV - [2001/04/09 12:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)
DRV - [2001/01/30 01:32:06 | 000,039,071 | R--- | M] (OLYMPUS OPTICAL CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DSSUSB1.sys -- (DSSUSB1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ask.com/web?q={searchTerms}&o=14482&l=dis


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8074

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8074


IE - HKU\S-1-5-21-712245372-3583151595-971400384-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-712245372-3583151595-971400384-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-712245372-3583151595-971400384-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-712245372-3583151595-971400384-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-712245372-3583151595-971400384-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-712245372-3583151595-971400384-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8074

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {BE3B973C-4204-4DB4-8C56-755477CECA43}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 63111
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\extensions\\{BE3B973C-4204-4DB4-8C56-755477CECA43}: C:\Documents and Settings\Evan's profile.EVAN\Local Settings\Application Data\{BE3B973C-4204-4DB4-8C56-755477CECA43} [2010/06/19 19:40:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/07 07:50:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/07 20:36:12 | 000,000,000 | ---D | M]

[2009/07/14 17:17:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Mozilla\Extensions
[2011/01/21 20:40:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Mozilla\Firefox\Profiles\9d86enqs.default\extensions
[2010/06/03 07:54:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Mozilla\Firefox\Profiles\9d86enqs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/14 19:00:17 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Mozilla\Firefox\Profiles\9d86enqs.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2007/03/13 10:55:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Mozilla\Sunbird\Profiles\ox3euikv.default\extensions
[2011/01/21 20:40:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/07 20:36:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/06/19 19:40:24 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\EVAN'S PROFILE.EVAN\LOCAL SETTINGS\APPLICATION DATA\{BE3B973C-4204-4DB4-8C56-755477CECA43}
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/10/25 23:31:29 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101108200744.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-712245372-3583151595-971400384-1005\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-712245372-3583151595-971400384-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-712245372-3583151595-971400384-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Getting started with MacDrive] C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe (Mediafour Corporation)
O4 - HKLM..\Run: [HotSync] File not found
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MacDrive application] C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe (Mediafour Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-21-712245372-3583151595-971400384-1005..\Run: [McAfee Update] File not found
O4 - HKU\S-1-5-21-712245372-3583151595-971400384-1005..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\S-1-5-21-712245372-3583151595-971400384-1005..\Run: [PMCRemote] File not found
O4 - HKU\S-1-5-21-712245372-3583151595-971400384-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-712245372-3583151595-971400384-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunServices: [SchedulingAgent] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe (Wave Systems Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-712245372-3583151595-971400384-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\S-1-5-21-712245372-3583151595-971400384-1005\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-712245372-3583151595-971400384-1005\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-712245372-3583151595-971400384-1005\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b517b466-b4ad-11dc-9946-00188bad1fd5}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDEULA.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: mnmsfunc - (C:\WINDOWS\system32\ntbasi64.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/27 08:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Erin's school stuff
[2011/01/26 01:58:46 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\OTL.exe
[2011/01/21 20:34:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Wave Systems Corp
[2011/01/16 14:01:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/01/11 18:17:53 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2011/01/10 08:22:31 | 000,230,120 | ---- | C] (Wilson WindowWare, Inc.) -- C:\WINDOWS\WBDBU32I.DLL
[2011/01/09 20:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\SUPERAntiSpyware.com
[2011/01/09 20:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/01/09 20:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/01/09 20:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/09 20:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/01/09 20:20:32 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/01/08 19:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evan's profile.EVAN\My Documents\New Folder
[2011/01/07 21:59:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Evan's profile.EVAN\Recent
[2011/01/07 20:50:51 | 000,233,936 | ---- | C] (Adobe Systems, Inc.) -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\uninstall_flash_player.exe
[2011/01/07 20:36:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/01/07 20:36:12 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/07 20:36:12 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/07 20:36:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/07 20:36:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/07 20:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evan's profile.EVAN\Local Settings\Application Data\Secunia PSI
[2011/01/07 20:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/01/07 08:43:28 | 001,737,088 | ---- | C] (Secunia) -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\PSISetup.exe
[2011/01/07 08:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Photoshop 7.0
[2011/01/07 08:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Photoshop 7
[2011/01/07 07:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/01/05 18:41:00 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sst227.sys
[2011/01/03 17:33:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evan's profile.EVAN\Local Settings\Application Data\Jaksta_Pty_Ltd
[2011/01/03 17:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Jaksta
[2011/01/03 17:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Jaksta
[2011/01/03 17:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Technologies
[2011/01/03 16:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\texas
[2010/09/18 15:54:06 | 002,463,272 | ---- | C] (JAM Software ) -- C:\Program Files\TreeSizeFreeSetup.exe
[2010/07/10 22:41:02 | 008,589,088 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.6.exe
[2010/07/01 20:57:33 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.46.exe
[2010/06/06 17:18:46 | 010,367,552 | ---- | C] (Opera Software ASA) -- C:\Program Files\Opera_1053_en_Setup.exe
[2010/02/24 15:25:04 | 008,327,264 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.exe
[2010/02/12 15:01:57 | 001,683,240 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2009/12/16 18:46:13 | 003,059,184 | ---- | C] (McAfee, Inc.) -- C:\Program Files\DMSetup.exe
[2009/10/28 13:39:59 | 007,692,288 | ---- | C] (Palm, Inc.) -- C:\Program Files\Data_Transfer_Assistant_1_1.exe
[2009/10/27 16:03:23 | 073,233,320 | ---- | C] (Palm, Inc. ) -- C:\Program Files\PalmDesktopWin62.exe
[2009/09/24 14:36:42 | 004,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2009/09/15 13:56:19 | 000,641,881 | ---- | C] (WDS Team) -- C:\Program Files\windirstat1_1_2_setup.exe
[2009/09/14 12:09:30 | 001,048,000 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup223_slim.exe
[2009/09/14 11:05:30 | 016,664,352 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u16-windows-i586.exe
[2009/08/29 13:20:45 | 004,928,376 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe
[2009/07/14 17:14:40 | 008,114,720 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.5.exe
[2009/07/14 15:47:04 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[2009/07/06 19:39:22 | 015,452,536 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2009/06/18 12:17:44 | 150,923,504 | ---- | C] (Sony Creative Software Inc.) -- C:\Program Files\acidpro70c.exe
[2009/04/15 15:11:11 | 014,032,184 | ---- | C] (DataViz, Inc. ) -- C:\Program Files\download.dataviz.com
[2009/03/12 17:38:56 | 005,287,664 | ---- | C] (Mediafour Corporation, support@mediafour.com) -- C:\Program Files\macdrive_7.2.6_en_setup.exe
[2009/03/12 15:56:09 | 005,287,664 | ---- | C] (Mediafour Corporation, support@mediafour.com) -- C:\Program Files\macdrive
[2008/11/06 13:11:15 | 005,613,360 | ---- | C] (Opera Software ASA) -- C:\Program Files\Opera_962_en_Setup.exe
[2008/10/30 09:14:50 | 005,831,451 | ---- | C] (Jaksta LLC) -- C:\Program Files\Jaksta.v230.exe
[2008/10/01 21:24:41 | 000,460,280 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealDVDv1GOLD.exe
[2008/09/10 11:06:02 | 005,212,808 | ---- | C] (Mediafour Corporation, support@mediafour.com) -- C:\Program Files\macdrive_7.2.2_en_setup.exe
[2008/06/06 17:11:56 | 003,560,545 | ---- | C] (Acala Software Inc. ) -- C:\Program Files\acaladvdpocketripper.exe
[2008/03/10 18:48:07 | 005,910,696 | ---- | C] (FreeDownloadManager.ORG ) -- C:\Program Files\fdminst.exe
[2007/08/24 10:54:58 | 002,228,534 | ---- | C] ( ) -- C:\Program Files\audacity-win-1.2.6.exe
[2007/02/27 22:39:42 | 002,790,864 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\Documents and Settings\Evan's profile.EVAN\My Documents\*.tmp files -> C:\Documents and Settings\Evan's profile.EVAN\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/02 10:51:37 | 000,203,748 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Mcafee AV Plus firewall settings dialog copy.jpg
[2011/02/02 10:50:13 | 000,411,258 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Mcafee AV Plus firewall settings dialog.psd
[2011/02/02 10:05:04 | 000,143,251 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/02/02 09:56:02 | 000,143,251 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/01/31 21:57:56 | 000,017,210 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2011/01/31 21:54:58 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Word.lnk
[2011/01/31 21:54:33 | 000,063,783 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2011/01/31 21:53:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/31 21:53:23 | 1071,792,128 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/31 21:29:08 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\My Documents\January Monthly Expenses.xls
[2011/01/31 21:29:07 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\My Documents\Joint Expenses Spreadsheet 1-29-11.xls
[2011/01/30 21:41:43 | 001,470,034 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\stable processes5.psd
[2011/01/30 15:16:53 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\My Documents\Expenses Spreadsheet 1-29-11.xls
[2011/01/30 14:43:48 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel.lnk
[2011/01/29 18:16:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/26 01:58:46 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\OTL.exe
[2011/01/21 20:37:44 | 000,104,299 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\document manager vault - the security chip appears to be disabled.psd
[2011/01/21 20:08:36 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/01/21 20:06:10 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2011/01/21 20:00:19 | 000,003,283 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011/01/20 21:42:29 | 001,105,343 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\stable processes4 copy.jpg
[2011/01/20 17:31:16 | 001,201,152 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\BleepingComputer - Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.doc
[2011/01/20 17:28:20 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\dds.scr
[2011/01/20 17:27:24 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Defogger.exe
[2011/01/18 19:22:01 | 000,070,506 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\notification dll has not been registered.psd
[2011/01/16 13:46:53 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/13 19:57:39 | 001,780,579 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\stable processes3.psd
[2011/01/13 19:45:58 | 002,167,363 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\stable processes2.psd
[2011/01/11 18:17:52 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2011/01/10 08:22:31 | 000,230,120 | ---- | M] (Wilson WindowWare, Inc.) -- C:\WINDOWS\WBDBU32I.DLL
[2011/01/09 20:24:19 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/09 20:20:33 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\SpywareBlaster.lnk
[2011/01/09 19:51:22 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/01/09 19:50:18 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/08 17:26:58 | 000,137,728 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/08 12:42:14 | 001,787,741 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\all programs displayed.psd
[2011/01/08 12:34:56 | 002,514,464 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\processes running.psd
[2011/01/08 01:20:35 | 000,892,317 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-1 copy.jpg
[2011/01/08 01:20:23 | 000,972,469 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-2 copy.jpg
[2011/01/08 01:20:04 | 001,111,045 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-3 copy.jpg
[2011/01/08 01:19:52 | 000,989,378 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-4 copy.jpg
[2011/01/08 01:19:42 | 001,104,871 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-5 copy.jpg
[2011/01/08 01:19:30 | 001,196,550 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-6 copy.jpg
[2011/01/08 01:19:06 | 001,184,743 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-9.jpg
[2011/01/08 01:18:37 | 001,184,743 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-8 copy.jpg
[2011/01/08 01:18:15 | 001,184,743 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-7 copy.jpg
[2011/01/08 00:24:56 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/01/07 20:50:45 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\uninstall_flash_player.exe
[2011/01/07 20:33:02 | 000,001,024 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-712245372-3583151595-971400384-1005UA.job
[2011/01/07 16:33:01 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-712245372-3583151595-971400384-1005Core.job
[2011/01/07 08:43:30 | 001,737,088 | ---- | M] (Secunia) -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\PSISetup.exe
[2011/01/07 07:52:39 | 000,844,096 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\My Documents\opera6 bookmarks as of 022309.adr
[2011/01/07 07:50:59 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/07 07:50:02 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/01/07 07:02:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/07 07:00:39 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/01/07 02:09:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/05 20:53:58 | 000,719,873 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\iExplore.exe
[2011/01/05 19:46:12 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\d3qQ6R5cHsecKD3
[2011/01/05 18:41:04 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sst227.sys
[2011/01/03 19:54:55 | 000,002,551 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Jaksta Streaming Media Recorder and Converter.lnk
[2011/01/03 16:41:01 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\My Documents\Social media info From alan Rosenblatt cspan presentation.doc
[2011/01/03 16:22:55 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\roommate responses 1-3-11.doc
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\Documents and Settings\Evan's profile.EVAN\My Documents\*.tmp files -> C:\Documents and Settings\Evan's profile.EVAN\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/02 10:51:37 | 000,203,748 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Mcafee AV Plus firewall settings dialog copy.jpg
[2011/02/02 10:50:13 | 000,411,258 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Mcafee AV Plus firewall settings dialog.psd
[2011/01/30 15:34:32 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\My Documents\Joint Expenses Spreadsheet 1-29-11.xls
[2011/01/29 15:20:50 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\My Documents\Expenses Spreadsheet 1-29-11.xls
[2011/01/23 10:33:06 | 001,470,034 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\stable processes5.psd
[2011/01/21 20:37:44 | 000,104,299 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\document manager vault - the security chip appears to be disabled.psd
[2011/01/20 21:42:26 | 001,105,343 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\stable processes4 copy.jpg
[2011/01/20 17:31:15 | 001,201,152 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\BleepingComputer - Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.doc
[2011/01/20 17:28:21 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\dds.scr
[2011/01/20 17:27:24 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Defogger.exe
[2011/01/18 19:22:00 | 000,070,506 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\notification dll has not been registered.psd
[2011/01/16 13:37:37 | 000,001,917 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/01/15 15:50:21 | 000,012,890 | ---- | C] () -- C:\Program Files\hijackthis.log
[2011/01/13 19:57:37 | 001,780,579 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\stable processes3.psd
[2011/01/13 19:45:58 | 002,167,363 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\stable processes2.psd
[2011/01/09 20:24:19 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/09 20:20:33 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\SpywareBlaster.lnk
[2011/01/08 12:42:11 | 001,787,741 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\all programs displayed.psd
[2011/01/08 12:34:53 | 002,514,464 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\processes running.psd
[2011/01/08 11:42:32 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/01/08 01:20:33 | 000,892,317 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-1 copy.jpg
[2011/01/08 01:20:22 | 000,972,469 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-2 copy.jpg
[2011/01/08 01:20:02 | 001,111,045 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-3 copy.jpg
[2011/01/08 01:19:51 | 000,989,378 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-4 copy.jpg
[2011/01/08 01:19:41 | 001,104,871 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-5 copy.jpg
[2011/01/08 01:19:28 | 001,196,550 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-6 copy.jpg
[2011/01/08 01:19:04 | 001,184,743 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-9.jpg
[2011/01/08 01:18:36 | 001,184,743 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-8 copy.jpg
[2011/01/08 01:18:10 | 001,184,743 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-7 copy.jpg
[2011/01/08 00:24:54 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2011/01/08 00:24:54 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/01/08 00:24:54 | 000,001,650 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk
[2011/01/08 00:24:54 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2011/01/08 00:24:54 | 000,000,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/01/08 00:24:54 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk
[2011/01/08 00:24:54 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk
[2011/01/08 00:24:54 | 000,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2011/01/07 07:52:39 | 000,844,096 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\My Documents\opera6 bookmarks as of 022309.adr
[2011/01/07 07:50:59 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/07 07:50:02 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/01/05 20:54:08 | 000,719,873 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\iExplore.exe
[2011/01/05 19:46:12 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\d3qQ6R5cHsecKD3
[2011/01/03 17:33:29 | 000,002,551 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Jaksta Streaming Media Recorder and Converter.lnk
[2011/01/03 16:22:55 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\roommate responses 1-3-11.doc
[2011/01/03 15:42:49 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\My Documents\Social media info From alan Rosenblatt cspan presentation.doc
[2010/12/30 17:49:01 | 000,003,024 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\CBCE.B08
[2010/11/15 21:10:40 | 001,685,569 | ---- | C] () -- C:\Program Files\FileZilla_Server-0_9_37.exe
[2010/11/15 21:10:20 | 004,198,724 | ---- | C] () -- C:\Program Files\FileZilla_3.3.4.1_win32-setup.exe
[2010/10/16 16:22:31 | 000,000,244 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\16917.bat
[2010/07/18 21:30:36 | 000,010,598 | ---- | C] () -- C:\Program Files\PreInstallToolLog.txt
[2010/07/18 21:30:12 | 000,001,584 | ---- | C] () -- C:\Program Files\runme.bat
[2010/07/18 13:20:51 | 003,048,960 | ---- | C] () -- C:\Program Files\mvt_en-us.msi
[2010/07/10 22:35:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iqizaboc.dll
[2010/07/10 22:25:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uhafuwejataz.dll
[2010/07/10 22:23:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\agesohahozewuj.dll
[2010/07/10 16:42:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ohipubopitucigen.dll
[2010/07/10 14:42:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ujazuyocadi.dll
[2009/11/09 22:04:39 | 000,000,092 | ---- | C] () -- C:\WINDOWS\NogaTw.INI
[2009/09/24 19:11:02 | 000,002,494 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/18 22:50:43 | 005,520,384 | ---- | C] () -- C:\Program Files\icytower14_install.exe
[2009/07/10 15:53:22 | 000,195,464 | ---- | C] () -- C:\Program Files\VolumeCareV5.57.prc
[2009/07/10 15:44:55 | 000,293,357 | ---- | C] () -- C:\Program Files\VolumeCareV6.17.prc
[2009/06/22 13:57:45 | 004,008,201 | ---- | C] () -- C:\Program Files\FileZilla_3.2.5_win32-setup.exe
[2009/04/30 22:20:37 | 000,000,675 | ---- | C] () -- C:\Program Files\Pocket DVD Wizard
[2009/04/27 19:49:39 | 000,198,064 | ---- | C] () -- C:\Program Files\MoveMediaPlayer_071303000006.exe
[2009/04/15 15:16:41 | 000,001,613 | ---- | C] () -- C:\Program Files\Documents To Go
[2008/12/05 14:36:31 | 000,000,056 | ---- | C] () -- C:\WINDOWS\TUTORI~1.INI
[2008/11/12 01:52:15 | 000,001,188 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jaksta.smr.lic
[2008/11/12 00:59:18 | 002,320,897 | ---- | C] () -- C:\Program Files\qcd451.exe
[2008/11/04 20:06:27 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/11/04 20:04:11 | 000,201,488 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2008/11/04 20:04:11 | 000,144,144 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2008/11/04 20:04:11 | 000,141,584 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2008/11/04 20:04:11 | 000,063,248 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2008/11/04 20:04:11 | 000,033,040 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2008/10/30 10:29:21 | 000,663,610 | ---- | C] () -- C:\Program Files\MMPlayerLib.prc
[2008/10/30 10:29:21 | 000,436,496 | ---- | C] () -- C:\Program Files\MMPlayer Manual.pdf
[2008/10/30 10:29:21 | 000,334,960 | ---- | C] () -- C:\Program Files\MMMidiInstr.pdb
[2008/10/30 10:29:21 | 000,233,714 | ---- | C] () -- C:\Program Files\MMPlayerGUI.prc
[2008/10/30 10:29:21 | 000,001,564 | ---- | C] () -- C:\Program Files\Readme.txt
[2008/10/30 10:25:28 | 001,839,416 | ---- | C] () -- C:\Program Files\MMPlayerBase2.3.0.zip
[2008/10/28 08:31:43 | 000,850,374 | ---- | C] () -- C:\Program Files\SmartMorph.exe
[2008/10/01 06:58:46 | 004,327,128 | ---- | C] () -- C:\Program Files\AM_CDBurner.exe
[2008/09/17 09:08:02 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\60a7806a-0eea-424c-a464-20f4730cd631
[2008/09/11 21:18:29 | 022,448,944 | ---- | C] () -- C:\Program Files\snagit.exe
[2008/03/19 14:00:08 | 000,006,929 | ---- | C] () -- C:\WINDOWS\Avid FX5.7.ini
[2008/03/19 11:45:15 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\artelinit.dll
[2008/03/19 11:43:56 | 005,774,336 | ---- | C] () -- C:\WINDOWS\System32\RED4 Render Engine 8BPC.dll
[2008/03/19 11:43:55 | 004,798,464 | ---- | C] () -- C:\WINDOWS\System32\RED4 Render Engine 16BPC.dll
[2008/03/19 11:43:16 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2008/03/14 09:18:38 | 002,704,896 | ---- | C] () -- C:\Program Files\WacomTablet_493-3.exe
[2008/03/04 15:09:18 | 012,569,040 | ---- | C] () -- C:\Program Files\cinemaforge.exe
[2008/02/14 14:37:41 | 002,893,669 | ---- | C] () -- C:\Program Files\PrintScreen43_Setup.exe
[2007/12/31 04:44:41 | 010,497,833 | ---- | C] () -- C:\Program Files\cinemaforge.xmfg
[2007/12/19 17:51:31 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\PtSSE2.dll
[2007/12/19 17:51:22 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AvidXPSerial.sys
[2007/12/19 17:51:22 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2007/12/19 17:46:09 | 001,728,606 | ---- | C] () -- C:\WINDOWS\System32\libmmdd.dll
[2007/12/18 18:56:36 | 000,000,584 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/18 16:18:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\DigiPlatformSupport.dll
[2007/12/18 16:14:38 | 001,658,973 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2007/12/14 00:37:26 | 000,001,207 | ---- | C] () -- C:\WINDOWS\S3D.ini
[2007/11/28 14:28:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dssole.INI
[2007/11/28 14:28:23 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll
[2007/11/21 00:37:36 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2007/11/21 00:37:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2007/09/27 19:22:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/09/20 05:27:16 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/09/20 05:27:16 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/09/20 05:27:16 | 000,662,016 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/09/20 05:27:16 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/09/20 05:27:16 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/09/20 05:27:16 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007/09/20 05:27:16 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/09/20 05:27:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/09/20 05:27:16 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/09/20 05:27:16 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/09/20 05:27:16 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/09/20 05:27:16 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/09/20 05:27:16 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/09/20 05:27:16 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/09/20 05:27:16 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007/09/20 05:27:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/09/20 05:27:16 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/09/20 05:27:16 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/08/23 17:30:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/06/08 02:10:16 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2007/06/06 00:11:18 | 000,002,634 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\SAS7_000.DAT
[2007/06/05 23:12:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2007/04/30 12:06:15 | 000,000,281 | ---- | C] () -- C:\WINDOWS\irremote.ini
[2007/04/30 12:05:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2007/03/11 17:58:18 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/03/11 17:58:16 | 000,598,016 | ---- | C] () -- C:\WINDOWS\System32\viscomqtde.dll
[2007/03/08 18:33:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/03/07 08:43:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/02/28 22:18:04 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/28 15:55:23 | 001,035,271 | ---- | C] () -- C:\Program Files\wrar362.exe
[2007/02/24 18:02:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/22 15:44:15 | 000,000,571 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2007/02/22 15:38:18 | 000,009,206 | ---- | C] () -- C:\WINDOWS\NTTuner.ini
[2007/02/19 20:02:01 | 000,003,283 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/19 19:24:00 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/02/19 18:48:34 | 000,137,728 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/19 17:55:38 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Local Settings\Application Data\fusioncache.dat
[2007/01/30 09:18:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/30 09:15:55 | 000,000,357 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/01/30 09:11:55 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2007/01/30 09:11:55 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2007/01/30 09:09:29 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2007/01/30 09:06:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/01/30 09:06:04 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/01/30 08:45:05 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/01/30 08:45:05 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/01/30 08:45:05 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/01/30 08:45:04 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/01/30 08:45:01 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/01/30 08:44:52 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/01/30 08:43:46 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/01/30 00:03:40 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/12/12 11:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_RUS.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ITA.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_FRA.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ESN.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ENU.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_DEU.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_CHS.dll
[2006/06/12 11:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\Tsp.dll
[2006/05/22 09:37:36 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2006/05/22 09:32:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2006/05/22 09:32:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2006/05/22 09:32:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2006/05/22 09:31:52 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2006/05/22 09:31:46 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2006/05/22 09:31:38 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2006/05/22 09:31:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2006/05/22 09:31:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2006/05/22 09:31:18 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2006/05/22 09:31:12 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2006/05/16 13:34:22 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2006/05/16 13:33:06 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2006/05/15 20:08:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll
[2006/05/15 19:52:12 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2006/05/15 19:52:02 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2006/05/15 19:51:52 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2006/05/15 19:51:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2006/05/15 19:51:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2006/05/15 19:51:24 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2006/05/15 19:51:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2006/05/15 19:51:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2006/05/15 19:50:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2006/05/15 19:50:46 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2005/12/01 15:41:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2005/09/20 14:36:06 | 000,798,720 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/07/21 16:03:14 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/07/20 15:27:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/03/18 19:01:20 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2004/01/27 07:13:02 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib_dec.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2000/08/04 12:41:06 | 000,447,777 | ---- | C] () -- C:\WINDOWS\System32\DAE.dll.rsr
[1996/02/23 16:34:48 | 000,014,629 | ---- | C] () -- C:\WINDOWS\System32\Declw.dll
[1996/02/22 14:09:20 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\Decln.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C3C9B83
@Alternate Data Stream - 1105 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:RdN4L3K1TW7H4WTZro1X02pGRbgs
@Alternate Data Stream - 1079 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:vAC6hfyiBzPIPvjYcPiyH8NES1Mb6u

< End of report >



OTL Extras logfile created on: 2/2/2011 10:53:34 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Evan's profile.EVAN\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 528.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.99 Gb Total Space | 17.39 Gb Free Space | 11.67% Space Free | Partition Type: NTFS
Drive E: | 14.89 Gb Total Space | 9.26 Gb Free Space | 62.15% Space Free | Partition Type: FAT32

Computer Name: EVAN | User Name: Evan's profile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-712245372-3583151595-971400384-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Opera\Opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" (Opera Software)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\VectorWorks 11.5.0\VectorWorks.exe" = C:\Program Files\VectorWorks 11.5.0\VectorWorks.exe:*:Enabled:VectorWorks Application -- (Nemetschek North America, Inc.)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\wormsworldparty\Worms World Party\wwp.exe" = C:\Program Files\wormsworldparty\Worms World Party\wwp.exe:*:Disabled:Worms World Party
"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- ()
"C:\Program Files\Opera\Opera.exe" = C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Olympus\DSSPlayerPro\DictWnd.exe" = C:\Program Files\Olympus\DSSPlayerPro\DictWnd.exe:*:Enabled:Dictation Module -- (OLYMPUS Corporation.)
"C:\Program Files\Avid\Avid3D_5.7\Application\bin\3D.exe" = C:\Program Files\Avid\Avid3D_5.7\Application\bin\3D.exe:*:Enabled:3D -- (Softimage Co.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010875D4-C6B4-4D23-87FC-0DB193F608F3}" = Avid FX
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0AF67B3F-3C81-4454-9F25-25B19A584E43}" = Avid Codecs LE
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0BA2A0BA-7F4D-4B7B-AE94-5F0233AC8A5A}" = NTRU Hybrid TSS v2.0.25
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{108749BE-6264-4C49-A9A1-C452A2B57B45}" = Avid DIO Runtime
"{1147FF9A-D576-4cb5-B5E7-FCA21D1E7D26}" = J4680
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F85CAAA-B786-4E5B-AADD-638856992EF3}" = Opera 10.53
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24DD5724-8DC3-46AA-B2CC-3AA8F6BCFBAD}" = Avid Xpress Pro
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 23
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353073E8-1185-4823-8F3A-A1F4AF6DD2CD}" = Avid DVD by Sonic
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{41915CC3-BD28-43C3-9C94-1A7548DEF582}" = StuffIt Standard Edition 7.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5341EB-07D2-4A67-8E82-6BF8029C2366}" = Avid FilmScribe
"{4DFF992E-3C19-4097-A152-CB9C0EB87CF3}" = Avid® 3D 5.7
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}" = HP Officejet All-In-One Series
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DC0632A-A838-4B34-AC19-0FA18E1C533C}" = Sentinel Protection Installer 7.2.2
"{70CC90CA-A1E3-42C1-93DD-E8B8F0A8235A}" = Avid EDL Manager
"{714A5D3A-9886-414A-9F56-29025C6EB709}" = Jaksta Streaming Media Recorder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CE90089-DCC9-4393-A535-802072333C35}" = Preboot Manager
"{8E35083D-B04F-4823-A260-C07FDD3D40FD}" = Olympus DSS Player Pro
"{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91AE797B-CA6B-4251-A356-44D18AC28433}" = Avid StartUp Project
"{9435B982-79BF-44DA-B21D-7942385B1BF2}" = Avid Log Exchange
"{9F1D8E17-2AE6-4608-901D-42146D7D9C68}" = Digidesign Audio Drivers 7.3.1
"{A15B3CF2-7FB7-4102-BBC9-9680B7F0825F}" = InterLok Driver Kit
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A9C2A037-D784-4496-97A6-A6A387527B2A}" = Avid Core Runtime
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional - English, Français, Deutsch
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}" = CCS64 V3.7
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D3737952-FF6E-4E72-BDEE-B0DC1C69F80B}" = BPD_HPSU
"{D648B20B-A789-407E-8CA4-9BDDBBE342C8}" = upekmsi
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad
"{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}" = Dragon NaturallySpeaking 9
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E064390A-2F64-4195-9A55-30D4B20B865A}" = WDCSAM Driver
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EBD6B3E2-D43A-4F7D-A9FD-1F359E0C2320}" = MacDrive 7
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F2B8F8EE-4811-4A28-9305-6640CD007115}" = Wave Infrastructure Installer
"{F2D45137-7631-4824-B285-52742329DE4B}" = Documents To Go
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"3ivx D4 4.5.1 Decoder" = 3ivx D4 4.5.1 Decoder (remove only)
"8A1D0449E9CBCC93DCB0CF47934D695423632CA7" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (12/05/2006 1.0.0007.0)
"Acala DVD to Pocket PC movie_is1" = Acala DVD to Pocket PC movie 3.0.1
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Audacity_is1" = Audacity 1.2.6
"AudibleManager" = AudibleManager
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CinemaForge" = CinemaForge
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DC++" = DC++ 0.7091
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy Video Joiner_is1" = Easy Video Joiner 5.21
"FileZilla Client" = FileZilla Client 3.2.5
"Gadwin PrintScreen" = Gadwin PrintScreen
"GEARDrivers" = GEAR Drivers
"GoldWave v5.06" = GoldWave v5.06
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV Soft PVR" = Hauppauge WinTV Soft PVR
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSC" = McAfee AntiVirus Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Plato Video Joiner_is1" = Plato Video Joiner 4.39
"Pocket DVD Wizard" = Pocket DVD Wizard
"RealPlayer 6.0" = RealPlayer
"R-Studio 3.0NSIS" = R-Studio 3.0
"SmartMorph" = SmartMorph
"SpywareBlaster_is1" = SpywareBlaster 4.4
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tablet Driver" = Tablet
"The Journey to Wild Divine" = The Journey to Wild Divine
"TreeSize Free_is1" = TreeSize Free V2.4
"Unlocker" = Unlocker 1.8.6
"VectorWorks 11.5.0" = VectorWorks 11.5.0
"Video Converter 3" = Video Converter 3
"VindigoLink" = VindigoLink
"VobSub" = VobSub v2.23 (Remove Only)
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-712245372-3583151595-971400384-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Sansa Updater" = Sansa Updater
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/31/2011 10:33:15 PM | Computer Name = EVAN | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/31/2011 10:33:15 PM | Computer Name = EVAN | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/31/2011 10:33:16 PM | Computer Name = EVAN | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/31/2011 10:33:16 PM | Computer Name = EVAN | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/31/2011 10:33:16 PM | Computer Name = EVAN | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/31/2011 10:33:16 PM | Computer Name = EVAN | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/31/2011 10:33:16 PM | Computer Name = EVAN | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/31/2011 10:33:16 PM | Computer Name = EVAN | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/31/2011 10:33:16 PM | Computer Name = EVAN | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/31/2011 10:33:16 PM | Computer Name = EVAN | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ Application Events ]
Error - 1/31/2011 10:33:15 PM | Computer Name = EVAN | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/31/2011 10:33:15 PM | Computer Name = EVAN | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/31/2011 10:33:16 PM | Computer Name = EVAN | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/31/2011 10:33:16 PM | Computer Name = EVAN | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/31/2011 10:33:16 PM | Computer Name = EVAN | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/31/2011 10:33:16 PM | Computer Name = EVAN | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/31/2011 10:33:16 PM | Computer Name = EVAN | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/31/2011 10:33:16 PM | Computer Name = EVAN | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/31/2011 10:33:16 PM | Computer Name = EVAN | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/31/2011 10:33:16 PM | Computer Name = EVAN | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro


< End of report >

#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:10:40 AM

Posted 02 February 2011 - 12:55 PM

Hi,

There's no need to disable the firewall yet.


Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8074
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8074
    IE - HKU\S-1-5-21-712245372-3583151595-971400384-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-712245372-3583151595-971400384-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-21-712245372-3583151595-971400384-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8074
    FF - HKLM\software\mozilla\Firefox\extensions\\{BE3B973C-4204-4DB4-8C56-755477CECA43}: C:\Documents and Settings\Evan's profile.EVAN\Local Settings\Application Data\{BE3B973C-4204-4DB4-8C56-755477CECA43} [2010/06/19 19:40:24 | 000,000,000 | ---D | M]
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [HotSync] File not found
    O4 - HKU\S-1-5-21-712245372-3583151595-971400384-1005..\Run: [PMCRemote] File not found
    O4 - HKLM..\RunServices: [SchedulingAgent] File not found
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O36 - AppCertDlls: mnmsfunc - (C:\WINDOWS\system32\ntbasi64.dll) - File not found
    [2010/07/10 22:35:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iqizaboc.dll
    [2010/07/10 22:25:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uhafuwejataz.dll
    [2010/07/10 22:23:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\agesohahozewuj.dll
    [2010/07/10 16:42:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ohipubopitucigen.dll
    [2010/07/10 14:42:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ujazuyocadi.dll
    [2009/11/09 22:04:39 | 000,000,092 | ---- | C] () -- C:\WINDOWS\NogaTw.INI
    @Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C3C9B83
    @Alternate Data Stream - 1105 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:RdN4L3K1TW7H4WTZro1X02pGRbgs
    @Alternate Data Stream - 1079 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:vAC6hfyiBzPIPvjYcPiyH8NES1Mb6u
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [PURITY] 
    [EMPTYTEMP] 
    [EMPTYFLASH] 
    [RESETHOSTS]
    [CREATERESTOREPOINT] 
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 eds1011

eds1011
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 02 February 2011 - 01:54 PM

That presents a small problem. As I mentioned, I unfortunately have no copy and paste functionality at the moment. I am completely willing type the above into the "custom scans/fixes" box by hand but if you know of an easier method or some way to restore my copy+paste functionality I would be grateful.

I also realized I forgot to mention in my original post that my restore points are all gone.

Thanks.

#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:10:40 AM

Posted 02 February 2011 - 02:13 PM

Hi,

Try to highlight all the contents of the codebox and then press Ctrl + C to copy, then run OTL... left mouse click into the Custom Scan/Fixes text box to bring the mouse cursor and then press Ctrl + V to paste the script. Please let me how it went. Thanks.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 eds1011

eds1011
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 02 February 2011 - 02:27 PM

Jut tried it. No luck. I don't suppose I could just try Run -> Clipboard.exe or something like that could I?

#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:10:40 AM

Posted 02 February 2011 - 02:34 PM

Alternatively you can do the following:

Save the attached file (fix.txt) to your desktop
  • Run OTL.
  • Click on Run Fix button.
  • You will receive a message that "No Fix has been provided".
  • Click OK to load it from a file.
  • Locate "fix.txt" on your desktop and click open.
  • Once the script is in the "Custom Scan/Fixes", click on Run Fix again.
  • It will now execute the script.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Post that report in your next reply.

Attached Files

  • Attached File  fix.txt   2.79KB   5 downloads

Edited by sempai, 02 February 2011 - 02:36 PM.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 eds1011

eds1011
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 02 February 2011 - 03:12 PM

Did that sucessfully. OTL ran. I rebooted the computer and a notepad window appeared listing "All processes killed". Here are the full contents of that window:


All processes killed
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-712245372-3583151595-971400384-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-712245372-3583151595-971400384-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-712245372-3583151595-971400384-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BE3B973C-4204-4DB4-8C56-755477CECA43} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE3B973C-4204-4DB4-8C56-755477CECA43}\ not found.
C:\Documents and Settings\Evan's profile.EVAN\Local Settings\Application Data\{BE3B973C-4204-4DB4-8C56-755477CECA43}\chrome\content folder moved successfully.
C:\Documents and Settings\Evan's profile.EVAN\Local Settings\Application Data\{BE3B973C-4204-4DB4-8C56-755477CECA43}\chrome folder moved successfully.
C:\Documents and Settings\Evan's profile.EVAN\Local Settings\Application Data\{BE3B973C-4204-4DB4-8C56-755477CECA43} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HotSync deleted successfully.
Registry value HKEY_USERS\S-1-5-21-712245372-3583151595-971400384-1005\Software\Microsoft\Windows\CurrentVersion\Run\\PMCRemote deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\\SchedulingAgent deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\mnmsfunc:C:\WINDOWS\system32\ntbasi64.dll deleted successfully.
C:\WINDOWS\iqizaboc.dll moved successfully.
C:\WINDOWS\uhafuwejataz.dll moved successfully.
C:\WINDOWS\agesohahozewuj.dll moved successfully.
C:\WINDOWS\ohipubopitucigen.dll moved successfully.
C:\WINDOWS\ujazuyocadi.dll moved successfully.
C:\WINDOWS\NogaTw.INI moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6C3C9B83 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:RdN4L3K1TW7H4WTZro1X02pGRbgs deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:vAC6hfyiBzPIPvjYcPiyH8NES1Mb6u deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\Evan's profile.EVAN\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Evan's profile.EVAN\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Evan's profile
->Temp folder emptied: 3641157 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 300 bytes

User: Evan's profile.EVAN
->Temp folder emptied: 1187779391 bytes
->Temporary Internet Files folder emptied: 783479 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 55043392 bytes
->Google Chrome cache emptied: 594288 bytes
->Opera cache emptied: 6214056 bytes
->Flash cache emptied: 3861 bytes

User: EVAN'S~1~EVA

User: LocalService
->Temp folder emptied: 410080 bytes
->Temporary Internet Files folder emptied: 13232295 bytes
->Flash cache emptied: 3923 bytes

User: NetworkService
->Temp folder emptied: 970 bytes
->Temporary Internet Files folder emptied: 194079 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 132244 bytes
%systemroot%\System32 .tmp files removed: 242073 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1724258 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 51710900 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 172970 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,261.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Evan's profile
->Flash cache emptied: 0 bytes

User: Evan's profile.EVAN
->Flash cache emptied: 0 bytes

User: EVAN'S~1~EVA

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Unable to start service RpcSs!

OTL by OldTimer - Version 3.2.20.6 log created on 02022011_150447

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Edited by eds1011, 02 February 2011 - 03:16 PM.


#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:10:40 AM

Posted 02 February 2011 - 09:30 PM

Hi, how's the computer running after that fix? Any improvement?


1. Please run OTL again and click the "Quick Scan" button, it will produce a new log. Post that log when you reply.


2. Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" is Cure (Please click on it and change it to skip).
  • Click on Report to generate a log.
  • Please post that log when you reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 eds1011

eds1011
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 03 February 2011 - 11:20 AM

Hi,

The computer is running the same. No change that I can tell (but then again I'm not sure exactly what changes to look for at the moment either.)

I ran OTL again using the Quick Scan option as you suggested. I've pasted the log below.

I also downloaded and ran TDSSKiller and it did indeed find a TDSS Rootkit infection. I "skipped" curing it for the moment as you suggested and generated a log which I've pasted here below the OTL log.

Please let me know what to do next.

Thanks!


OTL Quick Scan Log:

OTL logfile created on: 2/2/2011 10:52:39 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Evan's profile.EVAN\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 621.00 Mb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.99 Gb Total Space | 90.91 Gb Free Space | 61.01% Space Free | Partition Type: NTFS
Drive E: | 14.89 Gb Total Space | 9.26 Gb Free Space | 62.15% Space Free | Partition Type: FAT32
Drive F: | 465.76 Gb Total Space | 331.93 Gb Free Space | 71.27% Space Free | Partition Type: NTFS

Computer Name: EVAN | User Name: Evan's profile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/26 01:58:46 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\OTL.exe
PRC - [2010/12/14 15:02:18 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/09/30 13:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2008/03/01 00:10:57 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/03/01 00:10:53 | 000,086,528 | ---- | M] () -- C:\Program Files\Unlocker\Unlocker.exe
PRC - [2007/12/27 14:08:00 | 000,364,544 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/28 14:29:39 | 015,900,672 | ---- | M] (Adobe Systems, Incorporated) -- C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
PRC - [2007/02/22 18:32:12 | 000,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
PRC - [2006/06/12 11:01:14 | 000,180,224 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
PRC - [2006/05/16 13:35:08 | 000,102,400 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
PRC - [2006/03/24 17:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/19 14:31:52 | 000,749,568 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2005/09/08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/02/16 15:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003/10/23 23:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2001/09/25 05:00:52 | 000,061,440 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\GEARSEC.EXE


========== Modules (SafeList) ==========

MOD - [2011/01/26 01:58:46 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\OTL.exe
MOD - [2008/03/01 00:10:47 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2006/08/25 09:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/03/21 20:03:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2006/03/21 20:03:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/11/06 09:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2008/11/26 08:23:46 | 000,150,528 | ---- | M] (Mediafour Corporation) [Auto | Stopped] -- C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe -- (MacDriveService)
SRV - [2007/10/29 12:27:04 | 000,587,096 | ---- | M] (Lavasoft AB) [Auto | Stopped] -- C:\Program Files\Lavasoft\adaware 7\aawservice.exe -- (aawservice)
SRV - [2007/03/16 00:23:32 | 000,049,152 | ---- | M] (Avid Technology, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\AvidSDMService.exe -- (AvidSDMService)
SRV - [2007/03/16 00:23:02 | 001,536,000 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\AvidStartup.exe -- (AvidStartup)
SRV - [2006/06/29 13:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/06/12 11:01:14 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2006/05/15 20:19:00 | 000,315,392 | ---- | M] (Wave Systems Corp.) [Auto | Stopped] -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe -- (DataSvr2)
SRV - [2005/10/19 14:31:52 | 000,749,568 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2004/06/29 21:36:08 | 000,065,536 | ---- | M] (OLYMPUS Corporation) [Auto | Stopped] -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service)
SRV - [2001/09/25 05:00:52 | 000,061,440 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\GEARSEC.EXE -- (GEARSecurity)


========== Driver Services (SafeList) ==========

DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/06/24 13:52:08 | 000,028,256 | ---- | M] (Jaksta LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\JakNDis.sys -- (JakNDisMP)
DRV - [2010/06/24 13:52:08 | 000,028,256 | ---- | M] (Jaksta LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\JakNDis.sys -- (JakNDis)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/16 11:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/05/19 13:19:26 | 000,020,992 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2009/04/30 17:18:20 | 000,284,416 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2008/09/25 11:33:16 | 000,043,552 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2008/04/01 16:29:08 | 000,445,184 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2007/03/16 06:12:26 | 000,145,536 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Flamethrower.sys -- (Flamethrower)
DRV - [2007/03/16 01:23:48 | 000,056,832 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AvidXPSerial.sys -- (Serial)
DRV - [2007/03/15 22:32:40 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [2007/02/21 20:26:07 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2006/11/22 18:34:36 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/10/05 17:07:28 | 000,072,608 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2006/04/07 17:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/21 20:03:00 | 003,652,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/03/14 07:22:00 | 000,090,176 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2006/03/14 07:22:00 | 000,028,216 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2006/03/08 12:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/12/09 16:35:00 | 000,018,816 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pbadrv.sys -- (PBADRV)
DRV - [2005/12/01 01:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 01:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 01:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/11/10 10:25:14 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/09/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/07/14 17:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 16:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 18:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/07/08 16:40:42 | 000,260,144 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Nuvision.sys -- (NuVision) Hauppauge WinTV USB Pro (NTSC)
DRV - [2005/05/13 16:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2004/08/12 18:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 00:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 00:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004/08/03 23:10:12 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2004/08/03 23:10:12 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2004/08/03 23:10:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2004/08/03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2003/03/13 08:23:28 | 000,019,712 | R--- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxofwfp.sys -- (MaxtorFrontPanel1)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:05:48 | 000,314,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamDrO21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000 (08B0)
DRV - [2001/04/09 12:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)
DRV - [2001/01/30 01:32:06 | 000,039,071 | R--- | M] (OLYMPUS OPTICAL CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DSSUSB1.sys -- (DSSUSB1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ask.com/web?q={searchTerms}&o=14482&l=dis

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {BE3B973C-4204-4DB4-8C56-755477CECA43}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 63111
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/07 07:50:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/07 20:36:12 | 000,000,000 | ---D | M]

[2009/07/14 17:17:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Mozilla\Extensions
[2011/01/21 20:40:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Mozilla\Firefox\Profiles\9d86enqs.default\extensions
[2010/06/03 07:54:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Mozilla\Firefox\Profiles\9d86enqs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/14 19:00:17 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Mozilla\Firefox\Profiles\9d86enqs.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2007/03/13 10:55:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Mozilla\Sunbird\Profiles\ox3euikv.default\extensions
[2011/01/21 20:40:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/07 20:36:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\EVAN'S PROFILE.EVAN\LOCAL SETTINGS\APPLICATION DATA\{BE3B973C-4204-4DB4-8C56-755477CECA43}
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/02/02 15:07:18 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101108200744.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Getting started with MacDrive] C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe (Mediafour Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MacDrive application] C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe (Mediafour Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [McAfee Update] File not found
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe (Wave Systems Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b517b466-b4ad-11dc-9946-00188bad1fd5}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDEULA.exe
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/02 15:04:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/26 01:58:46 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\OTL.exe
[2011/01/21 20:34:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Wave Systems Corp
[2011/01/16 14:01:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/01/11 18:17:53 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2011/01/10 08:22:31 | 000,230,120 | ---- | C] (Wilson WindowWare, Inc.) -- C:\WINDOWS\WBDBU32I.DLL
[2011/01/09 20:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\SUPERAntiSpyware.com
[2011/01/09 20:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/01/09 20:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/01/09 20:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/09 20:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/01/09 20:20:32 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/01/08 19:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evan's profile.EVAN\My Documents\New Folder
[2011/01/07 21:59:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Evan's profile.EVAN\Recent
[2011/01/07 20:36:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/01/07 20:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evan's profile.EVAN\Local Settings\Application Data\Secunia PSI
[2011/01/07 20:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/01/07 08:43:28 | 001,737,088 | ---- | C] (Secunia) -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\PSISetup.exe
[2011/01/07 08:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Photoshop 7.0
[2011/01/07 08:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Photoshop 7
[2011/01/07 07:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2010/09/18 15:54:06 | 002,463,272 | ---- | C] (JAM Software ) -- C:\Program Files\TreeSizeFreeSetup.exe
[2010/07/10 22:41:02 | 008,589,088 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.6.exe
[2010/07/01 20:57:33 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.46.exe
[2010/06/06 17:18:46 | 010,367,552 | ---- | C] (Opera Software ASA) -- C:\Program Files\Opera_1053_en_Setup.exe
[2010/02/24 15:25:04 | 008,327,264 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.exe
[2010/02/12 15:01:57 | 001,683,240 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2009/12/16 18:46:13 | 003,059,184 | ---- | C] (McAfee, Inc.) -- C:\Program Files\DMSetup.exe
[2009/10/28 13:39:59 | 007,692,288 | ---- | C] (Palm, Inc.) -- C:\Program Files\Data_Transfer_Assistant_1_1.exe
[2009/10/27 16:03:23 | 073,233,320 | ---- | C] (Palm, Inc. ) -- C:\Program Files\PalmDesktopWin62.exe
[2009/09/24 14:36:42 | 004,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2009/09/15 13:56:19 | 000,641,881 | ---- | C] (WDS Team) -- C:\Program Files\windirstat1_1_2_setup.exe
[2009/09/14 12:09:30 | 001,048,000 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup223_slim.exe
[2009/09/14 11:05:30 | 016,664,352 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u16-windows-i586.exe
[2009/08/29 13:20:45 | 004,928,376 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe
[2009/07/14 17:14:40 | 008,114,720 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.5.exe
[2009/07/14 15:47:04 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[2009/07/06 19:39:22 | 015,452,536 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2009/06/18 12:17:44 | 150,923,504 | ---- | C] (Sony Creative Software Inc.) -- C:\Program Files\acidpro70c.exe
[2009/04/15 15:11:11 | 014,032,184 | ---- | C] (DataViz, Inc. ) -- C:\Program Files\download.dataviz.com
[2009/03/12 17:38:56 | 005,287,664 | ---- | C] (Mediafour Corporation, support@mediafour.com) -- C:\Program Files\macdrive_7.2.6_en_setup.exe
[2009/03/12 15:56:09 | 005,287,664 | ---- | C] (Mediafour Corporation, support@mediafour.com) -- C:\Program Files\macdrive
[2008/11/06 13:11:15 | 005,613,360 | ---- | C] (Opera Software ASA) -- C:\Program Files\Opera_962_en_Setup.exe
[2008/10/30 09:14:50 | 005,831,451 | ---- | C] (Jaksta LLC) -- C:\Program Files\Jaksta.v230.exe
[2008/10/01 21:24:41 | 000,460,280 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealDVDv1GOLD.exe
[2008/09/10 11:06:02 | 005,212,808 | ---- | C] (Mediafour Corporation, support@mediafour.com) -- C:\Program Files\macdrive_7.2.2_en_setup.exe
[2008/06/06 17:11:56 | 003,560,545 | ---- | C] (Acala Software Inc. ) -- C:\Program Files\acaladvdpocketripper.exe
[2008/03/10 18:48:07 | 005,910,696 | ---- | C] (FreeDownloadManager.ORG ) -- C:\Program Files\fdminst.exe
[2007/08/24 10:54:58 | 002,228,534 | ---- | C] ( ) -- C:\Program Files\audacity-win-1.2.6.exe
[2007/02/27 22:39:42 | 002,790,864 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player.exe
[10 C:\Documents and Settings\Evan's profile.EVAN\My Documents\*.tmp files -> C:\Documents and Settings\Evan's profile.EVAN\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/02 21:22:04 | 000,017,210 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2011/02/02 21:22:03 | 000,143,251 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/02/02 21:17:41 | 000,063,783 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2011/02/02 21:17:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/02 21:17:31 | 1071,792,128 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/02 15:07:18 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/02/02 13:30:12 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\OTL custom fix - 2-2-11.doc
[2011/02/02 10:50:13 | 000,411,258 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Mcafee AV Plus firewall settings dialog.psd
[2011/02/02 09:56:02 | 000,143,251 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/01/31 21:54:58 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Word.lnk
[2011/01/31 21:29:08 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\My Documents\January Monthly Expenses.xls
[2011/01/31 21:29:07 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\My Documents\Joint Expenses Spreadsheet 1-29-11.xls
[2011/01/30 21:41:43 | 001,470,034 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\stable processes5.psd
[2011/01/30 15:16:53 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\My Documents\Expenses Spreadsheet 1-29-11.xls
[2011/01/30 14:43:48 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel.lnk
[2011/01/29 18:16:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/26 01:58:46 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\OTL.exe
[2011/01/21 20:37:44 | 000,104,299 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\document manager vault - the security chip appears to be disabled.psd
[2011/01/21 20:08:36 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/01/21 20:06:10 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2011/01/21 20:00:19 | 000,003,283 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011/01/20 21:42:29 | 001,105,343 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\stable processes4 copy.jpg
[2011/01/20 17:31:16 | 001,201,152 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\BleepingComputer - Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.doc
[2011/01/20 17:28:20 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\dds.scr
[2011/01/20 17:27:24 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Defogger.exe
[2011/01/18 19:22:01 | 000,070,506 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\notification dll has not been registered.psd
[2011/01/16 13:46:53 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/13 19:57:39 | 001,780,579 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\stable processes3.psd
[2011/01/13 19:45:58 | 002,167,363 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\stable processes2.psd
[2011/01/11 18:17:52 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2011/01/10 08:22:31 | 000,230,120 | ---- | M] (Wilson WindowWare, Inc.) -- C:\WINDOWS\WBDBU32I.DLL
[2011/01/09 20:24:19 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/09 20:20:33 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\SpywareBlaster.lnk
[2011/01/09 19:51:22 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/01/09 19:50:18 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/08 17:26:58 | 000,137,728 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/08 12:42:14 | 001,787,741 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\all programs displayed.psd
[2011/01/08 12:34:56 | 002,514,464 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\processes running.psd
[2011/01/08 01:20:35 | 000,892,317 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-1 copy.jpg
[2011/01/08 01:20:23 | 000,972,469 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-2 copy.jpg
[2011/01/08 01:20:04 | 001,111,045 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-3 copy.jpg
[2011/01/08 01:19:52 | 000,989,378 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-4 copy.jpg
[2011/01/08 01:19:42 | 001,104,871 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-5 copy.jpg
[2011/01/08 01:19:30 | 001,196,550 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-6 copy.jpg
[2011/01/08 01:19:06 | 001,184,743 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-9.jpg
[2011/01/08 01:18:37 | 001,184,743 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-8 copy.jpg
[2011/01/08 01:18:15 | 001,184,743 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-7 copy.jpg
[2011/01/08 00:24:56 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/01/07 20:33:02 | 000,001,024 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-712245372-3583151595-971400384-1005UA.job
[2011/01/07 16:33:01 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-712245372-3583151595-971400384-1005Core.job
[2011/01/07 08:43:30 | 001,737,088 | ---- | M] (Secunia) -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\PSISetup.exe
[2011/01/07 07:52:39 | 000,844,096 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\My Documents\opera6 bookmarks as of 022309.adr
[2011/01/07 07:50:59 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/07 07:50:02 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/01/07 07:02:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/07 07:00:39 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/01/07 02:09:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/05 20:53:58 | 000,719,873 | ---- | M] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\iExplore.exe
[2011/01/05 19:46:12 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\d3qQ6R5cHsecKD3
[10 C:\Documents and Settings\Evan's profile.EVAN\My Documents\*.tmp files -> C:\Documents and Settings\Evan's profile.EVAN\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/02 13:30:11 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\OTL custom fix - 2-2-11.doc
[2011/02/02 10:50:13 | 000,411,258 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Mcafee AV Plus firewall settings dialog.psd
[2011/01/30 15:34:32 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\My Documents\Joint Expenses Spreadsheet 1-29-11.xls
[2011/01/29 15:20:50 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\My Documents\Expenses Spreadsheet 1-29-11.xls
[2011/01/23 10:33:06 | 001,470,034 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\stable processes5.psd
[2011/01/21 20:37:44 | 000,104,299 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\document manager vault - the security chip appears to be disabled.psd
[2011/01/20 21:42:26 | 001,105,343 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\stable processes4 copy.jpg
[2011/01/20 17:31:15 | 001,201,152 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\BleepingComputer - Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.doc
[2011/01/20 17:28:21 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\dds.scr
[2011/01/20 17:27:24 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Defogger.exe
[2011/01/18 19:22:00 | 000,070,506 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\notification dll has not been registered.psd
[2011/01/16 13:37:37 | 000,001,917 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/01/15 15:50:21 | 000,012,890 | ---- | C] () -- C:\Program Files\hijackthis.log
[2011/01/13 19:57:37 | 001,780,579 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\stable processes3.psd
[2011/01/13 19:45:58 | 002,167,363 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\stable processes2.psd
[2011/01/09 20:24:19 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/09 20:20:33 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\SpywareBlaster.lnk
[2011/01/08 12:42:11 | 001,787,741 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\all programs displayed.psd
[2011/01/08 12:34:53 | 002,514,464 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\processes running.psd
[2011/01/08 11:42:32 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/01/08 01:20:33 | 000,892,317 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-1 copy.jpg
[2011/01/08 01:20:22 | 000,972,469 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-2 copy.jpg
[2011/01/08 01:20:02 | 001,111,045 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-3 copy.jpg
[2011/01/08 01:19:51 | 000,989,378 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-4 copy.jpg
[2011/01/08 01:19:41 | 001,104,871 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-5 copy.jpg
[2011/01/08 01:19:28 | 001,196,550 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-6 copy.jpg
[2011/01/08 01:19:04 | 001,184,743 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-9.jpg
[2011/01/08 01:18:36 | 001,184,743 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-8 copy.jpg
[2011/01/08 01:18:10 | 001,184,743 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\Untitled-7 copy.jpg
[2011/01/08 00:24:54 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2011/01/08 00:24:54 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/01/08 00:24:54 | 000,001,650 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk
[2011/01/08 00:24:54 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2011/01/08 00:24:54 | 000,000,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/01/08 00:24:54 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk
[2011/01/08 00:24:54 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk
[2011/01/08 00:24:54 | 000,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2011/01/07 07:52:39 | 000,844,096 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\My Documents\opera6 bookmarks as of 022309.adr
[2011/01/07 07:50:59 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/07 07:50:02 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/01/05 20:54:08 | 000,719,873 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Desktop\iExplore.exe
[2011/01/05 19:46:12 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\d3qQ6R5cHsecKD3
[2010/12/30 17:49:01 | 000,003,024 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\CBCE.B08
[2010/11/15 21:10:40 | 001,685,569 | ---- | C] () -- C:\Program Files\FileZilla_Server-0_9_37.exe
[2010/11/15 21:10:20 | 004,198,724 | ---- | C] () -- C:\Program Files\FileZilla_3.3.4.1_win32-setup.exe
[2010/10/16 16:22:31 | 000,000,244 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\16917.bat
[2010/07/18 21:30:36 | 000,010,598 | ---- | C] () -- C:\Program Files\PreInstallToolLog.txt
[2010/07/18 21:30:12 | 000,001,584 | ---- | C] () -- C:\Program Files\runme.bat
[2010/07/18 13:20:51 | 003,048,960 | ---- | C] () -- C:\Program Files\mvt_en-us.msi
[2009/09/24 19:11:02 | 000,002,494 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/18 22:50:43 | 005,520,384 | ---- | C] () -- C:\Program Files\icytower14_install.exe
[2009/07/10 15:53:22 | 000,195,464 | ---- | C] () -- C:\Program Files\VolumeCareV5.57.prc
[2009/07/10 15:44:55 | 000,293,357 | ---- | C] () -- C:\Program Files\VolumeCareV6.17.prc
[2009/06/22 13:57:45 | 004,008,201 | ---- | C] () -- C:\Program Files\FileZilla_3.2.5_win32-setup.exe
[2009/04/30 22:20:37 | 000,000,675 | ---- | C] () -- C:\Program Files\Pocket DVD Wizard
[2009/04/27 19:49:39 | 000,198,064 | ---- | C] () -- C:\Program Files\MoveMediaPlayer_071303000006.exe
[2009/04/15 15:16:41 | 000,001,613 | ---- | C] () -- C:\Program Files\Documents To Go
[2008/12/05 14:36:31 | 000,000,056 | ---- | C] () -- C:\WINDOWS\TUTORI~1.INI
[2008/11/12 01:52:15 | 000,001,188 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jaksta.smr.lic
[2008/11/12 00:59:18 | 002,320,897 | ---- | C] () -- C:\Program Files\qcd451.exe
[2008/11/04 20:06:27 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/11/04 20:04:11 | 000,201,488 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2008/11/04 20:04:11 | 000,144,144 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2008/11/04 20:04:11 | 000,141,584 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2008/11/04 20:04:11 | 000,063,248 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2008/11/04 20:04:11 | 000,033,040 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2008/10/30 10:29:21 | 000,663,610 | ---- | C] () -- C:\Program Files\MMPlayerLib.prc
[2008/10/30 10:29:21 | 000,436,496 | ---- | C] () -- C:\Program Files\MMPlayer Manual.pdf
[2008/10/30 10:29:21 | 000,334,960 | ---- | C] () -- C:\Program Files\MMMidiInstr.pdb
[2008/10/30 10:29:21 | 000,233,714 | ---- | C] () -- C:\Program Files\MMPlayerGUI.prc
[2008/10/30 10:29:21 | 000,001,564 | ---- | C] () -- C:\Program Files\Readme.txt
[2008/10/30 10:25:28 | 001,839,416 | ---- | C] () -- C:\Program Files\MMPlayerBase2.3.0.zip
[2008/10/28 08:31:43 | 000,850,374 | ---- | C] () -- C:\Program Files\SmartMorph.exe
[2008/10/01 06:58:46 | 004,327,128 | ---- | C] () -- C:\Program Files\AM_CDBurner.exe
[2008/09/17 09:08:02 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\60a7806a-0eea-424c-a464-20f4730cd631
[2008/09/11 21:18:29 | 022,448,944 | ---- | C] () -- C:\Program Files\snagit.exe
[2008/03/19 14:00:08 | 000,006,929 | ---- | C] () -- C:\WINDOWS\Avid FX5.7.ini
[2008/03/19 11:45:15 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\artelinit.dll
[2008/03/19 11:43:56 | 005,774,336 | ---- | C] () -- C:\WINDOWS\System32\RED4 Render Engine 8BPC.dll
[2008/03/19 11:43:55 | 004,798,464 | ---- | C] () -- C:\WINDOWS\System32\RED4 Render Engine 16BPC.dll
[2008/03/19 11:43:16 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2008/03/14 09:18:38 | 002,704,896 | ---- | C] () -- C:\Program Files\WacomTablet_493-3.exe
[2008/03/04 15:09:18 | 012,569,040 | ---- | C] () -- C:\Program Files\cinemaforge.exe
[2008/02/14 14:37:41 | 002,893,669 | ---- | C] () -- C:\Program Files\PrintScreen43_Setup.exe
[2007/12/31 04:44:41 | 010,497,833 | ---- | C] () -- C:\Program Files\cinemaforge.xmfg
[2007/12/19 17:51:31 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\PtSSE2.dll
[2007/12/19 17:51:22 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AvidXPSerial.sys
[2007/12/19 17:51:22 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2007/12/19 17:46:09 | 001,728,606 | ---- | C] () -- C:\WINDOWS\System32\libmmdd.dll
[2007/12/18 18:56:36 | 000,000,584 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/18 16:18:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\DigiPlatformSupport.dll
[2007/12/18 16:14:38 | 001,658,973 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2007/12/14 00:37:26 | 000,001,207 | ---- | C] () -- C:\WINDOWS\S3D.ini
[2007/11/28 14:28:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dssole.INI
[2007/11/28 14:28:23 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll
[2007/11/21 00:37:36 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2007/11/21 00:37:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2007/09/27 19:22:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/09/20 05:27:16 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/09/20 05:27:16 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/09/20 05:27:16 | 000,662,016 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/09/20 05:27:16 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/09/20 05:27:16 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/09/20 05:27:16 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007/09/20 05:27:16 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/09/20 05:27:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/09/20 05:27:16 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/09/20 05:27:16 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/09/20 05:27:16 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/09/20 05:27:16 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/09/20 05:27:16 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/09/20 05:27:16 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/09/20 05:27:16 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007/09/20 05:27:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/09/20 05:27:16 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/09/20 05:27:16 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/08/23 17:30:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/06/08 02:10:16 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2007/06/06 00:11:18 | 000,002,634 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\SAS7_000.DAT
[2007/06/05 23:12:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2007/04/30 12:06:15 | 000,000,281 | ---- | C] () -- C:\WINDOWS\irremote.ini
[2007/04/30 12:05:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2007/03/11 17:58:18 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/03/11 17:58:16 | 000,598,016 | ---- | C] () -- C:\WINDOWS\System32\viscomqtde.dll
[2007/03/08 18:33:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/03/07 08:43:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/02/28 22:18:04 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/28 15:55:23 | 001,035,271 | ---- | C] () -- C:\Program Files\wrar362.exe
[2007/02/24 18:02:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/22 15:44:15 | 000,000,571 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2007/02/22 15:38:18 | 000,009,206 | ---- | C] () -- C:\WINDOWS\NTTuner.ini
[2007/02/19 20:02:01 | 000,003,283 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/19 19:24:00 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/02/19 18:48:34 | 000,137,728 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/19 17:55:38 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Evan's profile.EVAN\Local Settings\Application Data\fusioncache.dat
[2007/01/30 09:18:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/30 09:15:55 | 000,000,357 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/01/30 09:11:55 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2007/01/30 09:11:55 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2007/01/30 09:09:29 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2007/01/30 09:06:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/01/30 09:06:04 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/01/30 08:45:05 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/01/30 08:45:05 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/01/30 08:45:05 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/01/30 08:45:04 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/01/30 08:45:01 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/01/30 08:44:52 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/01/30 08:43:46 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/01/30 00:03:40 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/12/12 11:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_RUS.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ITA.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_FRA.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ESN.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ENU.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_DEU.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_CHS.dll
[2006/06/12 11:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\Tsp.dll
[2006/05/22 09:37:36 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2006/05/22 09:32:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2006/05/22 09:32:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2006/05/22 09:32:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2006/05/22 09:31:52 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2006/05/22 09:31:46 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2006/05/22 09:31:38 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2006/05/22 09:31:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2006/05/22 09:31:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2006/05/22 09:31:18 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2006/05/22 09:31:12 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2006/05/16 13:34:22 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2006/05/16 13:33:06 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2006/05/15 20:08:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll
[2006/05/15 19:52:12 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2006/05/15 19:52:02 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2006/05/15 19:51:52 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2006/05/15 19:51:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2006/05/15 19:51:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2006/05/15 19:51:24 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2006/05/15 19:51:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2006/05/15 19:51:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2006/05/15 19:50:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2006/05/15 19:50:46 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2005/12/01 15:41:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2005/09/20 14:36:06 | 000,798,720 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/07/21 16:03:14 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/07/20 15:27:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/03/18 19:01:20 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2004/01/27 07:13:02 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib_dec.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2000/08/04 12:41:06 | 000,447,777 | ---- | C] () -- C:\WINDOWS\System32\DAE.dll.rsr
[1996/02/23 16:34:48 | 000,014,629 | ---- | C] () -- C:\WINDOWS\System32\Declw.dll
[1996/02/22 14:09:20 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\Decln.dll

========== LOP Check ==========

[2007/12/18 17:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avid
[2009/04/15 15:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2007/02/21 20:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/03/12 15:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mediafour
[2007/06/05 23:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2007/12/18 19:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2008/11/04 20:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/09/30 18:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2007/06/05 23:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/11/26 00:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/01/30 09:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2010/10/16 23:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Aksey
[2007/03/06 21:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Aladdin Systems
[2007/12/18 17:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Avid
[2009/06/11 08:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\CCS64
[2009/06/24 20:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\FileZilla
[2007/02/21 20:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\HotSync
[2010/10/16 16:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Izip
[2011/01/03 17:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Jaksta
[2010/09/18 15:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\JAM Software
[2007/02/20 19:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Leadertech
[2009/06/18 16:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\NetMedia Providers
[2007/06/05 23:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Nuance
[2007/02/27 18:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Opera
[2007/12/18 19:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\PACE Anti-Piracy
[2009/06/18 16:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Publish Providers
[2008/09/29 22:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\RapidSolution
[2009/09/23 14:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\SanDisk
[2007/03/13 11:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Thunderbird
[2008/09/29 21:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Tunebite
[2008/12/25 09:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Viewpoint
[2011/01/31 21:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evan's profile.EVAN\Application Data\Wave Systems Corp
[2011/01/07 02:09:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >




-------------




TDSKiller Log:

2011/02/03 10:39:16.0781 1932 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/03 10:39:16.0796 1932 ================================================================================
2011/02/03 10:39:16.0796 1932 SystemInfo:
2011/02/03 10:39:16.0796 1932
2011/02/03 10:39:16.0796 1932 OS Version: 5.1.2600 ServicePack: 2.0
2011/02/03 10:39:16.0796 1932 Product type: Workstation
2011/02/03 10:39:16.0796 1932 ComputerName: EVAN
2011/02/03 10:39:16.0796 1932 UserName: Evan's profile
2011/02/03 10:39:16.0796 1932 Windows directory: C:\WINDOWS
2011/02/03 10:39:16.0796 1932 System windows directory: C:\WINDOWS
2011/02/03 10:39:16.0796 1932 Processor architecture: Intel x86
2011/02/03 10:39:16.0796 1932 Number of processors: 2
2011/02/03 10:39:16.0796 1932 Page size: 0x1000
2011/02/03 10:39:16.0796 1932 Boot type: Normal boot
2011/02/03 10:39:16.0796 1932 ================================================================================
2011/02/03 10:39:17.0281 1932 Initialize success
2011/02/03 10:39:21.0718 4060 ================================================================================
2011/02/03 10:39:21.0718 4060 Scan started
2011/02/03 10:39:21.0718 4060 Mode: Manual;
2011/02/03 10:39:21.0718 4060 ================================================================================
2011/02/03 10:39:23.0296 4060 61883 (86d7b1e70661d754685b9ac6d749aae5) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/02/03 10:39:23.0406 4060 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/02/03 10:39:23.0437 4060 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/03 10:39:23.0468 4060 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/03 10:39:23.0593 4060 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/02/03 10:39:23.0640 4060 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/02/03 10:39:23.0718 4060 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/02/03 10:39:23.0734 4060 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/03 10:39:23.0843 4060 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/02/03 10:39:23.0890 4060 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/02/03 10:39:23.0953 4060 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/02/03 10:39:24.0000 4060 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/02/03 10:39:24.0046 4060 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/02/03 10:39:24.0078 4060 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/02/03 10:39:24.0171 4060 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/02/03 10:39:24.0234 4060 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/02/03 10:39:24.0281 4060 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/02/03 10:39:24.0328 4060 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/02/03 10:39:24.0359 4060 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/02/03 10:39:24.0468 4060 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/02/03 10:39:24.0500 4060 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/02/03 10:39:24.0562 4060 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/02/03 10:39:24.0593 4060 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/03 10:39:24.0625 4060 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/03 10:39:24.0765 4060 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/03 10:39:24.0796 4060 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/03 10:39:24.0843 4060 Avc (87c223adb8f7596b31caae3c67b16ddd) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/02/03 10:39:24.0906 4060 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/02/03 10:39:25.0046 4060 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/02/03 10:39:25.0109 4060 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/03 10:39:25.0156 4060 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/02/03 10:39:25.0218 4060 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/03 10:39:25.0281 4060 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/03 10:39:25.0343 4060 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/02/03 10:39:25.0375 4060 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/03 10:39:25.0468 4060 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/03 10:39:25.0500 4060 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/03 10:39:25.0562 4060 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys
2011/02/03 10:39:25.0609 4060 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/02/03 10:39:25.0656 4060 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/02/03 10:39:25.0703 4060 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/02/03 10:39:25.0812 4060 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/02/03 10:39:25.0859 4060 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/02/03 10:39:25.0890 4060 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/02/03 10:39:25.0968 4060 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/03 10:39:26.0015 4060 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/02/03 10:39:26.0125 4060 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/02/03 10:39:26.0156 4060 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/02/03 10:39:26.0171 4060 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/02/03 10:39:26.0203 4060 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/02/03 10:39:26.0218 4060 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/02/03 10:39:26.0234 4060 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/02/03 10:39:26.0265 4060 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/02/03 10:39:26.0328 4060 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/02/03 10:39:26.0484 4060 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/03 10:39:26.0578 4060 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/03 10:39:26.0609 4060 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/03 10:39:26.0718 4060 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/03 10:39:26.0781 4060 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/02/03 10:39:26.0828 4060 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/03 10:39:26.0890 4060 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/02/03 10:39:26.0906 4060 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/02/03 10:39:26.0953 4060 DSSUSB1 (0566ba8f2f45df73aec1ebe64e0bcc05) C:\WINDOWS\system32\DRIVERS\DSSUSB1.sys
2011/02/03 10:39:27.0062 4060 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/03 10:39:27.0140 4060 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/03 10:39:27.0187 4060 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/03 10:39:27.0218 4060 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/03 10:39:27.0281 4060 Flamethrower (83f031125fe2c3c3a208f8d18fc211c7) C:\WINDOWS\system32\drivers\Flamethrower.sys
2011/02/03 10:39:27.0312 4060 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/03 10:39:27.0437 4060 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/02/03 10:39:27.0515 4060 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/03 10:39:27.0531 4060 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/03 10:39:27.0562 4060 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/02/03 10:39:27.0609 4060 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/03 10:39:27.0656 4060 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/03 10:39:27.0781 4060 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/03 10:39:27.0875 4060 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/02/03 10:39:27.0921 4060 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/02/03 10:39:28.0000 4060 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/02/03 10:39:28.0062 4060 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/02/03 10:39:28.0140 4060 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/02/03 10:39:28.0312 4060 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2011/02/03 10:39:28.0375 4060 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/03 10:39:28.0500 4060 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/02/03 10:39:28.0531 4060 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/02/03 10:39:28.0562 4060 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/03 10:39:28.0593 4060 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/03 10:39:28.0640 4060 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/02/03 10:39:28.0671 4060 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/03 10:39:28.0718 4060 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/03 10:39:28.0828 4060 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/02/03 10:39:28.0859 4060 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/03 10:39:28.0875 4060 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/03 10:39:28.0921 4060 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/03 10:39:28.0953 4060 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/03 10:39:29.0218 4060 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/03 10:39:29.0265 4060 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/03 10:39:29.0328 4060 JakNDis (fcfe5f566e01264643a3175beb4c8280) C:\WINDOWS\system32\DRIVERS\JakNDis.sys
2011/02/03 10:39:29.0343 4060 JakNDisMP (fcfe5f566e01264643a3175beb4c8280) C:\WINDOWS\system32\DRIVERS\JakNDis.sys
2011/02/03 10:39:29.0390 4060 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/03 10:39:29.0437 4060 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/03 10:39:29.0468 4060 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/03 10:39:29.0593 4060 MaxtorFrontPanel1 (dad2801f46631b625fb4fb37265fbe6e) C:\WINDOWS\system32\DRIVERS\mxofwfp.sys
2011/02/03 10:39:29.0703 4060 MDFSYSNT (757e78cdba32845be99b31388d662689) C:\WINDOWS\system32\drivers\MDFSYSNT.sys
2011/02/03 10:39:29.0796 4060 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/02/03 10:39:29.0843 4060 MDPMGRNT (829944745b39185c82d2d606752759ce) C:\WINDOWS\system32\drivers\MDPMGRNT.sys
2011/02/03 10:39:29.0890 4060 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/02/03 10:39:29.0984 4060 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/02/03 10:39:30.0031 4060 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/02/03 10:39:30.0140 4060 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/02/03 10:39:30.0265 4060 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/02/03 10:39:30.0343 4060 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/02/03 10:39:30.0359 4060 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/02/03 10:39:30.0421 4060 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/02/03 10:39:30.0468 4060 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/02/03 10:39:30.0500 4060 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/03 10:39:30.0562 4060 mod7700 (89048e80d30b352ba4a5fa1320d943c0) C:\WINDOWS\system32\Drivers\dvb7700all.sys
2011/02/03 10:39:30.0687 4060 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/03 10:39:30.0750 4060 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/03 10:39:30.0812 4060 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/03 10:39:30.0828 4060 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/03 10:39:30.0875 4060 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/02/03 10:39:30.0921 4060 MPFP (136157e79849b9e5316ba4008d6075a8) C:\WINDOWS\system32\Drivers\Mpfp.sys
2011/02/03 10:39:31.0015 4060 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/02/03 10:39:31.0093 4060 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/03 10:39:31.0171 4060 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/03 10:39:31.0296 4060 MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/02/03 10:39:31.0328 4060 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/03 10:39:31.0375 4060 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/03 10:39:31.0390 4060 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/03 10:39:31.0406 4060 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/03 10:39:31.0437 4060 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/03 10:39:31.0562 4060 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/03 10:39:31.0609 4060 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/03 10:39:31.0656 4060 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/03 10:39:31.0687 4060 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/03 10:39:31.0718 4060 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/03 10:39:31.0828 4060 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/03 10:39:31.0859 4060 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/03 10:39:31.0890 4060 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/03 10:39:31.0937 4060 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/03 10:39:32.0000 4060 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/03 10:39:32.0046 4060 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/03 10:39:32.0093 4060 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/02/03 10:39:32.0140 4060 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/03 10:39:32.0203 4060 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/03 10:39:32.0312 4060 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/03 10:39:32.0359 4060 NuVision (329c8a00d281e938d5c7dfe49b45f173) C:\WINDOWS\system32\DRIVERS\NUVision.sys
2011/02/03 10:39:32.0515 4060 nv (f238620bc9d2fdf8734948c0a4441707) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/03 10:39:32.0765 4060 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/03 10:39:32.0781 4060 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/03 10:39:32.0812 4060 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/02/03 10:39:32.0906 4060 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2011/02/03 10:39:32.0937 4060 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/03 10:39:32.0984 4060 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/03 10:39:33.0093 4060 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/03 10:39:33.0140 4060 PBADRV (6ef25fb20cd269e3e51d8ca54935fff2) C:\WINDOWS\system32\drivers\pbadrv.sys
2011/02/03 10:39:33.0187 4060 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/03 10:39:33.0250 4060 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/03 10:39:33.0296 4060 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/03 10:39:33.0390 4060 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\PenClass.sys
2011/02/03 10:39:33.0421 4060 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/02/03 10:39:33.0453 4060 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/02/03 10:39:33.0515 4060 PhilCam8116 (8754763a924639b9d07d4c8ea9990f1e) C:\WINDOWS\system32\DRIVERS\CamDrO21.sys
2011/02/03 10:39:33.0640 4060 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/03 10:39:33.0671 4060 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/03 10:39:33.0703 4060 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/03 10:39:33.0750 4060 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/03 10:39:33.0781 4060 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/02/03 10:39:33.0875 4060 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/02/03 10:39:33.0921 4060 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/02/03 10:39:33.0953 4060 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/02/03 10:39:34.0000 4060 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/02/03 10:39:34.0046 4060 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/03 10:39:34.0078 4060 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/03 10:39:34.0093 4060 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/03 10:39:34.0203 4060 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/03 10:39:34.0265 4060 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/03 10:39:34.0296 4060 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/03 10:39:34.0328 4060 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/03 10:39:34.0390 4060 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/03 10:39:34.0500 4060 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/03 10:39:34.0531 4060 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/02/03 10:39:34.0562 4060 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/02/03 10:39:34.0593 4060 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/02/03 10:39:34.0718 4060 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/02/03 10:39:34.0750 4060 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/02/03 10:39:34.0890 4060 sbp2port (3e2c3b180872be4120f246d85560b734) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2011/02/03 10:39:34.0906 4060 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/02/03 10:39:34.0968 4060 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/03 10:39:35.0062 4060 Sentinel (b3c1b187fefc941f63ce0df93d02eb9f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
2011/02/03 10:39:35.0109 4060 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/03 10:39:35.0234 4060 Serial (94d37c152d20c3739574d9754e5791cc) C:\WINDOWS\system32\DRIVERS\avidXPserial.sys
2011/02/03 10:39:35.0296 4060 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/02/03 10:39:35.0312 4060 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/02/03 10:39:35.0343 4060 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/03 10:39:35.0406 4060 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/02/03 10:39:35.0453 4060 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/03 10:39:35.0593 4060 SNTNLUSB (054c6d41933b3bdb09dca17de08a97b2) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
2011/02/03 10:39:35.0625 4060 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/02/03 10:39:35.0671 4060 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/03 10:39:35.0703 4060 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/03 10:39:35.0765 4060 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/03 10:39:35.0906 4060 sst227 (a910550edfb87a7ee5a5ebec7cb35e54) C:\WINDOWS\system32\drivers\sst227.sys
2011/02/03 10:39:36.0000 4060 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
2011/02/03 10:39:36.0156 4060 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/03 10:39:36.0203 4060 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/03 10:39:36.0265 4060 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/03 10:39:36.0328 4060 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/02/03 10:39:36.0343 4060 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/02/03 10:39:36.0453 4060 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/02/03 10:39:36.0468 4060 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/02/03 10:39:36.0515 4060 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/02/03 10:39:36.0578 4060 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/03 10:39:36.0640 4060 tbhsd (f03ed3bf512be849daa1f6131eb50fb4) C:\WINDOWS\system32\drivers\tbhsd.sys
2011/02/03 10:39:36.0687 4060 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/03 10:39:36.0812 4060 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/03 10:39:36.0828 4060 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/03 10:39:36.0875 4060 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/03 10:39:36.0921 4060 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/02/03 10:39:36.0968 4060 TPkd (15fb67eb022a74b30e278d19b03da3b4) C:\WINDOWS\system32\drivers\TPkd.sys
2011/02/03 10:39:37.0015 4060 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/03 10:39:37.0046 4060 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/02/03 10:39:37.0140 4060 UnlockerDriver5 (0f8c01ec10588c0bd2e319df3d4c04fc) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/02/03 10:39:37.0296 4060 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/03 10:39:37.0390 4060 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/03 10:39:37.0453 4060 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/03 10:39:37.0531 4060 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
2011/02/03 10:39:37.0593 4060 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/03 10:39:37.0640 4060 usbhub (ace960e54148821e8e48f5d191562c28) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/03 10:39:37.0687 4060 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/03 10:39:37.0734 4060 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/03 10:39:37.0828 4060 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/03 10:39:37.0890 4060 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/03 10:39:37.0906 4060 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/02/03 10:39:37.0953 4060 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/02/03 10:39:37.0984 4060 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/03 10:39:38.0046 4060 VNUSB (ae01e1ed5a81e0d268b91b4a6de5a872) C:\WINDOWS\system32\DRIVERS\VNUSB.sys
2011/02/03 10:39:38.0125 4060 VolSnap (730f6c1fde94b1f0ab2348795cb39c73) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/03 10:39:38.0125 4060 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 730f6c1fde94b1f0ab2348795cb39c73, Fake md5: ee4660083deba849ff6c485d944b379b
2011/02/03 10:39:38.0140 4060 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/02/03 10:39:38.0203 4060 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/03 10:39:38.0281 4060 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/03 10:39:38.0359 4060 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/02/03 10:39:38.0500 4060 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/02/03 10:39:38.0546 4060 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/02/03 10:39:38.0578 4060 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/02/03 10:39:38.0625 4060 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/03 10:39:38.0671 4060 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/03 10:39:38.0703 4060 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/03 10:39:38.0968 4060 ================================================================================
2011/02/03 10:39:38.0968 4060 Scan finished
2011/02/03 10:39:38.0968 4060 ================================================================================
2011/02/03 10:39:39.0000 0508 Detected object count: 1
2011/02/03 11:03:22.0750 0508 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Skip
2011/02/03 11:05:36.0734 0580 ================================================================================
2011/02/03 11:05:36.0734 0580 Scan started
2011/02/03 11:05:36.0734 0580 Mode: Manual;
2011/02/03 11:05:36.0734 0580 ================================================================================
2011/02/03 11:05:37.0156 0580 61883 (86d7b1e70661d754685b9ac6d749aae5) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/02/03 11:05:37.0203 0580 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/02/03 11:05:37.0250 0580 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/03 11:05:37.0281 0580 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/03 11:05:37.0312 0580 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/02/03 11:05:37.0359 0580 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/02/03 11:05:37.0500 0580 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/02/03 11:05:37.0546 0580 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/03 11:05:37.0609 0580 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/02/03 11:05:37.0625 0580 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/02/03 11:05:37.0656 0580 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/02/03 11:05:37.0687 0580 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/02/03 11:05:37.0812 0580 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/02/03 11:05:37.0843 0580 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/02/03 11:05:37.0875 0580 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/02/03 11:05:37.0906 0580 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/02/03 11:05:37.0937 0580 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/02/03 11:05:37.0984 0580 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/02/03 11:05:38.0093 0580 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/02/03 11:05:38.0125 0580 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/02/03 11:05:38.0156 0580 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/02/03 11:05:38.0218 0580 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/02/03 11:05:38.0250 0580 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/03 11:05:38.0281 0580 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/03 11:05:38.0421 0580 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/03 11:05:38.0453 0580 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/03 11:05:38.0515 0580 Avc (87c223adb8f7596b31caae3c67b16ddd) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/02/03 11:05:38.0578 0580 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/02/03 11:05:38.0625 0580 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/02/03 11:05:38.0750 0580 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/03 11:05:38.0781 0580 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/02/03 11:05:38.0796 0580 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/03 11:05:38.0843 0580 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/03 11:05:38.0875 0580 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/02/03 11:05:38.0906 0580 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/03 11:05:38.0937 0580 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/03 11:05:39.0015 0580 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/03 11:05:39.0078 0580 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys
2011/02/03 11:05:39.0171 0580 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/02/03 11:05:39.0203 0580 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/02/03 11:05:39.0250 0580 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/02/03 11:05:39.0359 0580 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/02/03 11:05:39.0421 0580 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/02/03 11:05:39.0453 0580 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/02/03 11:05:39.0515 0580 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/03 11:05:39.0625 0580 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/02/03 11:05:39.0656 0580 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/02/03 11:05:39.0703 0580 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/02/03 11:05:39.0734 0580 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/02/03 11:05:39.0750 0580 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/02/03 11:05:39.0859 0580 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/02/03 11:05:39.0906 0580 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/02/03 11:05:39.0937 0580 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/02/03 11:05:39.0953 0580 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/02/03 11:05:40.0046 0580 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/03 11:05:40.0171 0580 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/03 11:05:40.0203 0580 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/03 11:05:40.0250 0580 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/03 11:05:40.0296 0580 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/02/03 11:05:40.0343 0580 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/03 11:05:40.0500 0580 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/02/03 11:05:40.0515 0580 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/02/03 11:05:40.0562 0580 DSSUSB1 (0566ba8f2f45df73aec1ebe64e0bcc05) C:\WINDOWS\system32\DRIVERS\DSSUSB1.sys
2011/02/03 11:05:40.0609 0580 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/03 11:05:40.0640 0580 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/03 11:05:40.0687 0580 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/03 11:05:40.0734 0580 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/03 11:05:40.0875 0580 Flamethrower (83f031125fe2c3c3a208f8d18fc211c7) C:\WINDOWS\system32\drivers\Flamethrower.sys
2011/02/03 11:05:40.0921 0580 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/03 11:05:40.0968 0580 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/02/03 11:05:41.0000 0580 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/03 11:05:41.0015 0580 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/03 11:05:41.0046 0580 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/02/03 11:05:41.0156 0580 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/03 11:05:41.0218 0580 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/03 11:05:41.0281 0580 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/03 11:05:41.0328 0580 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/02/03 11:05:41.0359 0580 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/02/03 11:05:41.0406 0580 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/02/03 11:05:41.0531 0580 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/02/03 11:05:41.0625 0580 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/02/03 11:05:41.0781 0580 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2011/02/03 11:05:41.0828 0580 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/03 11:05:41.0859 0580 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/02/03 11:05:41.0906 0580 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/02/03 11:05:41.0937 0580 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/03 11:05:42.0046 0580 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/03 11:05:42.0093 0580 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/02/03 11:05:42.0125 0580 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/03 11:05:42.0171 0580 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/03 11:05:42.0203 0580 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/02/03 11:05:42.0218 0580 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/03 11:05:42.0234 0580 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/03 11:05:42.0296 0580 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/03 11:05:42.0328 0580 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/03 11:05:42.0453 0580 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/03 11:05:42.0500 0580 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/03 11:05:42.0562 0580 JakNDis (fcfe5f566e01264643a3175beb4c8280) C:\WINDOWS\system32\DRIVERS\JakNDis.sys
2011/02/03 11:05:42.0578 0580 JakNDisMP (fcfe5f566e01264643a3175beb4c8280) C:\WINDOWS\system32\DRIVERS\JakNDis.sys
2011/02/03 11:05:42.0625 0580 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/03 11:05:42.0671 0580 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/03 11:05:42.0796 0580 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/03 11:05:42.0890 0580 MaxtorFrontPanel1 (dad2801f46631b625fb4fb37265fbe6e) C:\WINDOWS\system32\DRIVERS\mxofwfp.sys
2011/02/03 11:05:42.0968 0580 MDFSYSNT (757e78cdba32845be99b31388d662689) C:\WINDOWS\system32\drivers\MDFSYSNT.sys
2011/02/03 11:05:43.0031 0580 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/02/03 11:05:43.0140 0580 MDPMGRNT (829944745b39185c82d2d606752759ce) C:\WINDOWS\system32\drivers\MDPMGRNT.sys
2011/02/03 11:05:43.0218 0580 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/02/03 11:05:43.0250 0580 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/02/03 11:05:43.0296 0580 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/02/03 11:05:43.0359 0580 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/02/03 11:05:43.0484 0580 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/02/03 11:05:43.0531 0580 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/02/03 11:05:43.0546 0580 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/02/03 11:05:43.0593 0580 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/02/03 11:05:43.0640 0580 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/02/03 11:05:43.0734 0580 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/03 11:05:43.0812 0580 mod7700 (89048e80d30b352ba4a5fa1320d943c0) C:\WINDOWS\system32\Drivers\dvb7700all.sys
2011/02/03 11:05:43.0859 0580 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/03 11:05:43.0906 0580 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/03 11:05:43.0984 0580 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/03 11:05:44.0031 0580 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/03 11:05:44.0078 0580 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/02/03 11:05:44.0156 0580 MPFP (136157e79849b9e5316ba4008d6075a8) C:\WINDOWS\system32\Drivers\Mpfp.sys
2011/02/03 11:05:44.0218 0580 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/02/03 11:05:44.0281 0580 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/03 11:05:44.0328 0580 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/03 11:05:44.0453 0580 MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/02/03 11:05:44.0500 0580 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/03 11:05:44.0562 0580 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/03 11:05:44.0593 0580 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/03 11:05:44.0703 0580 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/03 11:05:44.0734 0580 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/03 11:05:44.0781 0580 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/03 11:05:44.0812 0580 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/03 11:05:44.0859 0580 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/03 11:05:44.0953 0580 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/03 11:05:45.0015 0580 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/03 11:05:45.0046 0580 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/03 11:05:45.0062 0580 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/03 11:05:45.0093 0580 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/03 11:05:45.0156 0580 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/03 11:05:45.0234 0580 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/03 11:05:45.0265 0580 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/03 11:05:45.0328 0580 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/02/03 11:05:45.0359 0580 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/03 11:05:45.0437 0580 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/03 11:05:45.0531 0580 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/03 11:05:45.0593 0580 NuVision (329c8a00d281e938d5c7dfe49b45f173) C:\WINDOWS\system32\DRIVERS\NUVision.sys
2011/02/03 11:05:45.0734 0580 nv (f238620bc9d2fdf8734948c0a4441707) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/03 11:05:45.0906 0580 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/03 11:05:45.0921 0580 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/03 11:05:45.0953 0580 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/02/03 11:05:46.0031 0580 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2011/02/03 11:05:46.0078 0580 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/03 11:05:46.0109 0580 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/03 11:05:46.0234 0580 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/03 11:05:46.0265 0580 PBADRV (6ef25fb20cd269e3e51d8ca54935fff2) C:\WINDOWS\system32\drivers\pbadrv.sys
2011/02/03 11:05:46.0312 0580 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/03 11:05:46.0375 0580 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/03 11:05:46.0421 0580 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/03 11:05:46.0515 0580 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\PenClass.sys
2011/02/03 11:05:46.0546 0580 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/02/03 11:05:46.0578 0580 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/02/03 11:05:46.0656 0580 PhilCam8116 (8754763a924639b9d07d4c8ea9990f1e) C:\WINDOWS\system32\DRIVERS\CamDrO21.sys
2011/02/03 11:05:46.0796 0580 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/03 11:05:46.0828 0580 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/03 11:05:46.0843 0580 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/03 11:05:46.0906 0580 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/03 11:05:46.0953 0580 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/02/03 11:05:47.0046 0580 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/02/03 11:05:47.0062 0580 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/02/03 11:05:47.0109 0580 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/02/03 11:05:47.0125 0580 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/02/03 11:05:47.0156 0580 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/03 11:05:47.0187 0580 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/03 11:05:47.0234 0580 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/03 11:05:47.0281 0580 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/03 11:05:47.0406 0580 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/03 11:05:47.0468 0580 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/03 11:05:47.0531 0580 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/03 11:05:47.0609 0580 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/03 11:05:47.0718 0580 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/03 11:05:47.0750 0580 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/02/03 11:05:47.0781 0580 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/02/03 11:05:47.0812 0580 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/02/03 11:05:47.0937 0580 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/02/03 11:05:47.0968 0580 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/02/03 11:05:48.0109 0580 sbp2port (3e2c3b180872be4120f246d85560b734) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2011/02/03 11:05:48.0140 0580 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/02/03 11:05:48.0187 0580 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/03 11:05:48.0250 0580 Sentinel (b3c1b187fefc941f63ce0df93d02eb9f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
2011/02/03 11:05:48.0296 0580 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/03 11:05:48.0421 0580 Serial (94d37c152d20c3739574d9754e5791cc) C:\WINDOWS\system32\DRIVERS\avidXPserial.sys
2011/02/03 11:05:48.0484 0580 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/02/03 11:05:48.0500 0580 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/02/03 11:05:48.0531 0580 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/03 11:05:48.0593 0580 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/02/03 11:05:48.0656 0580 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/03 11:05:48.0796 0580 SNTNLUSB (054c6d41933b3bdb09dca17de08a97b2) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
2011/02/03 11:05:48.0828 0580 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/02/03 11:05:48.0875 0580 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/03 11:05:48.0906 0580 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/03 11:05:48.0968 0580 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/03 11:05:49.0125 0580 sst227 (a910550edfb87a7ee5a5ebec7cb35e54) C:\WINDOWS\system32\drivers\sst227.sys
2011/02/03 11:05:49.0203 0580 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
2011/02/03 11:05:49.0343 0580 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/03 11:05:49.0375 0580 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/03 11:05:49.0421 0580 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/03 11:05:49.0453 0580 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/02/03 11:05:49.0484 0580 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/02/03 11:05:49.0515 0580 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/02/03 11:05:49.0609 0580 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/02/03 11:05:49.0671 0580 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/02/03 11:05:49.0734 0580 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/03 11:05:49.0796 0580 tbhsd (f03ed3bf512be849daa1f6131eb50fb4) C:\WINDOWS\system32\drivers\tbhsd.sys
2011/02/03 11:05:49.0859 0580 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/03 11:05:49.0984 0580 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/03 11:05:50.0000 0580 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/03 11:05:50.0046 0580 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/03 11:05:50.0093 0580 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/02/03 11:05:50.0156 0580 TPkd (15fb67eb022a74b30e278d19b03da3b4) C:\WINDOWS\system32\drivers\TPkd.sys
2011/02/03 11:05:50.0187 0580 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/03 11:05:50.0218 0580 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/02/03 11:05:50.0312 0580 UnlockerDriver5 (0f8c01ec10588c0bd2e319df3d4c04fc) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/02/03 11:05:50.0484 0580 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/03 11:05:50.0546 0580 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/03 11:05:50.0593 0580 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/03 11:05:50.0718 0580 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
2011/02/03 11:05:50.0734 0580 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/03 11:05:50.0781 0580 usbhub (ace960e54148821e8e48f5d191562c28) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/03 11:05:50.0828 0580 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/03 11:05:50.0890 0580 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/03 11:05:50.0984 0580 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/03 11:05:51.0062 0580 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/03 11:05:51.0078 0580 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/02/03 11:05:51.0109 0580 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/02/03 11:05:51.0140 0580 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/03 11:05:51.0187 0580 VNUSB (ae01e1ed5a81e0d268b91b4a6de5a872) C:\WINDOWS\system32\DRIVERS\VNUSB.sys
2011/02/03 11:05:51.0265 0580 VolSnap (730f6c1fde94b1f0ab2348795cb39c73) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/03 11:05:51.0265 0580 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 730f6c1fde94b1f0ab2348795cb39c73, Fake md5: ee4660083deba849ff6c485d944b379b
2011/02/03 11:05:51.0281 0580 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/02/03 11:05:51.0359 0580 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/03 11:05:51.0500 0580 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/03 11:05:51.0593 0580 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/02/03 11:05:51.0734 0580 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/02/03 11:05:51.0828 0580 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/02/03 11:05:51.0859 0580 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/02/03 11:05:51.0906 0580 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/03 11:05:52.0046 0580 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/03 11:05:52.0078 0580 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/03 11:05:52.0406 0580 ================================================================================
2011/02/03 11:05:52.0406 0580 Scan finished
2011/02/03 11:05:52.0406 0580 ================================================================================
2011/02/03 11:05:52.0437 1552 Detected object count: 1
2011/02/03 11:07:48.0343 1552 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Skip

#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:10:40 AM

Posted 03 February 2011 - 11:48 AM

Hi,

Thanks for the feedback, please do the following as posted.


1. Please follow the instruction on how to disable McAfee so it will not interfere while we run ComboFix.

How to disable McAfee:

  • Please open McAfee Security Centre
  • Under Common Tasks click on Home
  • Click Computer Files
  • Click Configure
  • Make sure the following are disabled by ticking the "Off" button.

    Virus protection
    Spyware protection
    System Guards Protection
    Script Scanning Protection (you may have to scroll down to see it)

  • Next, select never for "When to re-enable real time scanning"
  • and click OK.
Further info on disabling and re-enabling McAfee: http://help.aol.com/help/microsites/microsite.do?cmd=displayKCPopup&docType=kc&externalID=222820

Note: Please do not run ComboFix if you're unable to disable McAfee.



2. Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 eds1011

eds1011
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 03 February 2011 - 02:04 PM

I have McAfee AntiVirus Plus so the setup I see in the "Home" view is different than what you described. The specific things you told me to turn off do not appear there. Please let me know how to disable those things from within McAfee AntiVirus Plus if you can.

In the meantime I will download Combofix and wait for your response.

Thanks again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users