Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VERY slow, browser pages redirecting, goes black for a few seconds


  • This topic is locked This topic is locked
23 replies to this topic

#1 Teamaker

Teamaker

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 11 July 2011 - 10:37 PM

Hello,
My computer is VERY slow, the browser AND switching between commands when not online (not using the browser, just using the computer). The browser pages keep redirecting and the screen goes black for about 5 seconds at a time when switching between commands when online and off. <_<

I went through the Preparation Guide yet was not able to finish the GMER scan for the rootkits, so I could not attach it to this topic. I unchecked everything the guide told me to uncheck, clicked scan and after a few seconds it would go to a blue screen and tell me that the computer had to shut down to prevent damage to the computer.

The last step of the guide said to post my description of the problem and the DDS log, so it is pasted below. Thank you in advance for any VERY APPRECIATED help.


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Admin at 20:53:10 on 2011-07-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.836 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Guest\AppData\Local\sswat_hwrc_win_live\mattelhwrc_launcher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\HP Software Update\HPWUCli.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\WkDStore.exe
C:\PROGRA~1\MICROS~2\wkgdcach.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\WksWP.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110523181429.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\progra~1\iwinga~1\IWINGA~1.DLL
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [DXDllRegExe] c:\windows\system32\dxdllreg.exe
mRun: [DT HPW] c:\program files\portrait displays\hp my display\DTHtml.exe -startup_folder
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EA76CB46-2C32-4956-B29B-876E2B444942} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F5409F02-64E0-4FE7-B583-DD5AC31B6802} : DhcpNameServer = 192.168.1.254
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2008-8-7 77004]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-2-25 387480]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-2-25 64584]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-2-25 165032]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-5 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-25 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-25 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-25 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-2-25 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-2-25 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-2-25 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-2-25 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-2-25 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-2-25 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-2-25 314088]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-6-19 39984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-2-25 84488]
.
=============== Created Last 30 ================
.
2011-07-12 00:04:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-03 01:26:27 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-20 22:01:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-20 22:01:22 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-20 22:01:22 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-19 20:31:05 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-19 20:30:31 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-19 20:30:29 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-19 20:30:29 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-19 20:30:27 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-19 20:30:25 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-19 20:30:22 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-19 20:30:22 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-19 20:30:22 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-19 20:29:27 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-14 19:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 19:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 19:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 19:01:38 64584 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-04-14 19:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 19:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 19:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 19:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 19:01:38 165032 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-04-14 19:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 19:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe
.
============= FINISH: 20:55:56.25 ===============

Forgot to say that in addition to the other symptoms, when I click to do something, sometimes it kinda greys out and says **** has stopped responding for a few minutes and then finishes with the command I started with.

EDIT: Posts merged ~Budapest

Attached Files


Edited by Budapest, 14 July 2011 - 04:46 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 29 July 2011 - 05:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you!

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/409045 and follow the instructions there. If you do not still need help, this is all you need to do. If you do need help please continue below.

***************************************************

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 06 August 2011 - 06:01 AM

Hello, Teamaker.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.

  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!



Step 1

We need to create an OTL report,
  • Please download OTL from this link.
  • (If that link doesn't work, try this alternate link
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Select "Use Safelist" under "Extra Registry"
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT


  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply. If they are too big to paste in one reply, please split them into separate posts.



Step 2

  • Download TDSSKiller.exe and save it to your desktop.
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
  • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply



Step 3

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 Teamaker

Teamaker
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 07 August 2011 - 06:33 PM

Hello Etavares,

Thank you for your help :)


For step one I did as you asked however, after I clicked the "quick scan" button some of the setting changed. For the "Extra Registry" box that you requested be marked "use safelist", I did click it but after the scan started it was marked "none". Some of the other settings changed after the scan started as well. Here is the first log (OTL.txt)from Notepad:


OTL logfile created on: 8/7/2011 5:58:35 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Admin\Desktop\Etavares_ Bleeping Comp 8-2011
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 43.85% Memory free
3.99 Gb Paging File | 2.63 Gb Available in Paging File | 65.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.60 Gb Total Space | 345.47 Gb Free Space | 75.83% Space Free | Partition Type: NTFS
Drive D: | 10.16 Gb Total Space | 0.98 Gb Free Space | 9.63% Space Free | Partition Type: NTFS

Computer Name: CAROL-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/07 17:37:51 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\Etavares_ Bleeping Comp 8-2011\OTL.exe
PRC - [2011/07/11 19:04:42 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe
PRC - [2011/06/28 07:01:30 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/04/05 11:50:44 | 001,159,888 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/03/26 08:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/01/20 21:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2007/06/29 17:56:06 | 000,278,528 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
PRC - [2007/06/29 17:54:16 | 000,073,728 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2007/06/29 17:53:34 | 000,110,592 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe


========== Modules (SafeList) ==========

MOD - [2011/08/07 17:37:51 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\Etavares_ Bleeping Comp 8-2011\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (LiveUpdate)
SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- -- (Automatic LiveUpdate Scheduler)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 21:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 21:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/06/29 17:54:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,165,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,064,584 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/08/07 22:18:06 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/29 07:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/25 14:02:04 | 000,132,128 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/01/25 14:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/12/12 03:20:00 | 007,629,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/18 10:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/12 10:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/11/16 17:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2004/10/18 07:44:13 | 000,068,672 | ---- | M] (2Wire, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\2WirePCP.sys -- (2WIREPCP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1666486622-773751984-4264904424-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1666486622-773751984-4264904424-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.facebook.com/
IE - HKU\S-1-5-21-1666486622-773751984-4264904424-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1666486622-773751984-4264904424-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1666486622-773751984-4264904424-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/08/19 17:05:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/25 11:59:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/23 18:14:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/08/19 17:05:22 | 000,000,000 | ---D | M]

[2011/05/21 21:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/19 17:21:32 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110523181429.dll (McAfee, Inc.)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - File not found
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1666486622-773751984-4264904424-1003\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-1666486622-773751984-4264904424-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc)
O4 - HKLM..\Run: [DXDllRegExe] File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1666486622-773751984-4264904424-1003\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/05 12:45:51 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe - ()
MsConfig - StartUpReg: Aim6 - hkey= - key= - File not found
MsConfig - StartUpReg: Gadwin PrintScreen - hkey= - key= - C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
MsConfig - StartUpReg: HP Health Check Scheduler - hkey= - key= - File not found
MsConfig - StartUpReg: HPADVISOR - hkey= - key= - File not found
MsConfig - StartUpReg: hpsysdrv - hkey= - key= - c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/07 17:53:05 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2011/08/07 17:45:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Etavares_ Bleeping Comp 8-2011
[2011/08/07 17:43:54 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe
[2011/08/07 16:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/07/30 00:45:36 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\dds.scr
[2011/07/11 21:37:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BleepComLogs

========== Files - Modified Within 30 Days ==========

[2011/08/07 17:54:11 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2011/08/07 17:43:57 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe
[2011/08/07 16:28:28 | 000,005,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/07 16:28:28 | 000,005,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/07 16:28:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/07 16:28:17 | 2011,643,904 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/30 00:57:30 | 000,020,992 | ---- | M] () -- C:\Users\Admin\Desktop\DeFogger_BleepComp _rootkit.wps
[2011/07/30 00:57:30 | 000,000,124 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\wklnhst.dat
[2011/07/30 00:52:24 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe
[2011/07/30 00:50:00 | 000,024,440 | ---- | M] () -- C:\Users\Admin\Documents\System Information 7-30-2011.html
[2011/07/30 00:47:57 | 000,000,680 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2011/07/30 00:45:36 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\dds.scr
[2011/07/29 23:54:08 | 000,000,953 | ---- | M] () -- C:\Users\Admin\Desktop\HP My Display.lnk
[2011/07/29 23:51:09 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/17 21:24:53 | 000,001,182 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/07/17 21:14:28 | 000,345,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/11 22:04:13 | 203,147,914 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/11 20:46:54 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2011/07/11 19:40:25 | 000,000,936 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2011/07/30 00:57:29 | 000,020,992 | ---- | C] () -- C:\Users\Admin\Desktop\DeFogger_BleepComp _rootkit.wps
[2011/07/30 00:52:24 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe
[2011/07/30 00:49:59 | 000,024,440 | ---- | C] () -- C:\Users\Admin\Documents\System Information 7-30-2011.html
[2011/07/30 00:47:57 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2011/07/29 23:54:08 | 000,000,953 | ---- | C] () -- C:\Users\Admin\Desktop\HP My Display.lnk
[2011/07/29 23:51:09 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/17 21:24:53 | 000,001,182 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/07/11 21:35:32 | 2011,643,904 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/11 20:46:54 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2011/07/11 19:40:25 | 000,000,936 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/06/22 15:48:34 | 000,711,168 | ---- | C] () -- C:\Windows\is-4O4IC.exe
[2010/02/16 15:44:50 | 000,000,124 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\wklnhst.dat
[2009/09/17 19:05:27 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 19:05:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/19 16:55:33 | 000,147,948 | ---- | C] () -- C:\Windows\hpoins37.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/27 14:03:32 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009/06/19 16:40:19 | 000,000,093 | ---- | C] () -- C:\Users\Admin\AppData\Local\fusioncache.dat
[2009/05/05 17:53:34 | 000,008,082 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009/03/02 18:50:39 | 000,000,180 | ---- | C] () -- C:\Windows\_delis43.ini
[2009/02/01 13:17:48 | 000,029,191 | ---- | C] () -- C:\Windows\hpoins03.dat
[2009/02/01 12:46:37 | 000,034,468 | ---- | C] () -- C:\Windows\hpomdl03.dat.temp
[2009/02/01 12:46:37 | 000,028,921 | ---- | C] () -- C:\Windows\hpoins03.dat.temp
[2008/12/11 16:42:32 | 000,000,504 | ---- | C] () -- C:\Windows\hpomdl37.dat
[2008/08/07 23:13:32 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2008/08/07 23:09:05 | 000,001,397 | ---- | C] () -- C:\Windows\disney.ini
[2008/08/07 22:59:13 | 000,000,232 | ---- | C] () -- C:\Windows\PowerReg.dat
[2008/08/07 22:47:33 | 000,000,092 | ---- | C] () -- C:\Windows\Cook'n99.ini
[2008/08/07 22:39:18 | 000,000,053 | ---- | C] () -- C:\Windows\wininit.ini
[2008/08/07 22:39:12 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2008/08/07 16:26:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/05/05 12:30:59 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/05/05 12:30:59 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,345,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,642,668 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,119,858 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/08/11 03:07:30 | 000,034,468 | ---- | C] () -- C:\Windows\hpomdl03.dat
[1997/11/15 10:35:26 | 000,264,704 | ---- | C] () -- C:\Windows\VideoSetup.exe
[1997/11/15 10:34:18 | 001,446,912 | ---- | C] () -- C:\Windows\SCEEunin.exe
[1997/11/15 06:54:48 | 000,009,748 | ---- | C] () -- C:\Windows\Froggersetup.ini

========== LOP Check ==========

[2008/09/10 16:42:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\acccore
[2008/08/08 00:00:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DisplayTune
[2008/11/15 12:28:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ForgottenRiddles
[2011/05/05 13:15:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FrostWire
[2008/08/14 20:09:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\iWin
[2008/08/08 00:00:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Snapfish
[2010/02/16 15:44:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Template
[2009/03/07 16:11:43 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\7Wonders
[2008/08/07 22:35:13 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\DisplayTune
[2011/06/15 18:27:20 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\ForgottenRiddles
[2009/02/08 15:38:52 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\iWin
[2008/08/07 16:11:47 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Snapfish
[2009/02/19 18:09:36 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Template
[2008/08/07 23:12:41 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\WildTangent
[2008/08/08 00:02:05 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\DisplayTune
[2009/08/03 19:28:33 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ForgottenRiddles
[2009/12/27 18:13:48 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\iWin
[2008/08/08 00:02:03 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Snapfish
[2010/06/02 13:13:58 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Template
[2011/08/06 21:19:23 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/05/05 12:45:51 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/05/05 13:21:36 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/08/07 16:28:17 | 2011,643,904 | -HS- | M] () -- C:\hiberfil.sys
[2008/08/07 22:23:02 | 000,000,279 | ---- | M] () -- C:\hpcmerr.log
[2008/08/07 23:02:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/09/10 16:42:25 | 000,000,369 | -H-- | M] () -- C:\IPH.PH
[2008/08/07 23:02:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/08/07 16:28:16 | 2325,491,712 | -HS- | M] () -- C:\pagefile.sys
[2008/08/07 22:32:12 | 000,000,173 | ---- | M] () -- C:\pdisdk.log
[2009/07/27 14:03:20 | 000,000,011 | ---- | M] () -- C:\trace.ini

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/10/06 15:37:30 | 000,315,392 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\hpfpp083.dll
[2008/01/20 21:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.sys /90 >
[2011/06/02 08:34:49 | 002,043,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32k.sys

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/08 11:29:07 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/08 11:29:07 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/08 11:29:07 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/08 11:29:09 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/08 11:29:09 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/08 11:29:07 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/08 11:29:07 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/08 11:29:07 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/08 11:29:09 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/08 11:29:09 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:5C12E68D
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:92D18A5E
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:3DA64F2C
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:34FC1C45

< End of report >

#5 Teamaker

Teamaker
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 07 August 2011 - 06:36 PM

Here is the second list (Extras.Txt):

OTL Extras logfile created on: 8/7/2011 5:58:35 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Admin\Desktop\Etavares_ Bleeping Comp 8-2011
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 43.85% Memory free
3.99 Gb Paging File | 2.63 Gb Available in Paging File | 65.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.60 Gb Total Space | 345.47 Gb Free Space | 75.83% Space Free | Partition Type: NTFS
Drive D: | 10.16 Gb Total Space | 0.98 Gb Free Space | 9.63% Space Free | Partition Type: NTFS

Computer Name: CAROL-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1666486622-773751984-4264904424-501]
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B245A57-902D-49F5-BE12-8904BF894A3B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1C7E6237-C1F7-4833-B1CE-43A9B43C174A}" = lport=137 | protocol=17 | dir=in | app=system |
"{1FD5E508-3B49-4EBD-BDD1-9F3AE9703FEE}" = lport=138 | protocol=17 | dir=in | app=system |
"{7C2E1374-CA12-4A70-ADE4-4818D1E6B863}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7F32AB06-3ACE-47B6-B30F-64760AA21544}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9A3BD78A-4FBA-431F-B34E-8D5F23A60685}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AA749B3C-90AD-4190-82F6-26739114DE86}" = rport=445 | protocol=6 | dir=out | app=system |
"{AD00FE1C-D26F-487F-9886-DDE3395A902A}" = rport=137 | protocol=17 | dir=out | app=system |
"{B7295413-1CB7-4595-9F71-6F5A7A8206CB}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B758B224-F28F-4DC7-A10B-DAFC4C87F0AD}" = lport=445 | protocol=6 | dir=in | app=system |
"{E554B227-B277-459D-9DA6-FE8840DBB426}" = lport=139 | protocol=6 | dir=in | app=system |
"{EF25E3CD-8345-4003-97F2-6A9AB03FFD1A}" = rport=138 | protocol=17 | dir=out | app=system |
"{F55BC413-27C4-44EC-ABA9-ACF0B20093C4}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F89AEB04-1815-4F1B-9D84-2C2E5FBCEDA7}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023D8682-E2D3-4A22-B53E-E1185DFCA288}" = dir=in | app=c:\program files\hp\digital imaging\unload\hpqphunl.exe |
"{0470C743-9E01-4763-AFDA-07FB85E99C68}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{06DD8A75-B332-4C63-B1B8-5A4C2EC43CA8}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{12042DF5-6EEA-49C6-969C-1BD260CE07A6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{13B566ED-1382-433D-9D0F-E708E8A4A6E8}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{2812C16E-59FB-4A8F-A5E3-265B84DEC407}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{2A30ECEC-CC9F-4019-A703-A3ABE289480D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{34DE75B1-2A5D-4A38-BF85-E8470D192498}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{389B1B09-8F16-46C2-9526-D9420697FFF5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy.exe |
"{3C6BF4BC-2F1F-492A-8144-5FB94EE46C0E}" = protocol=17 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{3DF40854-3D68-4AC3-AD11-4DC4AEB3DFCC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{417DB1A5-0E49-4E95-955C-C86088278981}" = protocol=6 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{4B2AD038-A676-4C2C-99EB-AD239B87291C}" = protocol=6 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{5A1D7A4C-E070-4898-8580-1F798E1E4AD6}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{63206F99-2633-4B6B-A477-FA10FC0BC78C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{659EA54B-BDD3-4580-B333-EB5B93771ED8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{7E33F8F8-17D2-45A7-ACBC-BFF92914FA21}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{8082827D-E84B-49A0-9EEF-1DD6127E8486}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{8A004189-E827-4340-B4E5-7F3E715DC08D}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{8A5611C9-DCFC-461F-B8F2-5B6EE5A5EBA7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{8E9160DA-3E3F-46E6-A29E-450E14D60D2B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{925E9B25-641D-43FF-BFB9-06878AD63E57}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{93D2DED9-C8BE-4BFD-BD07-D8EEDB728BEB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{9ABB047B-DC2B-4989-A09A-DB32A837059C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A3174B3E-70D4-44C6-818E-C4F8E008F4D8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{C69B4E9D-B95C-4D92-ADAD-B2F1FBB457AE}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{CD1C4BBE-68D2-4404-A984-FAC7CC4CFB4F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D038A532-0463-4FA9-840F-209EDD54679B}" = protocol=17 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{D61E0A73-D7FA-4198-98AE-D207FA8BF8AE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{E71F7F00-5D79-4BE7-B671-BB40116064DB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F1AE0D5A-A5DF-42F8-BB49-5C63B0BB1737}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{F2F7836D-C5B8-47FC-BC76-C0E0587F95A5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{0167F157-DAB9-46b0-86C4-7C66DDA85B48}" = HP Deskjet F4400 All-In-One Driver Software 12.0 Rel .5
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{0409c45d-df44-4b98-93b0-572697aa054a}" = F4400
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1CAD83B0-87A3-4206-BF70-644546808731}" = Overland
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{238F787F-4FE9-4644-8362-30800F50E190}" = MediaSPace
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 23
"{29B11F9F-5E2D-11D4-8BA5-0050BAAA20E2}" = Wheel of Fortune 2nd Edition
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1
"{543B24A5-A285-4FE0-AD7B-2F0E49247AF9}" = Greeting Card Factory Express Workshop
"{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
"{5BDCCFA2-43E0-45CD-ABE4-B05FA9FF9F2B}" = PC Tutor™ Learn Windows Vista™
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111476610}" = 33 Corners
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113347547}" = ZoomBook
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113869880}" = Christmasville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11558597}" = 7 Wonders Treasures of Seven
"{86C1A488-24AD-42F0-BCEF-FDB11FC2BEFA}" = NetZero For Riverdeep
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8BBA35B6-E1A9-4FE0-892B-8F7980584D52}" = NetZero Internet and Voice Offer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
"{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
"{d281ba0e-1617-4a62-bb37-b73671035e36}" = DJ_AIO_05_F4400_Software_Min
"{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library
"{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}" = Unload
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}" = muvee autoProducer 6.1
"3D Frog Frenzy" = 3D Frog Frenzy
"3D Pinball Express" = 3D Pinball Express
"7 Wonders" = 7 Wonders
"7 Wonders II" = 7 Wonders II (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Alabama Smith in Escape from Pompeii" = Alabama Smith in Escape from Pompeii
"Alabama Smith in the Quest of Fate" = Alabama Smith in the Quest of Fate
"Amazing Adventures The Lost Tomb 1.0.0.5" = Amazing Adventures The Lost Tomb 1.0.0.5
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"Board Games" = Board Games
"Card Games" = Card Games
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Cook'n Recipe Organizer" = Cook'n Recipe Organizer
"Disneys Digital Coloring Book Featuring Pooh" = Disneys Digital Coloring Book Featuring Pooh
"Elf Bowling 7" = Elf Bowling 7
"Frogger" = Frogger v1.0
"Gadwin PrintScreen" = Gadwin PrintScreen
"Hawaiian Explorer Lost Island_is1" = Hawaiian Explorer Lost Island 1.0.0.9
"Hawaiian Explorer Pearl Harbor_is1" = Hawaiian Explorer Pearl Harbor 1.0.0.30
"Heroes Of Hellas" = Heroes Of Hellas
"Heroes of Hellas 2: Olympia" = Heroes of Hellas 2: Olympia
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photo & Imaging" = HP Photo & Imaging 3.1
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"Insaniquarium Deluxe 1.1" = Insaniquarium Deluxe 1.1
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"iWinArcade" = iWin Games (remove only)
"JEOPARDY!" = JEOPARDY! (remove only)
"Jewel Quest" = Jewel Quest (remove only)
"Jewel Quest 2" = Jewel Quest 2 (remove only)
"Jewel Quest Solitaire" = Jewel Quest Solitaire (remove only)
"Jewel Quest Solitaire II" = Jewel Quest Solitaire II (remove only)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Mahjong Quest" = Mahjong Quest (remove only)
"Mahjong Quest 2" = Mahjong Quest 2 (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Mavis Beacon Teaches Typing 17" = Mavis Beacon Teaches Typing 17
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mortimer Beckett and the Secrets of Spooky Manor" = Mortimer Beckett and the Secrets of Spooky Manor
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSC" = McAfee SecurityCenter
"Mystery P.I. - The Lottery Ticket 1.0.0.5" = Mystery P.I. - The Lottery Ticket 1.0.0.5
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"Pandora's Box 1.0" = Microsoft Pandora's Box
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Riddle of the Sphinx" = Riddle of the Sphinx 2.0
"Slots 100" = Slots 100
"The Omega Stone_is1" = The Omega Stone
"The Wizard's Pen 1.01" = The Wizard's Pen 1.01
"Top 20 Solid Gold Games" = Top 20 Solid Gold Games
"Top 50 Blazing Games" = Top 50 Blazing Games
"TTM70" = Talk to Me
"Wheel of Fortune" = Wheel of Fortune (remove only)
"WildTangent hp Master Uninstall" = My HP Games
"Yahoo! Applications" = AT&T Yahoo! Applications

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1666486622-773751984-4264904424-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Cake Mania Deluxe" = Cake Mania Deluxe
"Forgotten Riddles - The Mayan Princess" = Forgotten Riddles - The Mayan Princess (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/2/2011 8:11:32 PM | Computer Name = Carol-PC | Source = Application Error | ID = 1000
Description = Faulting application iWinGames.exe, version 1.0.0.1, time stamp 0x46b8298b,
faulting module iWinGames.exe, version 1.0.0.1, time stamp 0x46b8298b, exception
code 0xc000000d, fault offset 0x000b5dc9, process id 0x1370, application start time
0x01cc5171d2fe25dc.

Error - 8/5/2011 9:10:51 PM | Computer Name = Carol-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/6/2011 8:26:07 PM | Computer Name = Carol-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/7/2011 5:30:19 PM | Computer Name = Carol-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/7/2011 5:42:15 PM | Computer Name = Carol-PC | Source = Application Error | ID = 1000
Description = Faulting application iWinGames.exe, version 1.0.0.1, time stamp 0x46b8298b,
faulting module iWinGames.exe, version 1.0.0.1, time stamp 0x46b8298b, exception
code 0xc000000d, fault offset 0x000b5dc9, process id 0x14c, application start time
0x01cc554acd1840bb.

Error - 8/7/2011 6:47:39 PM | Computer Name = Carol-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.26.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 15b4 Start Time: 01cc5552e778b04b Termination Time: 40

Error - 8/7/2011 6:48:40 PM | Computer Name = Carol-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.26.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 2ec Start Time: 01cc555411655d8b Termination Time: 78

Error - 8/7/2011 6:51:32 PM | Computer Name = Carol-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.26.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 148 Start Time: 01cc55542a58c93b Termination Time: 0

Error - 8/7/2011 6:57:04 PM | Computer Name = Carol-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: eb4 Start Time: 01cc5554931be0bb Termination Time: 0

Error - 8/7/2011 6:58:05 PM | Computer Name = Carol-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.26.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: f84 Start Time: 01cc5555361b822b Termination Time: 15

[ Media Center Events ]
Error - 2/18/2009 8:43:20 AM | Computer Name = Carol-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 2/18/2009 8:45:22 AM | Computer Name = Carol-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/9/2009 6:43:53 PM | Computer Name = Carol-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/11/2009 11:41:22 PM | Computer Name = Carol-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/19/2010 8:27:40 PM | Computer Name = Carol-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 8/7/2011 6:41:03 PM | Computer Name = Carol-PC | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 8/7/2011 6:41:03 PM | Computer Name = Carol-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 8/7/2011 6:41:16 PM | Computer Name = Carol-PC | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 8/7/2011 6:41:16 PM | Computer Name = Carol-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 8/7/2011 6:41:23 PM | Computer Name = Carol-PC | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 8/7/2011 6:41:23 PM | Computer Name = Carol-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 8/7/2011 7:09:54 PM | Computer Name = Carol-PC | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 8/7/2011 7:09:54 PM | Computer Name = Carol-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 8/7/2011 7:10:00 PM | Computer Name = Carol-PC | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 8/7/2011 7:10:00 PM | Computer Name = Carol-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.


< End of report >

#6 Teamaker

Teamaker
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 07 August 2011 - 06:57 PM

Log for step two (TDSSKiller.exe):

2011/08/07 18:40:28.0021 5916 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/07 18:40:29.0503 5916 ================================================================================
2011/08/07 18:40:29.0503 5916 SystemInfo:
2011/08/07 18:40:29.0503 5916
2011/08/07 18:40:29.0503 5916 OS Version: 6.0.6002 ServicePack: 2.0
2011/08/07 18:40:29.0503 5916 Product type: Workstation
2011/08/07 18:40:29.0503 5916 ComputerName: CAROL-PC
2011/08/07 18:40:29.0503 5916 UserName: Admin
2011/08/07 18:40:29.0503 5916 Windows directory: C:\Windows
2011/08/07 18:40:29.0503 5916 System windows directory: C:\Windows
2011/08/07 18:40:29.0503 5916 Processor architecture: Intel x86
2011/08/07 18:40:29.0503 5916 Number of processors: 2
2011/08/07 18:40:29.0503 5916 Page size: 0x1000
2011/08/07 18:40:29.0503 5916 Boot type: Normal boot
2011/08/07 18:40:29.0503 5916 ================================================================================
2011/08/07 18:40:30.0767 5916 Initialize success
2011/08/07 18:41:04.0057 1340 ================================================================================
2011/08/07 18:41:04.0057 1340 Scan started
2011/08/07 18:41:04.0057 1340 Mode: Manual;
2011/08/07 18:41:04.0057 1340 ================================================================================
2011/08/07 18:41:04.0962 1340 2WIREPCP (6551c1cf190df3e12c435a085987fba0) C:\Windows\system32\DRIVERS\2WirePCP.sys
2011/08/07 18:41:05.0056 1340 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/08/07 18:41:05.0103 1340 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/08/07 18:41:05.0149 1340 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/08/07 18:41:05.0227 1340 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/08/07 18:41:05.0274 1340 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/08/07 18:41:05.0368 1340 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/08/07 18:41:05.0477 1340 AFS (be913403ed7219894b30e362fd8d4313) C:\Windows\system32\drivers\AFS.sys
2011/08/07 18:41:05.0586 1340 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/08/07 18:41:05.0649 1340 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/07 18:41:05.0711 1340 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/08/07 18:41:05.0742 1340 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/08/07 18:41:05.0773 1340 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/08/07 18:41:05.0820 1340 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/08/07 18:41:05.0914 1340 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/07 18:41:05.0961 1340 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/08/07 18:41:06.0007 1340 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/08/07 18:41:06.0132 1340 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/07 18:41:06.0179 1340 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/08/07 18:41:06.0288 1340 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/07 18:41:06.0382 1340 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/08/07 18:41:06.0413 1340 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/07 18:41:06.0460 1340 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/07 18:41:06.0475 1340 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/07 18:41:06.0507 1340 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/07 18:41:06.0522 1340 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/07 18:41:06.0538 1340 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/07 18:41:06.0553 1340 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/07 18:41:06.0585 1340 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/07 18:41:06.0663 1340 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/07 18:41:06.0709 1340 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/07 18:41:06.0741 1340 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\Windows\system32\drivers\cfwids.sys
2011/08/07 18:41:06.0772 1340 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/08/07 18:41:06.0975 1340 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/08/07 18:41:07.0224 1340 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/08/07 18:41:07.0271 1340 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/08/07 18:41:07.0318 1340 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/08/07 18:41:07.0365 1340 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/08/07 18:41:07.0505 1340 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/08/07 18:41:07.0614 1340 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/08/07 18:41:07.0692 1340 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/08/07 18:41:07.0755 1340 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/08/07 18:41:07.0817 1340 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/08/07 18:41:07.0926 1340 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/07 18:41:08.0098 1340 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/07 18:41:08.0254 1340 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/07 18:41:08.0363 1340 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/08/07 18:41:08.0441 1340 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/08/07 18:41:08.0503 1340 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/08/07 18:41:08.0566 1340 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/08/07 18:41:08.0613 1340 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/08/07 18:41:08.0706 1340 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/07 18:41:08.0753 1340 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/07 18:41:08.0769 1340 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/07 18:41:08.0784 1340 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/07 18:41:08.0815 1340 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/08/07 18:41:08.0925 1340 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/07 18:41:08.0956 1340 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/07 18:41:09.0065 1340 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/07 18:41:09.0190 1340 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/07 18:41:09.0221 1340 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/07 18:41:09.0299 1340 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/07 18:41:13.0932 1340 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/08/07 18:41:14.0041 1340 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
2011/08/07 18:41:14.0166 1340 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/08/07 18:41:19.0096 1340 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/08/07 18:41:19.0267 1340 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/08/07 18:41:19.0548 1340 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/07 18:41:19.0579 1340 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/08/07 18:41:19.0626 1340 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/07 18:41:24.0353 1340 IntcAzAudAddService (4c01298060cf930d26a75a86b874b6ae) C:\Windows\system32\drivers\RTKVHDA.sys
2011/08/07 18:41:24.0540 1340 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/08/07 18:41:24.0587 1340 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/07 18:41:24.0649 1340 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/07 18:41:24.0712 1340 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/07 18:41:24.0759 1340 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/07 18:41:24.0868 1340 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/07 18:41:24.0977 1340 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/08/07 18:41:25.0055 1340 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/07 18:41:25.0117 1340 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/07 18:41:25.0149 1340 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/07 18:41:25.0164 1340 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/07 18:41:25.0195 1340 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/07 18:41:25.0273 1340 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/07 18:41:25.0429 1340 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/07 18:41:25.0507 1340 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/07 18:41:30.0016 1340 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/07 18:41:30.0047 1340 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/07 18:41:30.0156 1340 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/07 18:41:30.0359 1340 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/08/07 18:41:30.0406 1340 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/08/07 18:41:30.0437 1340 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/08/07 18:41:30.0484 1340 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\Windows\system32\drivers\mfeapfk.sys
2011/08/07 18:41:30.0546 1340 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\Windows\system32\drivers\mfeavfk.sys
2011/08/07 18:41:30.0593 1340 mfebopk (a528b15e330edb83ea649be318d841d5) C:\Windows\system32\drivers\mfebopk.sys
2011/08/07 18:41:30.0640 1340 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\Windows\system32\drivers\mfefirek.sys
2011/08/07 18:41:30.0687 1340 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\Windows\system32\drivers\mfehidk.sys
2011/08/07 18:41:30.0718 1340 mfenlfk (3a1aa28066785449da570462e0532d0c) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/08/07 18:41:30.0765 1340 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\Windows\system32\drivers\mferkdet.sys
2011/08/07 18:41:30.0827 1340 mfewfpk (b2baac6bbedda3e26e82db13fa0e5bee) C:\Windows\system32\drivers\mfewfpk.sys
2011/08/07 18:41:30.0905 1340 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/07 18:41:30.0936 1340 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/07 18:41:30.0952 1340 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/07 18:41:30.0983 1340 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/07 18:41:31.0014 1340 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/07 18:41:31.0045 1340 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/08/07 18:41:31.0061 1340 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/07 18:41:31.0123 1340 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/07 18:41:31.0155 1340 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/07 18:41:31.0201 1340 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/07 18:41:31.0279 1340 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/07 18:41:31.0326 1340 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/07 18:41:31.0357 1340 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/08/07 18:41:31.0389 1340 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/08/07 18:41:31.0513 1340 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/07 18:41:31.0560 1340 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/07 18:41:31.0607 1340 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/07 18:41:31.0623 1340 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/07 18:41:31.0638 1340 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/07 18:41:31.0701 1340 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/08/07 18:41:31.0732 1340 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/07 18:41:31.0747 1340 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/07 18:41:31.0763 1340 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/08/07 18:41:31.0841 1340 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/07 18:41:31.0888 1340 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/08/07 18:41:31.0966 1340 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/07 18:41:31.0997 1340 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/07 18:41:36.0755 1340 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/07 18:41:36.0817 1340 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/07 18:41:36.0880 1340 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/07 18:41:36.0927 1340 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/07 18:41:37.0036 1340 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/07 18:41:37.0145 1340 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/08/07 18:41:37.0192 1340 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/07 18:41:37.0285 1340 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/08/07 18:41:37.0395 1340 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/07 18:41:37.0426 1340 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/07 18:41:37.0504 1340 NVENETFD (ae78a7285df03a277415fc62f8ce8f24) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/08/07 18:41:42.0699 1340 nvlddmkm (1924b437d113e909abb7f11623884d77) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/07 18:41:42.0979 1340 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/08/07 18:41:43.0011 1340 nvrd32 (0d15327134e5871c922760acd7449e84) C:\Windows\system32\drivers\nvrd32.sys
2011/08/07 18:41:43.0057 1340 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\drivers\nvsmu.sys
2011/08/07 18:41:43.0089 1340 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/08/07 18:41:43.0135 1340 nvstor32 (fa7b8eca6e845b244b7e30a9dcd82c6c) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/08/07 18:41:43.0167 1340 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/08/07 18:41:43.0276 1340 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/08/07 18:41:43.0369 1340 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/08/07 18:41:43.0416 1340 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/08/07 18:41:43.0432 1340 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/08/07 18:41:43.0479 1340 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/08/07 18:41:43.0510 1340 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/08/07 18:41:43.0557 1340 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/08/07 18:41:43.0650 1340 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\Windows\system32\Drivers\PdiPorts.sys
2011/08/07 18:41:43.0713 1340 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/07 18:41:43.0837 1340 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/07 18:41:43.0869 1340 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/08/07 18:41:43.0962 1340 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/07 18:41:44.0025 1340 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/08/07 18:41:44.0071 1340 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/07 18:41:44.0103 1340 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/07 18:41:44.0134 1340 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/07 18:41:48.0720 1340 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/07 18:41:48.0845 1340 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/07 18:41:48.0892 1340 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/07 18:41:48.0939 1340 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/07 18:41:49.0032 1340 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/07 18:41:49.0173 1340 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/08/07 18:41:49.0188 1340 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/07 18:41:49.0251 1340 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/08/07 18:41:49.0297 1340 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/07 18:41:49.0344 1340 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/07 18:41:49.0391 1340 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/07 18:41:49.0516 1340 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/08/07 18:41:49.0563 1340 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/08/07 18:41:49.0625 1340 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/07 18:41:49.0687 1340 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/08/07 18:41:49.0719 1340 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/07 18:41:49.0750 1340 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/07 18:41:49.0781 1340 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/07 18:41:49.0828 1340 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/08/07 18:41:49.0906 1340 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/08/07 18:41:49.0937 1340 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/08/07 18:41:49.0999 1340 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/08/07 18:41:50.0046 1340 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/07 18:41:50.0109 1340 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/08/07 18:41:50.0187 1340 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/07 18:41:50.0233 1340 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/07 18:41:50.0296 1340 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/07 18:41:50.0327 1340 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/07 18:41:50.0358 1340 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/07 18:41:50.0545 1340 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/07 18:41:50.0826 1340 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/08/07 18:41:50.0889 1340 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/07 18:41:50.0967 1340 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/07 18:41:51.0013 1340 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/07 18:41:51.0060 1340 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/07 18:41:51.0138 1340 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/07 18:41:51.0169 1340 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/07 18:41:51.0310 1340 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/07 18:41:51.0372 1340 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/07 18:41:51.0403 1340 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/07 18:41:51.0435 1340 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/08/07 18:41:51.0513 1340 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/07 18:41:51.0591 1340 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/07 18:41:51.0606 1340 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/08/07 18:41:51.0637 1340 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/07 18:41:51.0669 1340 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/07 18:41:51.0700 1340 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/07 18:41:51.0747 1340 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/07 18:41:51.0793 1340 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/07 18:41:51.0871 1340 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/07 18:41:51.0934 1340 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/07 18:41:51.0981 1340 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/07 18:41:52.0043 1340 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/07 18:41:52.0105 1340 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/07 18:41:52.0152 1340 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/07 18:41:52.0215 1340 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/07 18:41:52.0246 1340 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/08/07 18:41:52.0293 1340 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/07 18:41:52.0324 1340 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/07 18:41:52.0355 1340 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/08/07 18:41:52.0402 1340 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/08/07 18:41:52.0433 1340 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/08/07 18:41:52.0480 1340 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/07 18:41:52.0511 1340 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/08/07 18:41:52.0542 1340 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/08/07 18:41:52.0573 1340 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/08/07 18:41:52.0636 1340 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/07 18:41:52.0683 1340 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/07 18:41:52.0698 1340 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/07 18:41:52.0761 1340 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/08/07 18:41:52.0792 1340 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/07 18:41:52.0917 1340 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/08/07 18:41:57.0550 1340 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/07 18:41:57.0659 1340 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/07 18:41:57.0706 1340 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/07 18:41:57.0831 1340 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/07 18:41:57.0877 1340 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/08/07 18:41:57.0924 1340 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0
2011/08/07 18:42:03.0275 1340 Boot (0x1200) (a20ea72a37a0ea66d5634cbb142dafeb) \Device\Harddisk0\DR0\Partition0
2011/08/07 18:42:03.0337 1340 Boot (0x1200) (28facc70417bba5b0d49bca2b5e19ef2) \Device\Harddisk0\DR0\Partition1
2011/08/07 18:42:03.0353 1340 ================================================================================
2011/08/07 18:42:03.0353 1340 Scan finished
2011/08/07 18:42:03.0353 1340 ================================================================================
2011/08/07 18:42:03.0369 6036 Detected object count: 0
2011/08/07 18:42:03.0369 6036 Actual detected object count: 0
2011/08/07 18:47:03.0357 2128 ================================================================================
2011/08/07 18:47:03.0357 2128 Scan started
2011/08/07 18:47:03.0357 2128 Mode: Manual;
2011/08/07 18:47:03.0357 2128 ================================================================================
2011/08/07 18:47:05.0931 2128 2WIREPCP (6551c1cf190df3e12c435a085987fba0) C:\Windows\system32\DRIVERS\2WirePCP.sys
2011/08/07 18:47:05.0993 2128 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/08/07 18:47:06.0024 2128 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/08/07 18:47:06.0087 2128 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/08/07 18:47:06.0118 2128 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/08/07 18:47:06.0196 2128 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/08/07 18:47:06.0258 2128 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/08/07 18:47:06.0289 2128 AFS (be913403ed7219894b30e362fd8d4313) C:\Windows\system32\drivers\AFS.sys
2011/08/07 18:47:06.0321 2128 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/08/07 18:47:06.0352 2128 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/07 18:47:06.0383 2128 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/08/07 18:47:06.0461 2128 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/08/07 18:47:06.0492 2128 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/08/07 18:47:06.0508 2128 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/08/07 18:47:06.0539 2128 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/07 18:47:06.0586 2128 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/08/07 18:47:06.0601 2128 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/08/07 18:47:06.0820 2128 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/07 18:47:07.0101 2128 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/08/07 18:47:07.0225 2128 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/07 18:47:07.0288 2128 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/08/07 18:47:07.0319 2128 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/07 18:47:07.0381 2128 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/07 18:47:07.0413 2128 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/07 18:47:07.0428 2128 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/07 18:47:07.0459 2128 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/07 18:47:07.0506 2128 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/07 18:47:07.0631 2128 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/07 18:47:07.0678 2128 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/07 18:47:07.0740 2128 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/07 18:47:07.0771 2128 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/07 18:47:07.0849 2128 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\Windows\system32\drivers\cfwids.sys
2011/08/07 18:47:07.0865 2128 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/08/07 18:47:07.0927 2128 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/08/07 18:47:07.0974 2128 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/08/07 18:47:07.0990 2128 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/08/07 18:47:08.0021 2128 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/08/07 18:47:08.0052 2128 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/08/07 18:47:08.0146 2128 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/08/07 18:47:08.0224 2128 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/08/07 18:47:08.0271 2128 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/08/07 18:47:08.0302 2128 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/08/07 18:47:08.0317 2128 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/08/07 18:47:08.0364 2128 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/07 18:47:08.0442 2128 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/07 18:47:08.0489 2128 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/07 18:47:08.0520 2128 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/08/07 18:47:08.0567 2128 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/08/07 18:47:08.0614 2128 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/08/07 18:47:08.0661 2128 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/08/07 18:47:08.0692 2128 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/08/07 18:47:08.0723 2128 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/07 18:47:08.0754 2128 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/07 18:47:08.0817 2128 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/07 18:47:08.0832 2128 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/07 18:47:08.0879 2128 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/08/07 18:47:08.0926 2128 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/07 18:47:08.0957 2128 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/07 18:47:09.0004 2128 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/07 18:47:09.0051 2128 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/07 18:47:09.0082 2128 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/07 18:47:09.0129 2128 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/07 18:47:09.0191 2128 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/08/07 18:47:09.0253 2128 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
2011/08/07 18:47:09.0316 2128 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/08/07 18:47:09.0394 2128 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/08/07 18:47:09.0425 2128 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/08/07 18:47:09.0441 2128 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/07 18:47:09.0503 2128 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/08/07 18:47:09.0581 2128 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/07 18:47:09.0675 2128 IntcAzAudAddService (4c01298060cf930d26a75a86b874b6ae) C:\Windows\system32\drivers\RTKVHDA.sys
2011/08/07 18:47:09.0721 2128 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/08/07 18:47:09.0737 2128 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/07 18:47:09.0799 2128 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/07 18:47:09.0862 2128 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/07 18:47:09.0893 2128 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/07 18:47:09.0909 2128 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/07 18:47:09.0940 2128 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/08/07 18:47:09.0971 2128 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/07 18:47:10.0002 2128 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/07 18:47:10.0065 2128 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/07 18:47:10.0096 2128 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/07 18:47:10.0127 2128 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/07 18:47:10.0205 2128 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/07 18:47:10.0299 2128 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/07 18:47:10.0361 2128 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/07 18:47:10.0408 2128 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/07 18:47:10.0455 2128 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/07 18:47:10.0470 2128 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/07 18:47:10.0564 2128 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/08/07 18:47:10.0595 2128 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/08/07 18:47:10.0611 2128 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/08/07 18:47:10.0657 2128 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\Windows\system32\drivers\mfeapfk.sys
2011/08/07 18:47:10.0689 2128 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\Windows\system32\drivers\mfeavfk.sys
2011/08/07 18:47:10.0767 2128 mfebopk (a528b15e330edb83ea649be318d841d5) C:\Windows\system32\drivers\mfebopk.sys
2011/08/07 18:47:10.0798 2128 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\Windows\system32\drivers\mfefirek.sys
2011/08/07 18:47:10.0845 2128 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\Windows\system32\drivers\mfehidk.sys
2011/08/07 18:47:10.0876 2128 mfenlfk (3a1aa28066785449da570462e0532d0c) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/08/07 18:47:10.0907 2128 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\Windows\system32\drivers\mferkdet.sys
2011/08/07 18:47:10.0954 2128 mfewfpk (b2baac6bbedda3e26e82db13fa0e5bee) C:\Windows\system32\drivers\mfewfpk.sys
2011/08/07 18:47:11.0016 2128 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/07 18:47:11.0063 2128 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/07 18:47:11.0079 2128 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/07 18:47:11.0110 2128 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/07 18:47:11.0125 2128 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/07 18:47:11.0157 2128 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/08/07 18:47:11.0188 2128 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/07 18:47:11.0266 2128 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/07 18:47:11.0328 2128 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/07 18:47:11.0359 2128 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/07 18:47:11.0391 2128 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/07 18:47:11.0422 2128 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/07 18:47:11.0453 2128 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/08/07 18:47:11.0484 2128 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/08/07 18:47:11.0547 2128 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/07 18:47:11.0578 2128 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/07 18:47:11.0625 2128 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/07 18:47:11.0640 2128 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/07 18:47:11.0671 2128 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/07 18:47:11.0703 2128 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/08/07 18:47:11.0734 2128 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/07 18:47:11.0765 2128 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/07 18:47:11.0781 2128 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/08/07 18:47:11.0812 2128 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/07 18:47:11.0843 2128 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/08/07 18:47:11.0921 2128 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/07 18:47:11.0952 2128 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/07 18:47:11.0983 2128 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/07 18:47:12.0015 2128 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/07 18:47:12.0046 2128 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/07 18:47:12.0093 2128 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/07 18:47:12.0155 2128 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/07 18:47:12.0186 2128 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/08/07 18:47:12.0295 2128 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/07 18:47:12.0373 2128 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/08/07 18:47:12.0405 2128 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/07 18:47:12.0420 2128 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/07 18:47:12.0467 2128 NVENETFD (ae78a7285df03a277415fc62f8ce8f24) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/08/07 18:47:12.0670 2128 nvlddmkm (1924b437d113e909abb7f11623884d77) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/07 18:47:12.0810 2128 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/08/07 18:47:12.0841 2128 nvrd32 (0d15327134e5871c922760acd7449e84) C:\Windows\system32\drivers\nvrd32.sys
2011/08/07 18:47:12.0873 2128 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\drivers\nvsmu.sys
2011/08/07 18:47:12.0888 2128 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/08/07 18:47:12.0919 2128 nvstor32 (fa7b8eca6e845b244b7e30a9dcd82c6c) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/08/07 18:47:12.0951 2128 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/08/07 18:47:13.0013 2128 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/08/07 18:47:13.0091 2128 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/08/07 18:47:13.0122 2128 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/08/07 18:47:13.0153 2128 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/08/07 18:47:13.0200 2128 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/08/07 18:47:13.0231 2128 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/08/07 18:47:13.0278 2128 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/08/07 18:47:13.0309 2128 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\Windows\system32\Drivers\PdiPorts.sys
2011/08/07 18:47:13.0403 2128 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/07 18:47:13.0528 2128 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/07 18:47:13.0543 2128 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/08/07 18:47:13.0575 2128 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/07 18:47:13.0621 2128 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/08/07 18:47:13.0965 2128 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/07 18:47:13.0980 2128 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/07 18:47:13.0996 2128 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/07 18:47:14.0011 2128 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/07 18:47:14.0058 2128 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/07 18:47:14.0152 2128 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/07 18:47:14.0183 2128 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/07 18:47:14.0230 2128 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/07 18:47:14.0292 2128 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/08/07 18:47:14.0292 2128 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/07 18:47:14.0323 2128 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/08/07 18:47:14.0355 2128 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/07 18:47:14.0386 2128 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/07 18:47:14.0433 2128 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/07 18:47:14.0464 2128 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/08/07 18:47:14.0495 2128 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/08/07 18:47:14.0511 2128 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/07 18:47:14.0651 2128 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/08/07 18:47:14.0947 2128 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/07 18:47:15.0041 2128 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/07 18:47:15.0057 2128 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/07 18:47:15.0103 2128 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/08/07 18:47:15.0150 2128 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/08/07 18:47:15.0197 2128 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/08/07 18:47:15.0244 2128 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/08/07 18:47:15.0275 2128 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/07 18:47:15.0322 2128 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/08/07 18:47:15.0384 2128 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/07 18:47:15.0462 2128 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/07 18:47:15.0525 2128 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/07 18:47:15.0587 2128 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/07 18:47:15.0665 2128 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/07 18:47:15.0759 2128 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/07 18:47:15.0852 2128 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/08/07 18:47:15.0930 2128 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/07 18:47:16.0055 2128 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/07 18:47:16.0086 2128 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/07 18:47:16.0133 2128 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/07 18:47:16.0180 2128 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/07 18:47:16.0227 2128 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/07 18:47:16.0273 2128 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/07 18:47:16.0351 2128 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/07 18:47:16.0398 2128 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/07 18:47:16.0429 2128 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/08/07 18:47:16.0461 2128 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/07 18:47:16.0476 2128 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/07 18:47:16.0507 2128 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/08/07 18:47:16.0539 2128 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/07 18:47:16.0554 2128 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/07 18:47:16.0554 2128 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/07 18:47:16.0617 2128 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/07 18:47:16.0663 2128 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/07 18:47:16.0695 2128 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/07 18:47:16.0741 2128 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/07 18:47:16.0773 2128 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/07 18:47:16.0804 2128 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/07 18:47:16.0819 2128 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/07 18:47:16.0835 2128 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/07 18:47:16.0882 2128 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/07 18:47:16.0897 2128 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/08/07 18:47:16.0929 2128 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/07 18:47:16.0975 2128 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/07 18:47:16.0991 2128 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/08/07 18:47:17.0022 2128 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/08/07 18:47:17.0053 2128 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/08/07 18:47:17.0100 2128 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/07 18:47:17.0131 2128 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/08/07 18:47:17.0194 2128 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/08/07 18:47:17.0225 2128 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/08/07 18:47:17.0256 2128 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/07 18:47:17.0303 2128 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/07 18:47:17.0319 2128 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/07 18:47:17.0350 2128 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/08/07 18:47:17.0381 2128 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/07 18:47:17.0443 2128 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/08/07 18:47:17.0506 2128 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/07 18:47:17.0568 2128 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/07 18:47:17.0615 2128 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/07 18:47:17.0693 2128 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/07 18:47:17.0724 2128 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/08/07 18:47:17.0755 2128 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0
2011/08/07 18:47:17.0896 2128 Boot (0x1200) (a20ea72a37a0ea66d5634cbb142dafeb) \Device\Harddisk0\DR0\Partition0
2011/08/07 18:47:17.0896 2128 Boot (0x1200) (28facc70417bba5b0d49bca2b5e19ef2) \Device\Harddisk0\DR0\Partition1
2011/08/07 18:47:17.0896 2128 ================================================================================
2011/08/07 18:47:17.0896 2128 Scan finished
2011/08/07 18:47:17.0896 2128 ================================================================================
2011/08/07 18:47:17.0896 2792 Detected object count: 0
2011/08/07 18:47:17.0896 2792 Actual detected object count: 0

#7 Teamaker

Teamaker
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 07 August 2011 - 07:29 PM

Here is the last log requested (aswMBR.exe):

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-07 18:59:07
-----------------------------
18:59:07.647 OS Version: Windows 6.0.6002 Service Pack 2
18:59:07.647 Number of processors: 2 586 0x6B02
18:59:07.647 ComputerName: CAROL-PC UserName: Admin
18:59:10.486 Initialize success
19:01:00.299 AVAST engine defs: 11080701
19:01:17.568 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
19:01:17.584 Disk 0 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 6
19:01:19.643 Disk 0 MBR read successfully
19:01:19.643 Disk 0 MBR scan
19:01:19.643 Disk 0 unknown MBR code
19:01:19.659 Disk 0 scanning sectors +976768065
19:01:19.783 Disk 0 scanning C:\Windows\system32\drivers
19:01:36.319 Service scanning
19:01:38.051 Modules scanning
19:01:43.963 Disk 0 trace - called modules:
19:01:43.995 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
19:01:44.010 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858ec438]
19:01:44.010 3 CLASSPNP.SYS[807358b3] -> nt!IofCallDriver -> [0x845a26c8]
19:01:44.026 5 acpi.sys[806126bc] -> nt!IofCallDriver -> \Device\00000055[0x853826a8]
19:01:45.477 AVAST engine scan C:\Windows
19:01:51.529 AVAST engine scan C:\Windows\system32
19:04:08.357 AVAST engine scan C:\Windows\system32\drivers
19:04:23.083 AVAST engine scan C:\Users\Admin
19:09:00.124 AVAST engine scan C:\ProgramData
19:13:55.650 Scan finished successfully
19:15:38.938 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\Etavares_ Bleeping Comp 8-2011\MBR.dat"
19:15:38.953 The log file has been saved successfully to "C:\Users\Admin\Desktop\Etavares_ Bleeping Comp 8-2011\aswMBR.txt"


Hello Etavares,

I've gone through your list and I think that's everything. If I've missed something please let me know. I will not be able to do anything to this computer for 12 or 13 days, as I live over two and a half hours away. I come three weekends a month but, will not be here next weekend. I will be here next on the 19th (Friday) or the 20th (Saturday) and will be watching for your replies. Thank you for your time and guidance, I know it is valuable. I very much appreciate it.

Sincerely,
Teamaker 42

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 08 August 2011 - 05:29 PM

Hello, Teamaker.

You may have a double issue of virus and hard drive failure...there are some potentially serious errors that indicate a potential hard drive failure. Let's run Combofix to start.



Step 1



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 12 August 2011 - 06:08 AM

Still with me?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 Teamaker

Teamaker
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 15 August 2011 - 12:28 PM

Hello Etavares,

I haven't been able to do anything to my Mom's computer yet. I live over two and a half hours away so, I go there three weekends a month (but was not there this last weekend). I will be there next on the 19th (Friday) or the 20th (Saturday) and will do everything you suggested in your recent email. Thank you for your time and guidance, I know it is valuable. I very much appreciate it.

Sincerely,
Teamaker 42



#11 Teamaker

Teamaker
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 20 August 2011 - 11:45 AM

Hello Etavares,

I have attached the ComboFix log you requested. It has a different file name though. Thanks again for your help.

Sincerely,
Teamaker42


ComboFix 11-08-19.02 - Admin 08/20/2011 11:18:28.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.1003 [GMT -5:00]
Running from: c:\users\Admin\Desktop\etavaresCF.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\desktop
c:\windows\desktop\Cook'n Recipe Organizer.lnk
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\jusched.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-20 to 2011-08-20 )))))))))))))))))))))))))))))))
.
.
2011-08-20 16:29 . 2011-08-20 16:29 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-08-20 16:29 . 2011-08-20 16:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-20 16:29 . 2011-08-20 16:29 -------- d-----w- c:\users\Carol\AppData\Local\temp
2011-08-20 16:29 . 2011-08-20 16:29 -------- d-----w- c:\users\Admin\AppData\Local\temp
2011-08-12 23:48 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-12 23:48 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-12 23:45 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-12 23:45 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-12 23:45 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-12 00:04 . 2011-07-12 00:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-07 00:52 . 2009-06-19 21:38 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52 . 2009-06-19 21:38 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 13:34 . 2011-07-13 18:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 16:26 . 2011-05-22 02:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 19:01 . 2011-05-23 23:14 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-12 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-12 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-26 212992]
"DT HPW"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 278528]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
2008-12-09 11:08 495616 ----a-w- c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1666486622-773751984-4264904424-501]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AFS;AFS; [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 64584]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 165032]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 88176]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-14 141792]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-DXDllRegExe - c:\windows\system32\dxdllreg.exe
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-HPADVISOR - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE
AddRemove-Pandora's Box 1.0 - c:\program files\Microsoft Games\Pandora's Box\setup
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-20 11:29
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\4&3769f993&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\4&3769f993&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\GWY077B\4&3769f993&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\GWY077B\4&3769f993&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP2800\4&3769f993&0&UID256\Device Parameters\MODES]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP2800\4&3769f993&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP2800\4&3769f993&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP281B\4&3769f993&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP281B\4&3769f993&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\NEC6696\4&3769f993&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\NEC6696\4&3769f993&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
Completion time: 2011-08-20 11:32:28
ComboFix-quarantined-files.txt 2011-08-20 16:32
.
Pre-Run: 371,909,480,448 bytes free
Post-Run: 374,059,929,600 bytes free
.
- - End Of File - - 9F7C24A84DE0EFF013946D8A859F9BDA

Attached Files


Edited by etavares, 20 August 2011 - 03:12 PM.
paste CF log


#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 20 August 2011 - 03:16 PM

Hello, Teamaker.
Let me know if you're still redirecting after this.



Step 1



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the codebox below into Notepad:

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\4&3769f993&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\4&3769f993&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\GWY077B\4&3769f993&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\GWY077B\4&3769f993&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP2800\4&3769f993&0&UID256\Device Parameters\MODES]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP2800\4&3769f993&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP2800\4&3769f993&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP281B\4&3769f993&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP281B\4&3769f993&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\NEC6696\4&3769f993&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\NEC6696\4&3769f993&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
Driver::
afs

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 Teamaker

Teamaker
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 20 August 2011 - 08:13 PM

Hello again Etavares.
I have attached the ComboFix.txt file you requested.
Teamaker :)



ComboFix 11-08-20.01 - Admin 08/20/2011 18:49:47.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.1204 [GMT -5:00]
Running from: c:\users\Admin\Desktop\Etavares_ Bleeping Comp 8-2011\etavaresCF.exe
Command switches used :: c:\users\Admin\Desktop\Etavares_ Bleeping Comp 8-2011\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AFS
-------\Service_AFS
.
.
((((((((((((((((((((((((( Files Created from 2011-07-21 to 2011-08-21 )))))))))))))))))))))))))))))))
.
.
2011-08-21 00:01 . 2011-08-21 00:42 -------- d-----w- c:\users\Admin\AppData\Local\temp
2011-08-21 00:01 . 2011-08-21 00:01 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-08-21 00:01 . 2011-08-21 00:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-21 00:01 . 2011-08-21 00:01 -------- d-----w- c:\users\Carol\AppData\Local\temp
2011-08-20 17:29 . 2011-08-20 17:29 -------- d-----w- c:\programdata\Garmin
2011-08-20 17:26 . 2011-08-20 17:26 -------- d-----w- c:\users\Admin\AppData\Roaming\Garmin
2011-08-20 17:26 . 2011-08-20 17:26 -------- d-----w- c:\program files\Garmin
2011-08-12 23:48 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-12 23:48 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-12 23:45 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-12 23:45 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-12 23:45 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-12 00:04 . 2011-07-12 00:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-07 00:52 . 2009-06-19 21:38 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52 . 2009-06-19 21:38 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 13:34 . 2011-07-13 18:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 16:26 . 2011-05-22 02:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 19:01 . 2011-05-23 23:14 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-08-08 1407848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-12 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-12 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-26 212992]
"DT HPW"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 278528]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
2008-12-09 11:08 495616 ----a-w- c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1666486622-773751984-4264904424-501]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 64584]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 165032]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 88176]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-14 141792]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
TCP: DhcpNameServer = 192.168.1.254
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
FF - ProfilePath -
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\4&3769f993&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\4&3769f993&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\GWY077B\4&3769f993&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\GWY077B\4&3769f993&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP2800\4&3769f993&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP2800\4&3769f993&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP281B\4&3769f993&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP281B\4&3769f993&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\NEC6696\4&3769f993&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\NEC6696\4&3769f993&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3340)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\rundll32.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-08-20 19:47:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-21 00:46
ComboFix2.txt 2011-08-20 16:32
.
Pre-Run: 374,041,378,816 bytes free
Post-Run: 372,788,535,296 bytes free
.
- - End Of File - - 8D3BD00674F93CFA11D2315822F0B429

Attached Files


Edited by etavares, 21 August 2011 - 05:19 AM.
add CF log


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 21 August 2011 - 05:20 AM

How is your computer now? STill getting redirected?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 Teamaker

Teamaker
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 21 August 2011 - 10:32 AM

Good morning Etavares,
So far no redirects :) THANK YOU VERY MUCH! :)
Was it a virus? Are there still serious errors that indicate a potential hard drive failure? Once again, I do appreciate your time :)

Sincerely,
Teamaker






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users