Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti-Virus Software and System Restore Disabled.


  • This topic is locked This topic is locked
61 replies to this topic

#1 Zebedee

Zebedee

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Suffolk, England
  • Local time:05:32 PM

Posted 15 October 2011 - 07:19 AM

Hello,

I have a serious PC problem and fear that its a rootkit or trojan infection. We have a six-year old Fujitsu-Siemens Desktop PC. Operating system is Windows XP Home Edition with SP3 installed. The problems are as follows:

Mcafee Anti-Virus Real-Time Scanning switches itself off. If I switch it on it switches itself off again. Sometimes it might stay on for 20-30mins but on other occasions it only stays on for a few seconds. Even in safe mode Real-Time scanning continually switches itself off. Also I cannot run a full system scan with Mcafee in normal operating mode - the scan will start but aborts after a minute or two. Mcafee will complete a full scan in safe mode but finds nothing.

System Restore is disabled. When I try to open it I get an error message which says something like, "System Restore cannot protect your computer. Please restart it then try again." It will not work in either normal mode or safe mode.

In normal mode downloads are being blocked. When I get the option to either run or save the download the computer just freezes. I had to download the DDS and GMER software in safe mode. Some programmes will not run at all in normal mode. For example I have System Mechanic Professional installed but I cannot even open it in normal mode. It seems to run ok in safe mode.

At times the computer runs very slowly with frequent freezes and locks. I have both Firefox and Google Chrome installed and Firefox seems to run the better of the two. I continually get the "Kill Pages" pop up on Google Chrome. I have run Malwarebytes and SuperAntispyware several times each in both normal mode and safe mode. The first time I ran Malwarebytes it found two infections called something like "BrokenC..." I removed both but it didn't fix the system. I've run it several times since and found nothing. SuperAntiSpyware only finds adware which I remove.

I am NOT getting any false alerts or fake security scans which makes me think it may be a rootkit or trojan rather than malware. Although, to be honest, when it comes to this sort of thing my knowledge is very basic. I have pasted the contents of DDS.txt below and attached Attach.txt and ark.txt. Because of the problems described above they were downloaded and run in safe mode.

I'd be very grateful for any help that anyone can give me.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Prince at 12:03:42 on 2011-10-15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1622 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: BT Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\ewduduvd=-řëbmujhier.exe\bmujhier.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110530203012.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: BT Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\prince\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Spyware Doctor with AntiVirus] c:\documents and settings\prince\desktop\sdasetup.exe -min
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D8603B23-318E-4C99-A556-F6BA51907EA0} : DhcpNameServer = 192.168.1.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\prince\application data\mozilla\firefox\profiles\5uhewi56.default\
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\prince\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-31 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-7-23 84200]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2011-7-26 722616]
R2 McMPFSvc;McAfee Personal Firewall;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-7-23 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-7-23 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-7-23 141792]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-7-23 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-7-23 88736]
S0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-9-25 56336]
S1 RapportCerberus_29574;RapportCerberus_29574;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\29574\RapportCerberus32_29574.sys [2011-8-3 216912]
S1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-9-25 70416]
S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-9-25 161936]
S1 SABKUTIL;SABKUTIL;\??\c:\documents and settings\princess\my documents\downloads\sabkutil.sys --> c:\documents and settings\princess\my documents\downloads\SABKUTIL.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-10-9 337872]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-7-23 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-7-23 271480]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-7-23 271480]
S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-7-23 171168]
S2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-9-25 919352]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-7-23 56064]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-7-23 153280]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-7-23 52320]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-7-23 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-7-23 84488]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-10-10 13:09:41 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-10-10 13:09:40 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-10-09 20:32:27 767952 ----a-w- c:\windows\BDTSupport.dll
2011-10-09 20:32:27 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-10-09 20:32:26 2189264 ----a-w- c:\windows\PCTBDCore.dll
2011-10-09 20:32:26 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-10-09 20:29:00 -------- d-----w- c:\program files\PC Tools Security
2011-10-09 20:29:00 -------- d-----w- c:\program files\common files\PC Tools
2011-10-09 20:27:33 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-10-09 12:14:28 -------- d-----w- c:\documents and settings\prince\application data\McAfee
2011-09-26 10:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-25 18:00:08 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2011-09-26 10:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 16:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-12 11:56:01 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-08 14:01:38 11776 ----a-w- c:\windows\system32\smrgdf.exe
2011-08-08 14:01:28 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2011-08-08 13:18:16 2083464 ----a-w- c:\windows\system32\Incinerator32.dll
2011-07-26 16:26:44 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-07-26 07:27:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 12:04:49.21 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 17 October 2011 - 05:03 PM

Hello and welcome to the forum. :welcome:

I apologize for the delay in responding to your request for help but it is very busy here and we can get overwhelmed at times.

If you have since resolved the original problem you were having, we would appreciate you letting us know.

If you still do need our help, please note the following:
  • While working we us, please refrain from running tools or applying updates other than those we suggest while we are cleaning your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please also include a clear description of the problems you're having.
  • After 5 days if your topic is not replied I will assume it has been abandoned and will close it.

Please be patient while I analyze your logs. All of my fixes are checked by higher level forum members before posting.

Thank you.

Dave


#3 Zebedee

Zebedee
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Suffolk, England
  • Local time:05:32 PM

Posted 18 October 2011 - 07:10 AM

Dave,

I still have the original problem. In fact since I started this thread I have noticed another issue. I keep getting an error message, "The following plug-in is unresponsive: Shockwave Flash. Would you like to stop it?" Sometimes instead of "Shockwave Flash" it reads "Unknown". Either way it usually ends up with the browser freezing then crashing.

Thank you for offering to help.

Regards

Brian

#4 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 18 October 2011 - 10:11 AM

Hi Zebedee!

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Open Posted Image on your desktop.
  • Click the Report tab.
  • Click the Scan button.
  • Check all seven boxes: Posted Image
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, a logfile will open Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Thanks

Dave

#5 Zebedee

Zebedee
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Suffolk, England
  • Local time:05:32 PM

Posted 19 October 2011 - 04:46 AM

Dave,

I cannot get RootRepeal to run properly. The first link doesn't work but I have tried the others one after the other. I can download RootRepeal in safe mode but when I try to run it one of two things happens.

1) I try to open RootRepeal and a message pops up saying, "Initializing, please wait ....". No matter how long I leave it nothing happens.

2) RootRepeal does open but I get all sorts of error messages when I try to run the scan. A few examples are:

* " FOPS-DeviceIoControl Error! Error Code = 0x000001. Extended Info (0x000000bc)".
* " Could not initiate driver. Please contact author."
* " Error dumping SSDT (0x0000001)!"

I eventually end up with a crash report. I've posted a couple of examples of this below but I don't imagine they will be much use to you.

Regards

Brian

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows XP SP3
Exception Code: 0xc0000005
Exception Address: 0x0043d3f1
Attempt to read from address: 0x000005b0

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows XP SP3
Exception Code: 0xc0000005
Exception Address: 0x00444972
Attempt to read from address: 0x0000054c

#6 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 19 October 2011 - 09:01 AM

Hi Zebedee.

Having trouble? Let's try a different one. This is from Kaspersky.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Thanks.

Dave

#7 Zebedee

Zebedee
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Suffolk, England
  • Local time:05:32 PM

Posted 19 October 2011 - 05:33 PM

Dave,

That seemed to run OK. I didn't get the option to cure so I chose skip. The log is pasted below.

Regards

Brian

23:05:51.0843 2024 TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27
23:05:53.0843 2024 ============================================================
23:05:53.0843 2024 Current date / time: 2011/10/19 23:05:53.0843
23:05:53.0843 2024 SystemInfo:
23:05:53.0843 2024
23:05:53.0843 2024 OS Version: 5.1.2600 ServicePack: 3.0
23:05:53.0843 2024 Product type: Workstation
23:05:53.0843 2024 ComputerName: WORKSTATION1
23:05:53.0843 2024 UserName: Prince
23:05:53.0843 2024 Windows directory: C:\WINDOWS
23:05:53.0843 2024 System windows directory: C:\WINDOWS
23:05:53.0843 2024 Processor architecture: Intel x86
23:05:53.0843 2024 Number of processors: 2
23:05:53.0843 2024 Page size: 0x1000
23:05:53.0843 2024 Boot type: Safe boot with network
23:05:53.0843 2024 ============================================================
23:05:55.0593 2024 Initialize success
23:06:11.0781 0580 ============================================================
23:06:11.0781 0580 Scan started
23:06:11.0781 0580 Mode: Manual;
23:06:11.0781 0580 ============================================================
23:06:13.0781 0580 Abiosdsk - ok
23:06:13.0812 0580 abp480n5 - ok
23:06:13.0859 0580 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:06:13.0859 0580 ACPI - ok
23:06:13.0890 0580 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:06:13.0890 0580 ACPIEC - ok
23:06:13.0906 0580 adpu160m - ok
23:06:13.0937 0580 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:06:13.0937 0580 aec - ok
23:06:13.0984 0580 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:06:13.0984 0580 AFD - ok
23:06:14.0000 0580 Aha154x - ok
23:06:14.0031 0580 aic78u2 - ok
23:06:14.0031 0580 aic78xx - ok
23:06:14.0078 0580 AliIde - ok
23:06:14.0109 0580 amsint - ok
23:06:14.0140 0580 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:06:14.0140 0580 Arp1394 - ok
23:06:14.0156 0580 asc - ok
23:06:14.0187 0580 asc3350p - ok
23:06:14.0203 0580 asc3550 - ok
23:06:14.0281 0580 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:06:14.0281 0580 AsyncMac - ok
23:06:14.0296 0580 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:06:14.0296 0580 atapi - ok
23:06:14.0328 0580 Atdisk - ok
23:06:14.0421 0580 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:06:14.0437 0580 ati2mtag - ok
23:06:14.0500 0580 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:06:14.0500 0580 Atmarpc - ok
23:06:14.0546 0580 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:06:14.0546 0580 audstub - ok
23:06:14.0593 0580 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:06:14.0593 0580 Beep - ok
23:06:14.0656 0580 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:06:14.0656 0580 cbidf2k - ok
23:06:14.0671 0580 cd20xrnt - ok
23:06:14.0703 0580 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:06:14.0703 0580 Cdaudio - ok
23:06:14.0718 0580 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:06:14.0734 0580 Cdfs - ok
23:06:14.0750 0580 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:06:14.0750 0580 Cdrom - ok
23:06:14.0796 0580 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys
23:06:14.0796 0580 cfwids - ok
23:06:14.0812 0580 Changer - ok
23:06:14.0859 0580 CmdIde - ok
23:06:14.0906 0580 Cpqarray - ok
23:06:14.0937 0580 dac2w2k - ok
23:06:14.0968 0580 dac960nt - ok
23:06:15.0015 0580 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:06:15.0015 0580 Disk - ok
23:06:15.0078 0580 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:06:15.0093 0580 dmboot - ok
23:06:15.0109 0580 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:06:15.0109 0580 dmio - ok
23:06:15.0125 0580 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:06:15.0140 0580 dmload - ok
23:06:15.0171 0580 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:06:15.0187 0580 DMusic - ok
23:06:15.0218 0580 dpti2o - ok
23:06:15.0234 0580 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:06:15.0234 0580 drmkaud - ok
23:06:15.0281 0580 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
23:06:15.0281 0580 E100B - ok
23:06:15.0343 0580 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:06:15.0359 0580 Fastfat - ok
23:06:15.0390 0580 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:06:15.0390 0580 Fdc - ok
23:06:15.0437 0580 FileDisk (0694585d54bf46379ce41aee2b6864aa) C:\WINDOWS\system32\drivers\FileDisk.sys
23:06:15.0437 0580 FileDisk - ok
23:06:15.0453 0580 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:06:15.0453 0580 Fips - ok
23:06:15.0484 0580 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:06:15.0484 0580 Flpydisk - ok
23:06:15.0515 0580 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:06:15.0515 0580 FltMgr - ok
23:06:15.0546 0580 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:06:15.0546 0580 Fs_Rec - ok
23:06:15.0562 0580 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:06:15.0578 0580 Ftdisk - ok
23:06:15.0625 0580 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:06:15.0625 0580 Gpc - ok
23:06:15.0656 0580 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
23:06:15.0656 0580 HdAudAddService - ok
23:06:15.0687 0580 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:06:15.0687 0580 HDAudBus - ok
23:06:15.0718 0580 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:06:15.0718 0580 HidUsb - ok
23:06:15.0750 0580 hpn - ok
23:06:15.0796 0580 HSFHWBS2 (128ef741b2293c36810561092b566b1c) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
23:06:15.0828 0580 HSFHWBS2 - ok
23:06:15.0875 0580 HSF_DP (9a0d0c461ef2b3d80cb7875b4b995e47) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
23:06:15.0890 0580 HSF_DP - ok
23:06:15.0921 0580 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:06:15.0937 0580 HTTP - ok
23:06:15.0953 0580 i2omgmt - ok
23:06:15.0984 0580 i2omp - ok
23:06:16.0015 0580 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
23:06:16.0015 0580 i8042prt - ok
23:06:16.0031 0580 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:06:16.0031 0580 Imapi - ok
23:06:16.0062 0580 ini910u - ok
23:06:16.0203 0580 IntcAzAudAddService (98b7fab86755a42fe8eb04538a4cd6c8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:06:16.0265 0580 IntcAzAudAddService - ok
23:06:16.0296 0580 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:06:16.0296 0580 IntelIde - ok
23:06:16.0343 0580 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:06:16.0343 0580 intelppm - ok
23:06:16.0390 0580 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:06:16.0390 0580 Ip6Fw - ok
23:06:16.0406 0580 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:06:16.0406 0580 IpFilterDriver - ok
23:06:16.0421 0580 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:06:16.0421 0580 IpInIp - ok
23:06:16.0468 0580 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:06:16.0468 0580 IpNat - ok
23:06:16.0484 0580 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:06:16.0484 0580 IPSec - ok
23:06:16.0500 0580 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:06:16.0500 0580 IRENUM - ok
23:06:16.0546 0580 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:06:16.0546 0580 isapnp - ok
23:06:16.0609 0580 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:06:16.0609 0580 Kbdclass - ok
23:06:16.0625 0580 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:06:16.0625 0580 kbdhid - ok
23:06:16.0656 0580 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:06:16.0656 0580 kmixer - ok
23:06:16.0687 0580 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:06:16.0687 0580 KSecDD - ok
23:06:16.0734 0580 lbrtfdc - ok
23:06:16.0781 0580 MBAMSwissArmy - ok
23:06:16.0953 0580 mdmxsdk (5110edd87e2508f02b922e83a2487dfc) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:06:16.0953 0580 mdmxsdk - ok
23:06:16.0984 0580 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys
23:06:17.0000 0580 mfeapfk - ok
23:06:17.0015 0580 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys
23:06:17.0015 0580 mfeavfk - ok
23:06:17.0031 0580 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys
23:06:17.0031 0580 mfebopk - ok
23:06:17.0078 0580 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys
23:06:17.0093 0580 mfefirek - ok
23:06:17.0125 0580 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys
23:06:17.0125 0580 mfehidk - ok
23:06:17.0156 0580 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
23:06:17.0156 0580 mfendisk - ok
23:06:17.0171 0580 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
23:06:17.0171 0580 mfendiskmp - ok
23:06:17.0203 0580 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys
23:06:17.0203 0580 mferkdet - ok
23:06:17.0234 0580 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys
23:06:17.0234 0580 mfetdi2k - ok
23:06:17.0281 0580 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:06:17.0281 0580 mnmdd - ok
23:06:17.0328 0580 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:06:17.0328 0580 Modem - ok
23:06:17.0343 0580 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:06:17.0343 0580 Mouclass - ok
23:06:17.0390 0580 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:06:17.0390 0580 mouhid - ok
23:06:17.0406 0580 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:06:17.0406 0580 MountMgr - ok
23:06:17.0421 0580 mraid35x - ok
23:06:17.0515 0580 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
23:06:17.0515 0580 MREMP50 - ok
23:06:17.0515 0580 MREMPR5 - ok
23:06:17.0546 0580 MRENDIS5 - ok
23:06:17.0562 0580 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
23:06:17.0562 0580 MRESP50 - ok
23:06:17.0593 0580 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:06:17.0593 0580 MRxDAV - ok
23:06:17.0656 0580 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:06:17.0656 0580 MRxSmb - ok
23:06:17.0687 0580 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:06:17.0687 0580 Msfs - ok
23:06:17.0734 0580 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:06:17.0734 0580 MSKSSRV - ok
23:06:17.0750 0580 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:06:17.0750 0580 MSPCLOCK - ok
23:06:17.0781 0580 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:06:17.0781 0580 MSPQM - ok
23:06:17.0812 0580 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:06:17.0812 0580 mssmbios - ok
23:06:17.0843 0580 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:06:17.0843 0580 Mup - ok
23:06:17.0875 0580 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:06:17.0875 0580 NDIS - ok
23:06:17.0906 0580 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:06:17.0906 0580 NdisTapi - ok
23:06:17.0937 0580 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:06:17.0937 0580 Ndisuio - ok
23:06:17.0953 0580 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:06:17.0953 0580 NdisWan - ok
23:06:17.0984 0580 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:06:17.0984 0580 NDProxy - ok
23:06:18.0015 0580 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:06:18.0015 0580 NetBIOS - ok
23:06:18.0046 0580 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:06:18.0046 0580 NetBT - ok
23:06:18.0109 0580 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:06:18.0109 0580 NIC1394 - ok
23:06:18.0140 0580 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:06:18.0140 0580 Npfs - ok
23:06:18.0171 0580 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:06:18.0187 0580 Ntfs - ok
23:06:18.0234 0580 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:06:18.0234 0580 Null - ok
23:06:18.0265 0580 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:06:18.0265 0580 NwlnkFlt - ok
23:06:18.0281 0580 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:06:18.0281 0580 NwlnkFwd - ok
23:06:18.0312 0580 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:06:18.0312 0580 ohci1394 - ok
23:06:18.0359 0580 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
23:06:18.0359 0580 Parport - ok
23:06:18.0375 0580 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:06:18.0375 0580 PartMgr - ok
23:06:18.0406 0580 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:06:18.0406 0580 ParVdm - ok
23:06:18.0421 0580 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:06:18.0421 0580 PCI - ok
23:06:18.0453 0580 PCIDump - ok
23:06:18.0468 0580 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:06:18.0468 0580 PCIIde - ok
23:06:18.0500 0580 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:06:18.0500 0580 Pcmcia - ok
23:06:18.0515 0580 PDCOMP - ok
23:06:18.0546 0580 PDFRAME - ok
23:06:18.0562 0580 PDRELI - ok
23:06:18.0593 0580 PDRFRAME - ok
23:06:18.0609 0580 perc2 - ok
23:06:18.0640 0580 perc2hib - ok
23:06:18.0718 0580 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:06:18.0718 0580 PptpMiniport - ok
23:06:18.0750 0580 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:06:18.0765 0580 PSched - ok
23:06:18.0796 0580 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:06:18.0796 0580 Ptilink - ok
23:06:18.0812 0580 ql1080 - ok
23:06:18.0828 0580 Ql10wnt - ok
23:06:18.0843 0580 ql12160 - ok
23:06:18.0875 0580 ql1240 - ok
23:06:18.0890 0580 ql1280 - ok
23:06:19.0000 0580 RapportCerberus_29574 (dda98cc4f34977914c731b8155e1cbd5) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys
23:06:19.0000 0580 RapportCerberus_29574 - ok
23:06:19.0046 0580 RapportEI (90bc0b9ef6106b8f5f762bdf4f0ad723) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
23:06:19.0046 0580 RapportEI - ok
23:06:19.0078 0580 RapportKELL (8cc04334a2fda2b6d79631dbe62f5cd0) C:\WINDOWS\system32\Drivers\RapportKELL.sys
23:06:19.0078 0580 RapportKELL - ok
23:06:19.0109 0580 RapportPG (a16ba67cf3f448bd163246dd725b7ffc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
23:06:19.0109 0580 RapportPG - ok
23:06:19.0140 0580 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:06:19.0140 0580 RasAcd - ok
23:06:19.0187 0580 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:06:19.0187 0580 Rasl2tp - ok
23:06:19.0218 0580 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:06:19.0218 0580 RasPppoe - ok
23:06:19.0265 0580 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:06:19.0265 0580 Raspti - ok
23:06:19.0281 0580 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:06:19.0281 0580 Rdbss - ok
23:06:19.0312 0580 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:06:19.0312 0580 RDPCDD - ok
23:06:19.0375 0580 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
23:06:19.0390 0580 RDPWD - ok
23:06:19.0421 0580 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:06:19.0421 0580 redbook - ok
23:06:19.0453 0580 rootrepeal - ok
23:06:19.0546 0580 SABKUTIL - ok
23:06:19.0640 0580 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:06:19.0640 0580 SASDIFSV - ok
23:06:19.0656 0580 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:06:19.0656 0580 SASKUTIL - ok
23:06:19.0718 0580 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:06:19.0718 0580 Secdrv - ok
23:06:19.0781 0580 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:06:19.0781 0580 serenum - ok
23:06:19.0796 0580 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:06:19.0796 0580 Serial - ok
23:06:19.0828 0580 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:06:19.0828 0580 Sfloppy - ok
23:06:19.0859 0580 Simbad - ok
23:06:19.0875 0580 Sparrow - ok
23:06:19.0921 0580 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:06:19.0921 0580 splitter - ok
23:06:19.0953 0580 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:06:19.0953 0580 sr - ok
23:06:20.0000 0580 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:06:20.0015 0580 Srv - ok
23:06:20.0046 0580 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:06:20.0046 0580 swenum - ok
23:06:20.0062 0580 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:06:20.0062 0580 swmidi - ok
23:06:20.0109 0580 symc810 - ok
23:06:20.0140 0580 symc8xx - ok
23:06:20.0156 0580 sym_hi - ok
23:06:20.0171 0580 sym_u3 - ok
23:06:20.0203 0580 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:06:20.0203 0580 sysaudio - ok
23:06:20.0281 0580 Tcpip (cbeebeb899e31ef52b962cb31fc8ca5c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:06:20.0281 0580 Tcpip - ok
23:06:20.0312 0580 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:06:20.0312 0580 TDPIPE - ok
23:06:20.0328 0580 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:06:20.0328 0580 TDTCP - ok
23:06:20.0359 0580 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:06:20.0359 0580 TermDD - ok
23:06:20.0390 0580 TosIde - ok
23:06:20.0437 0580 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:06:20.0437 0580 Udfs - ok
23:06:20.0453 0580 ultra - ok
23:06:20.0515 0580 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:06:20.0515 0580 Update - ok
23:06:20.0578 0580 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:06:20.0578 0580 usbccgp - ok
23:06:20.0593 0580 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:06:20.0609 0580 usbehci - ok
23:06:20.0625 0580 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:06:20.0625 0580 usbhub - ok
23:06:20.0656 0580 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:06:20.0656 0580 usbprint - ok
23:06:20.0671 0580 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:06:20.0671 0580 usbscan - ok
23:06:20.0703 0580 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:06:20.0703 0580 usbstor - ok
23:06:20.0734 0580 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:06:20.0734 0580 usbuhci - ok
23:06:20.0750 0580 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
23:06:20.0750 0580 usb_rndisx - ok
23:06:20.0781 0580 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:06:20.0781 0580 VgaSave - ok
23:06:20.0796 0580 ViaIde - ok
23:06:20.0843 0580 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:06:20.0843 0580 VolSnap - ok
23:06:20.0890 0580 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:06:20.0890 0580 Wanarp - ok
23:06:20.0921 0580 wanatw - ok
23:06:20.0937 0580 WDICA - ok
23:06:20.0968 0580 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:06:20.0984 0580 wdmaud - ok
23:06:21.0031 0580 winachsf (ce545a84bf3411e7516fa8da51ad9d93) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:06:21.0046 0580 winachsf - ok
23:06:21.0171 0580 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
23:06:21.0171 0580 WpdUsb - ok
23:06:21.0187 0580 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:06:21.0187 0580 WS2IFSL - ok
23:06:21.0328 0580 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:06:21.0750 0580 \Device\Harddisk0\DR0 - ok
23:06:21.0765 0580 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
23:06:22.0140 0580 \Device\Harddisk1\DR1 - ok
23:06:22.0156 0580 Boot (0x1200) (6927573533f5879574adc95f182a9bbd) \Device\Harddisk0\DR0\Partition0
23:06:22.0156 0580 \Device\Harddisk0\DR0\Partition0 - ok
23:06:22.0171 0580 Boot (0x1200) (6c6d47db1c72ca3094e205e2f720a2fd) \Device\Harddisk1\DR1\Partition0
23:06:22.0171 0580 \Device\Harddisk1\DR1\Partition0 - ok
23:06:22.0187 0580 ============================================================
23:06:22.0187 0580 Scan finished
23:06:22.0187 0580 ============================================================
23:06:22.0218 0204 Detected object count: 0
23:06:22.0218 0204 Actual detected object count: 0
23:08:12.0562 0652 ============================================================
23:08:12.0562 0652 Scan started
23:08:12.0562 0652 Mode: Manual; SigCheck; TDLFS;
23:08:12.0562 0652 ============================================================
23:08:12.0937 0652 Abiosdsk - ok
23:08:12.0953 0652 abp480n5 - ok
23:08:13.0000 0652 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:08:14.0203 0652 ACPI - ok
23:08:14.0312 0652 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:08:14.0500 0652 ACPIEC - ok
23:08:14.0515 0652 adpu160m - ok
23:08:14.0562 0652 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:08:14.0734 0652 aec - ok
23:08:14.0765 0652 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:08:14.0828 0652 AFD - ok
23:08:14.0843 0652 Aha154x - ok
23:08:14.0859 0652 aic78u2 - ok
23:08:14.0890 0652 aic78xx - ok
23:08:14.0937 0652 AliIde - ok
23:08:14.0953 0652 amsint - ok
23:08:14.0984 0652 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:08:15.0140 0652 Arp1394 - ok
23:08:15.0140 0652 asc - ok
23:08:15.0171 0652 asc3350p - ok
23:08:15.0187 0652 asc3550 - ok
23:08:15.0265 0652 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:08:15.0406 0652 AsyncMac - ok
23:08:15.0437 0652 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:08:15.0593 0652 atapi - ok
23:08:15.0609 0652 Atdisk - ok
23:08:15.0703 0652 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:08:15.0796 0652 ati2mtag - ok
23:08:15.0843 0652 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:08:15.0984 0652 Atmarpc - ok
23:08:16.0031 0652 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:08:16.0187 0652 audstub - ok
23:08:16.0234 0652 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:08:16.0406 0652 Beep - ok
23:08:16.0468 0652 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:08:16.0640 0652 cbidf2k - ok
23:08:16.0656 0652 cd20xrnt - ok
23:08:16.0703 0652 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:08:16.0859 0652 Cdaudio - ok
23:08:16.0890 0652 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:08:17.0046 0652 Cdfs - ok
23:08:17.0078 0652 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:08:17.0234 0652 Cdrom - ok
23:08:17.0265 0652 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys
23:08:17.0312 0652 cfwids - ok
23:08:17.0328 0652 Changer - ok
23:08:17.0375 0652 CmdIde - ok
23:08:17.0421 0652 Cpqarray - ok
23:08:17.0453 0652 dac2w2k - ok
23:08:17.0484 0652 dac960nt - ok
23:08:17.0531 0652 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:08:17.0671 0652 Disk - ok
23:08:17.0734 0652 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:08:17.0937 0652 dmboot - ok
23:08:17.0953 0652 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:08:18.0093 0652 dmio - ok
23:08:18.0125 0652 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:08:18.0281 0652 dmload - ok
23:08:18.0328 0652 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:08:18.0484 0652 DMusic - ok
23:08:18.0515 0652 dpti2o - ok
23:08:18.0531 0652 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:08:18.0687 0652 drmkaud - ok
23:08:18.0718 0652 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
23:08:18.0765 0652 E100B - ok
23:08:18.0812 0652 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:08:18.0968 0652 Fastfat - ok
23:08:19.0015 0652 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:08:19.0156 0652 Fdc - ok
23:08:19.0203 0652 FileDisk (0694585d54bf46379ce41aee2b6864aa) C:\WINDOWS\system32\drivers\FileDisk.sys
23:08:19.0218 0652 FileDisk ( UnsignedFile.Multi.Generic ) - warning
23:08:19.0218 0652 FileDisk - detected UnsignedFile.Multi.Generic (1)
23:08:19.0234 0652 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:08:19.0375 0652 Fips - ok
23:08:19.0406 0652 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:08:19.0546 0652 Flpydisk - ok
23:08:19.0593 0652 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:08:19.0750 0652 FltMgr - ok
23:08:19.0781 0652 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:08:19.0937 0652 Fs_Rec - ok
23:08:19.0968 0652 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:08:20.0125 0652 Ftdisk - ok
23:08:20.0171 0652 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:08:20.0328 0652 Gpc - ok
23:08:20.0359 0652 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
23:08:20.0390 0652 HdAudAddService - ok
23:08:20.0421 0652 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:08:20.0578 0652 HDAudBus - ok
23:08:20.0625 0652 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:08:20.0781 0652 HidUsb - ok
23:08:20.0812 0652 hpn - ok
23:08:20.0859 0652 HSFHWBS2 (128ef741b2293c36810561092b566b1c) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
23:08:20.0921 0652 HSFHWBS2 - ok
23:08:20.0968 0652 HSF_DP (9a0d0c461ef2b3d80cb7875b4b995e47) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
23:08:21.0031 0652 HSF_DP - ok
23:08:21.0078 0652 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:08:21.0140 0652 HTTP - ok
23:08:21.0156 0652 i2omgmt - ok
23:08:21.0187 0652 i2omp - ok
23:08:21.0218 0652 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
23:08:21.0359 0652 i8042prt - ok
23:08:21.0390 0652 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:08:21.0546 0652 Imapi - ok
23:08:21.0578 0652 ini910u - ok
23:08:21.0750 0652 IntcAzAudAddService (98b7fab86755a42fe8eb04538a4cd6c8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:08:21.0906 0652 IntcAzAudAddService - ok
23:08:22.0015 0652 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:08:22.0171 0652 IntelIde - ok
23:08:22.0203 0652 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:08:22.0343 0652 intelppm - ok
23:08:22.0375 0652 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:08:22.0531 0652 Ip6Fw - ok
23:08:22.0562 0652 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:08:22.0718 0652 IpFilterDriver - ok
23:08:22.0734 0652 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:08:22.0890 0652 IpInIp - ok
23:08:22.0921 0652 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:08:23.0078 0652 IpNat - ok
23:08:23.0109 0652 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:08:23.0265 0652 IPSec - ok
23:08:23.0281 0652 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:08:23.0343 0652 IRENUM - ok
23:08:23.0375 0652 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:08:23.0515 0652 isapnp - ok
23:08:23.0562 0652 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:08:23.0718 0652 Kbdclass - ok
23:08:23.0734 0652 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:08:23.0875 0652 kbdhid - ok
23:08:23.0906 0652 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:08:24.0062 0652 kmixer - ok
23:08:24.0093 0652 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:08:24.0156 0652 KSecDD - ok
23:08:24.0203 0652 lbrtfdc - ok
23:08:24.0250 0652 MBAMSwissArmy - ok
23:08:24.0406 0652 mdmxsdk (5110edd87e2508f02b922e83a2487dfc) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:08:24.0437 0652 mdmxsdk - ok
23:08:24.0468 0652 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys
23:08:24.0484 0652 mfeapfk - ok
23:08:24.0515 0652 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys
23:08:24.0531 0652 mfeavfk - ok
23:08:24.0546 0652 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys
23:08:24.0562 0652 mfebopk - ok
23:08:24.0593 0652 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys
23:08:24.0609 0652 mfefirek - ok
23:08:24.0640 0652 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys
23:08:24.0671 0652 mfehidk - ok
23:08:24.0703 0652 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
23:08:24.0703 0652 mfendisk - ok
23:08:24.0718 0652 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
23:08:24.0734 0652 mfendiskmp - ok
23:08:24.0765 0652 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys
23:08:24.0765 0652 mferkdet - ok
23:08:24.0796 0652 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys
23:08:24.0812 0652 mfetdi2k - ok
23:08:24.0859 0652 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:08:25.0015 0652 mnmdd - ok
23:08:25.0062 0652 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:08:25.0203 0652 Modem - ok
23:08:25.0234 0652 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:08:25.0375 0652 Mouclass - ok
23:08:25.0406 0652 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:08:25.0562 0652 mouhid - ok
23:08:25.0578 0652 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:08:25.0734 0652 MountMgr - ok
23:08:25.0750 0652 mraid35x - ok
23:08:25.0828 0652 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
23:08:25.0843 0652 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
23:08:25.0843 0652 MREMP50 - detected UnsignedFile.Multi.Generic (1)
23:08:25.0859 0652 MREMPR5 - ok
23:08:25.0875 0652 MRENDIS5 - ok
23:08:25.0906 0652 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
23:08:25.0921 0652 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
23:08:25.0921 0652 MRESP50 - detected UnsignedFile.Multi.Generic (1)
23:08:25.0937 0652 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:08:26.0078 0652 MRxDAV - ok
23:08:26.0125 0652 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:08:26.0187 0652 MRxSmb - ok
23:08:26.0218 0652 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:08:26.0359 0652 Msfs - ok
23:08:26.0406 0652 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:08:26.0546 0652 MSKSSRV - ok
23:08:26.0562 0652 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:08:26.0718 0652 MSPCLOCK - ok
23:08:26.0718 0652 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:08:26.0859 0652 MSPQM - ok
23:08:26.0890 0652 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:08:27.0031 0652 mssmbios - ok
23:08:27.0062 0652 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:08:27.0078 0652 Mup - ok
23:08:27.0109 0652 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:08:27.0250 0652 NDIS - ok
23:08:27.0281 0652 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:08:27.0296 0652 NdisTapi - ok
23:08:27.0312 0652 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:08:27.0484 0652 Ndisuio - ok
23:08:27.0484 0652 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:08:27.0640 0652 NdisWan - ok
23:08:27.0671 0652 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:08:27.0718 0652 NDProxy - ok
23:08:27.0718 0652 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:08:27.0875 0652 NetBIOS - ok
23:08:27.0890 0652 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:08:28.0046 0652 NetBT - ok
23:08:28.0125 0652 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:08:28.0265 0652 NIC1394 - ok
23:08:28.0296 0652 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:08:28.0453 0652 Npfs - ok
23:08:28.0500 0652 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:08:28.0671 0652 Ntfs - ok
23:08:28.0734 0652 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:08:28.0875 0652 Null - ok
23:08:28.0906 0652 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:08:29.0046 0652 NwlnkFlt - ok
23:08:29.0062 0652 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:08:29.0218 0652 NwlnkFwd - ok
23:08:29.0218 0652 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:08:29.0375 0652 ohci1394 - ok
23:08:29.0437 0652 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
23:08:29.0593 0652 Parport - ok
23:08:29.0609 0652 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:08:29.0750 0652 PartMgr - ok
23:08:29.0765 0652 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:08:29.0921 0652 ParVdm - ok
23:08:29.0937 0652 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:08:30.0062 0652 PCI - ok
23:08:30.0078 0652 PCIDump - ok
23:08:30.0109 0652 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:08:30.0234 0652 PCIIde - ok
23:08:30.0250 0652 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:08:30.0390 0652 Pcmcia - ok
23:08:30.0406 0652 PDCOMP - ok
23:08:30.0421 0652 PDFRAME - ok
23:08:30.0453 0652 PDRELI - ok
23:08:30.0468 0652 PDRFRAME - ok
23:08:30.0500 0652 perc2 - ok
23:08:30.0515 0652 perc2hib - ok
23:08:30.0625 0652 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:08:30.0765 0652 PptpMiniport - ok
23:08:30.0796 0652 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:08:30.0937 0652 PSched - ok
23:08:30.0968 0652 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:08:31.0093 0652 Ptilink - ok
23:08:31.0109 0652 ql1080 - ok
23:08:31.0140 0652 Ql10wnt - ok
23:08:31.0156 0652 ql12160 - ok
23:08:31.0171 0652 ql1240 - ok
23:08:31.0203 0652 ql1280 - ok
23:08:31.0296 0652 RapportCerberus_29574 (dda98cc4f34977914c731b8155e1cbd5) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys
23:08:31.0312 0652 RapportCerberus_29574 - ok
23:08:31.0359 0652 RapportEI (90bc0b9ef6106b8f5f762bdf4f0ad723) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
23:08:31.0375 0652 RapportEI - ok
23:08:31.0406 0652 RapportKELL (8cc04334a2fda2b6d79631dbe62f5cd0) C:\WINDOWS\system32\Drivers\RapportKELL.sys
23:08:31.0421 0652 RapportKELL - ok
23:08:31.0453 0652 RapportPG (a16ba67cf3f448bd163246dd725b7ffc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
23:08:31.0468 0652 RapportPG - ok
23:08:31.0500 0652 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:08:31.0656 0652 RasAcd - ok
23:08:31.0703 0652 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:08:31.0859 0652 Rasl2tp - ok
23:08:31.0875 0652 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:08:32.0015 0652 RasPppoe - ok
23:08:32.0046 0652 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:08:32.0187 0652 Raspti - ok
23:08:32.0234 0652 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:08:32.0359 0652 Rdbss - ok
23:08:32.0390 0652 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:08:32.0546 0652 RDPCDD - ok
23:08:32.0609 0652 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
23:08:32.0656 0652 RDPWD - ok
23:08:32.0687 0652 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:08:32.0843 0652 redbook - ok
23:08:32.0875 0652 rootrepeal - ok
23:08:32.0984 0652 SABKUTIL - ok
23:08:33.0078 0652 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:08:33.0078 0652 SASDIFSV - ok
23:08:33.0093 0652 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:08:33.0109 0652 SASKUTIL - ok
23:08:33.0171 0652 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:08:33.0234 0652 Secdrv - ok
23:08:33.0296 0652 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:08:33.0437 0652 serenum - ok
23:08:33.0453 0652 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:08:33.0609 0652 Serial - ok
23:08:33.0640 0652 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:08:33.0796 0652 Sfloppy - ok
23:08:33.0828 0652 Simbad - ok
23:08:33.0859 0652 Sparrow - ok
23:08:33.0890 0652 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:08:34.0031 0652 splitter - ok
23:08:34.0062 0652 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:08:34.0140 0652 sr - ok
23:08:34.0187 0652 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:08:34.0265 0652 Srv - ok
23:08:34.0312 0652 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:08:34.0453 0652 swenum - ok
23:08:34.0468 0652 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:08:34.0625 0652 swmidi - ok
23:08:34.0656 0652 symc810 - ok
23:08:34.0687 0652 symc8xx - ok
23:08:34.0703 0652 sym_hi - ok
23:08:34.0734 0652 sym_u3 - ok
23:08:34.0765 0652 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:08:34.0921 0652 sysaudio - ok
23:08:34.0984 0652 Tcpip (cbeebeb899e31ef52b962cb31fc8ca5c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:08:35.0000 0652 Tcpip ( UnsignedFile.Multi.Generic ) - warning
23:08:35.0000 0652 Tcpip - detected UnsignedFile.Multi.Generic (1)
23:08:35.0031 0652 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:08:35.0171 0652 TDPIPE - ok
23:08:35.0187 0652 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:08:35.0343 0652 TDTCP - ok
23:08:35.0375 0652 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:08:35.0531 0652 TermDD - ok
23:08:35.0562 0652 TosIde - ok
23:08:35.0625 0652 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:08:35.0765 0652 Udfs - ok
23:08:35.0781 0652 ultra - ok
23:08:35.0843 0652 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:08:36.0015 0652 Update - ok
23:08:36.0078 0652 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:08:36.0234 0652 usbccgp - ok
23:08:36.0250 0652 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:08:36.0406 0652 usbehci - ok
23:08:36.0437 0652 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:08:36.0593 0652 usbhub - ok
23:08:36.0609 0652 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:08:36.0765 0652 usbprint - ok
23:08:36.0781 0652 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:08:36.0921 0652 usbscan - ok
23:08:36.0937 0652 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:08:37.0078 0652 usbstor - ok
23:08:37.0093 0652 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:08:37.0250 0652 usbuhci - ok
23:08:37.0281 0652 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
23:08:37.0437 0652 usb_rndisx - ok
23:08:37.0453 0652 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:08:37.0593 0652 VgaSave - ok
23:08:37.0609 0652 ViaIde - ok
23:08:37.0640 0652 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:08:37.0781 0652 VolSnap - ok
23:08:37.0859 0652 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:08:38.0000 0652 Wanarp - ok
23:08:38.0015 0652 wanatw - ok
23:08:38.0031 0652 WDICA - ok
23:08:38.0062 0652 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:08:38.0218 0652 wdmaud - ok
23:08:38.0281 0652 winachsf (ce545a84bf3411e7516fa8da51ad9d93) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:08:38.0328 0652 winachsf - ok
23:08:38.0453 0652 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
23:08:38.0500 0652 WpdUsb - ok
23:08:38.0531 0652 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:08:38.0671 0652 WS2IFSL - ok
23:08:38.0796 0652 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:08:39.0328 0652 \Device\Harddisk0\DR0 - ok
23:08:39.0343 0652 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
23:08:39.0750 0652 \Device\Harddisk1\DR1 - ok
23:08:39.0765 0652 Boot (0x1200) (6927573533f5879574adc95f182a9bbd) \Device\Harddisk0\DR0\Partition0
23:08:39.0765 0652 \Device\Harddisk0\DR0\Partition0 - ok
23:08:39.0765 0652 Boot (0x1200) (6c6d47db1c72ca3094e205e2f720a2fd) \Device\Harddisk1\DR1\Partition0
23:08:39.0765 0652 \Device\Harddisk1\DR1\Partition0 - ok
23:08:39.0781 0652 ============================================================
23:08:39.0781 0652 Scan finished
23:08:39.0781 0652 ============================================================
23:08:39.0906 1988 Detected object count: 4
23:08:39.0906 1988 Actual detected object count: 4
23:11:32.0984 1988 FileDisk ( UnsignedFile.Multi.Generic ) - skipped by user
23:11:32.0984 1988 FileDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:11:32.0984 1988 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
23:11:32.0984 1988 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:11:32.0984 1988 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
23:11:32.0984 1988 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:11:32.0984 1988 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
23:11:32.0984 1988 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:18:07.0421 0128 Deinitialize success

#8 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 20 October 2011 - 06:13 AM

OK Zebedee, let's try this.

Download ComboFix (in Safe Mode with Networking, if necessary) from one of these locations:


Link 1
Link 2

* IMPORTANT !!! Save ComboFix to your Desktop


It would be best to run these in Normal Mode and not Safe Mode, if possible.


•Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable Security Programs

•Double click on ComboFix.exe & follow the prompts.

Notes: ComboFix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

Posted Image

If running XP, Click on YES and allow the Recovery Console to install. If running Vista or 7, click on NO to continue the scanning for malware.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy/Paste in your next reply.

Notes:

1.Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. ComboFix disconnects your machine from the internet. The connection is automatically restored before ComboFix completes its run.

Give it at least 20-30 minutes to finish if needed.

Please do not attach the scan results from ComboFix. Use copy/paste.

Also please describe how your computer behaves at the moment.

Thanks.

Dave

#9 Zebedee

Zebedee
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Suffolk, England
  • Local time:05:32 PM

Posted 21 October 2011 - 05:49 AM

Dave,

I had to download ComboFix in safe mode but managed to run it in normal mode. I have pasted the log below. It doesn't appear to have made any difference to the behaviour of the computer and all the issues I described in earlier posts are still there.

Thanks again for your continued help.

Regards

Brian

ComboFix 11-10-20.08 - Prince 21/10/2011 10:41:21.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1628 [GMT 1:00]
Running from: c:\documents and settings\Prince\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Prince\Application Data\Ixyst
c:\documents and settings\Prince\Application Data\Ixyst\guca.uri
c:\documents and settings\Prince\Application Data\Lufuho
c:\documents and settings\Prince\Application Data\Lufuho\piby.tow
c:\documents and settings\Prince\Application Data\Onipm
c:\documents and settings\Prince\Application Data\Onipm\ufvuw.xyn
c:\documents and settings\Prince\Application Data\Pasa
c:\documents and settings\Prince\Application Data\Pasa\qivu.ero
c:\documents and settings\Prince\Application Data\Pawupu
c:\documents and settings\Prince\Application Data\Pawupu\hyny.exe
c:\documents and settings\Prince\Application Data\Wobogi
c:\documents and settings\Prince\Application Data\Wobogi\domei.onh
c:\documents and settings\Prince\Local Settings\Application Data\{47483980-F685-413A-86F8-AF2E7F9F6F52}
c:\documents and settings\Prince\Local Settings\Application Data\{47483980-F685-413A-86F8-AF2E7F9F6F52}\chrome.manifest
c:\documents and settings\Prince\Local Settings\Application Data\{47483980-F685-413A-86F8-AF2E7F9F6F52}\chrome\content\_cfg.js
c:\documents and settings\Prince\Local Settings\Application Data\{47483980-F685-413A-86F8-AF2E7F9F6F52}\chrome\content\overlay.xul
c:\documents and settings\Prince\Local Settings\Application Data\{47483980-F685-413A-86F8-AF2E7F9F6F52}\install.rdf
c:\program files\Internet Explorer\complete.dat
c:\program files\Internet Explorer\dmlconf.dat
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-21 to 2011-10-21 )))))))))))))))))))))))))))))))
.
.
2011-10-10 13:09 . 2011-10-10 13:09 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-10-10 13:09 . 2011-10-10 13:09 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-10-09 20:32 . 2011-09-01 10:39 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-10-09 20:32 . 2011-09-01 10:38 767952 ----a-w- c:\windows\BDTSupport.dll
2011-10-09 20:32 . 2011-09-01 10:39 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-10-09 20:32 . 2011-09-01 10:39 2189264 ----a-w- c:\windows\PCTBDCore.dll
2011-10-09 20:29 . 2011-10-21 06:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-10-09 20:29 . 2011-10-09 21:16 -------- d-----w- c:\program files\PC Tools Security
2011-10-09 20:29 . 2011-10-09 21:16 -------- d-----w- c:\program files\Common Files\PC Tools
2011-10-09 20:27 . 2011-10-09 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-10-09 12:14 . 2011-10-09 12:14 -------- d-----w- c:\documents and settings\Prince\Application Data\McAfee
2011-10-07 08:53 . 2011-10-07 08:53 -------- d-----w- c:\documents and settings\Administrator
2011-10-06 14:36 . 2011-10-06 14:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\iolo
2011-09-26 10:41 . 2011-09-26 10:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-25 18:00 . 2011-09-25 18:00 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 10:41 . 2010-07-13 02:44 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2010-07-13 02:44 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2010-07-13 02:43 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2010-07-13 02:44 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 16:00 . 2009-09-25 16:41 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2010-07-13 02:44 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2010-07-13 02:44 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2010-07-13 02:44 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2010-07-13 02:44 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2005-11-30 13:36 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-12 11:56 . 2005-11-30 13:36 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-08 14:01 . 2011-07-26 16:31 11776 ----a-w- c:\windows\system32\smrgdf.exe
2011-08-08 14:01 . 2011-07-26 16:31 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2011-08-08 13:18 . 2011-07-26 16:31 2083464 ----a-w- c:\windows\system32\Incinerator32.dll
2011-07-26 16:26 . 2011-07-26 16:26 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-07-26 07:27 . 2011-07-26 07:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 13:09 . 2011-03-25 09:37 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 13:01 . 2010-07-30 22:01 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-08-12 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2004-08-13 . 4092C56967175F009DC8458DC434358E . 359040 . . [5.1.2600.2505] . . c:\windows\$NtUninstallKB889527$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB884020$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-29 4611456]
"Spyware Doctor with AntiVirus"="c:\documents and settings\Prince\Desktop\sdasetup.exe" [2011-10-09 513032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-25 185640]
"NapsterShell"="c:\program files\Napster\napster.exe" [2009-09-30 323280]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-09-20 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [25/09/2011 19:00 56336]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [23/07/2010 19:13 84200]
R1 RapportCerberus_29574;RapportCerberus_29574;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [03/08/2011 16:36 216912]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [25/09/2011 19:00 70416]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [25/09/2011 19:00 161936]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17/02/2010 19:25 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [29/06/2010 18:48 116608]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [25/09/2009 23:32 189736]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [26/07/2011 17:31 722616]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [23/07/2010 19:13 271480]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [23/07/2010 19:13 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [23/07/2010 19:13 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [23/07/2010 19:13 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [23/07/2010 19:13 141792]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [25/09/2011 18:59 919352]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [23/07/2010 19:13 56064]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [23/07/2010 19:13 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [23/07/2010 19:13 88736]
S1 SABKUTIL;SABKUTIL;\??\c:\documents and settings\Princess\My Documents\Downloads\SABKUTIL.sys --> c:\documents and settings\Princess\My Documents\Downloads\SABKUTIL.sys [?]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [09/10/2011 21:32 337872]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [23/07/2010 19:13 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [23/07/2010 19:13 84488]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1512602942-559049672-3746681627-1007Core.job
- c:\documents and settings\Prince\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-29 22:59]
.
2011-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1512602942-559049672-3746681627-1007UA.job
- c:\documents and settings\Prince\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-29 22:59]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1512602942-559049672-3746681627-1008Core.job
- c:\documents and settings\Princess\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-23 22:48]
.
2011-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1512602942-559049672-3746681627-1008UA.job
- c:\documents and settings\Princess\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-23 22:48]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Prince\Application Data\Mozilla\Firefox\Profiles\5uhewi56.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-RealPlayer 12.0 - c:\program files\real\realplayer\Update\r1puninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-21 10:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1512602942-559049672-3746681627-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1068)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-10-21 10:48:58
ComboFix-quarantined-files.txt 2011-10-21 09:48
.
Pre-Run: 110,957,969,408 bytes free
Post-Run: 114,361,073,664 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - B400FBFFAB21C6FA6516CB3AAE20D2D9

#10 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 21 October 2011 - 07:59 AM

Hi Zebedee! :woot:


Let's create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Thanks.

Dave

#11 Zebedee

Zebedee
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Suffolk, England
  • Local time:05:32 PM

Posted 23 October 2011 - 11:34 AM

Hello Dave,

Here are the OTL reports. OTListIt.txt first followed by Extra.txt.

Regards

Zebedeeeeeeeeeeeeee!

OTL logfile created on: 23/10/2011 17:09:11 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Prince\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.38% Memory free
3.85 Gb Paging File | 3.22 Gb Available in Paging File | 83.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 105.98 Gb Free Space | 71.10% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 146.85 Gb Free Space | 98.52% Space Free | Partition Type: NTFS

Computer Name: WORKSTATION1 | User Name: Prince | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/23 17:01:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Prince\Desktop\OTL.exe
PRC - [2011/10/09 21:26:30 | 000,513,032 | ---- | M] () -- C:\Documents and Settings\Prince\Desktop\sdasetup.exe
PRC - [2011/09/29 21:22:22 | 004,611,456 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/09/25 18:59:56 | 000,919,352 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/09/20 15:44:29 | 000,386,944 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SSUPDATE.EXE
PRC - [2011/09/20 15:44:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/08/08 14:15:42 | 000,722,616 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2011/06/28 07:01:30 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/09/30 21:10:14 | 000,323,280 | ---- | M] (Napster) -- C:\Program Files\Napster\napster.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 23:32:16 | 004,048,168 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\ManagerApp\UpdateCheck.exe
PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/23 17:04:56 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/10/23 17:04:56 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/10/09 21:26:30 | 000,513,032 | ---- | M] () -- C:\Documents and Settings\Prince\Desktop\sdasetup.exe
MOD - [2011/09/21 08:55:24 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/09/21 08:55:24 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/07/12 09:27:57 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/09/25 18:59:56 | 000,919,352 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/09/20 15:44:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/09/01 11:38:54 | 000,337,872 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/08/08 14:15:42 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/09/25 19:00:08 | 000,161,936 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/09/25 19:00:08 | 000,070,416 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/09/25 19:00:08 | 000,056,336 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/09/20 15:44:25 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/20 15:44:25 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/08/03 16:36:06 | 000,216,912 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys -- (RapportCerberus_29574)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/06/29 18:30:08 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2005/08/18 14:35:00 | 003,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/11/13 18:19:48 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/13 18:18:36 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/13 18:17:00 | 001,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8075

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8075



IE - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: cfxHelper@Triton:1.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {47483980-F685-413A-86F8-AF2E7F9F6F52}:1.9.1
FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6.5


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/09 17:51:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/09/26 18:19:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/10 14:09:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/25 13:42:24 | 000,000,000 | ---D | M]

[2010/07/29 23:21:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Prince\Application Data\Mozilla\Extensions
[2011/10/09 21:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Prince\Application Data\Mozilla\Firefox\Profiles\5uhewi56.default\extensions
[2010/08/12 11:35:07 | 000,000,000 | ---D | M] (Chromifox Extreme) -- C:\Documents and Settings\Prince\Application Data\Mozilla\Firefox\Profiles\5uhewi56.default\extensions\cfxe@Triton
[2010/08/12 11:35:19 | 000,000,000 | ---D | M] (Chromifox Companion) -- C:\Documents and Settings\Prince\Application Data\Mozilla\Firefox\Profiles\5uhewi56.default\extensions\cfxHelper@Triton
[2011/08/12 13:29:11 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Prince\Application Data\Mozilla\Firefox\Profiles\5uhewi56.default\extensions\firefox@tvunetworks.com
[2011/08/13 08:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/09 17:51:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/07 08:01:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/08/13 08:32:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/07/27 22:26:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/26 18:19:03 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/10/10 14:09:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/30 20:10:14 | 000,106,192 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npstrlnk.dll
[2011/10/10 14:09:35 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/10 14:09:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/10 14:09:35 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/10 14:09:35 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/10 14:09:35 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: NapsterLink (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npstrlnk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\WINDOWS\system32\TVUAx\npTVUAx.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: AT_HedgehogInTheFog_v2 = C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg\3\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\

O1 HOSTS File: ([2011/10/21 10:46:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110530203012.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\..\Toolbar\WebBrowser: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007..\Run: [Spyware Doctor with AntiVirus] C:\Documents and Settings\Prince\Desktop\sdasetup.exe ()
O4 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
O15 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8603B23-318E-4C99-A556-F6BA51907EA0}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Prince\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Prince\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/30 14:28:55 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/23 17:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/10/23 17:01:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Prince\Desktop\OTL.exe
[2011/10/21 10:38:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/21 10:35:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/21 10:35:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/21 10:35:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/21 10:35:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/21 10:35:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/21 10:32:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/21 10:07:18 | 004,268,137 | R--- | C] (Swearware) -- C:\Documents and Settings\Prince\Desktop\ComboFix.exe
[2011/10/09 21:32:27 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/10/09 21:32:26 | 002,189,264 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/10/09 21:32:26 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/10/09 21:29:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/10/09 21:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/10/09 21:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/10/09 21:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/10/09 13:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prince\Application Data\McAfee
[2011/10/08 19:56:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/10/06 15:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2011/09/26 11:41:20 | 000,611,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/25 19:00:08 | 000,056,336 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys

========== Files - Modified Within 30 Days ==========

[2011/10/23 17:04:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/23 17:03:58 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/23 17:01:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Prince\Desktop\OTL.exe
[2011/10/23 16:34:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1512602942-559049672-3746681627-1007UA.job
[2011/10/23 16:24:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1512602942-559049672-3746681627-1008UA.job
[2011/10/23 14:24:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1512602942-559049672-3746681627-1008Core.job
[2011/10/23 13:34:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1512602942-559049672-3746681627-1007Core.job
[2011/10/22 18:50:56 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Prince\Desktop\Core Workout.xlr
[2011/10/22 18:50:56 | 000,000,404 | ---- | M] () -- C:\Documents and Settings\Prince\Application Data\wklnhst.dat
[2011/10/21 10:46:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/21 10:38:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/21 10:07:36 | 004,268,137 | R--- | M] (Swearware) -- C:\Documents and Settings\Prince\Desktop\ComboFix.exe
[2011/10/16 19:30:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/14 20:38:18 | 000,000,277 | ---- | M] () -- C:\Documents and Settings\Prince\Desktop\D Drive.lnk
[2011/10/13 15:36:52 | 000,175,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/13 09:14:28 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/09 21:26:30 | 000,513,032 | ---- | M] () -- C:\Documents and Settings\Prince\Desktop\sdasetup.exe
[2011/10/09 13:14:28 | 000,001,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/10/06 23:19:14 | 000,000,267 | ---- | M] () -- C:\WINDOWS\SysMech.INI
[2011/10/05 09:30:20 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/05 09:30:19 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\Prince\Desktop\Google Chrome.lnk
[2011/10/03 09:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/09/26 11:41:20 | 000,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 11:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
[2011/09/25 19:00:08 | 000,056,336 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys

========== Files Created - No Company Name ==========

[2011/10/23 17:03:58 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/21 10:38:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/21 10:38:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/21 10:35:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/21 10:35:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/21 10:35:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/21 10:35:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/21 10:35:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/09 21:32:27 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/10/09 21:32:27 | 000,002,125 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2011/10/09 21:32:27 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2011/10/09 21:32:27 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2011/10/09 21:32:27 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2011/10/09 21:27:33 | 000,513,032 | ---- | C] () -- C:\Documents and Settings\Prince\Desktop\sdasetup.exe
[2011/10/09 13:14:28 | 000,001,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/10/09 13:12:59 | 000,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/10/06 23:19:14 | 000,000,267 | ---- | C] () -- C:\WINDOWS\SysMech.INI
[2011/07/26 17:26:44 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/03/11 03:37:48 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/01/13 00:26:36 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jquvujepopepacu.dat
[2011/01/13 00:26:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Sqicaliko.bin
[2010/07/28 11:42:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/27 19:27:38 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/07/27 19:27:38 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/07/27 19:27:38 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/07/27 19:27:37 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/07/27 19:27:37 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/07/27 19:27:37 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/07/27 19:27:37 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/07/27 19:27:37 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/07/27 19:27:37 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/07/27 19:27:37 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/07/27 19:27:37 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/07/27 19:27:37 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/07/27 19:27:37 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/07/27 19:27:37 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/07/27 19:27:37 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/07/27 19:27:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/07/27 19:27:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/07/27 19:27:37 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/07/27 19:27:37 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/07/27 19:19:11 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX7400DEFGIPS.ini
[2010/07/13 23:07:01 | 000,156,672 | ---- | C] () -- C:\Documents and Settings\Prince\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/13 22:53:52 | 000,000,404 | ---- | C] () -- C:\Documents and Settings\Prince\Application Data\wklnhst.dat
[2010/07/13 03:45:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/07/13 03:45:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/13 03:45:02 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2010/07/13 03:45:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/13 03:45:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/13 03:44:34 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/07/13 03:44:30 | 000,384,926 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/13 03:44:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010/07/13 03:44:30 | 000,054,484 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/13 03:44:30 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010/07/13 03:44:29 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010/07/13 03:44:29 | 000,000,828 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2010/07/13 03:44:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010/07/13 03:44:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2010/07/13 03:44:11 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010/07/13 03:44:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2010/07/13 03:44:07 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/07/13 03:44:06 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/07/13 03:44:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/07/13 03:44:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/07/13 03:44:06 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/07/13 03:44:06 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/07/13 03:43:59 | 000,175,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/13 03:43:59 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/07/13 03:43:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/13 03:43:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010/07/13 03:43:52 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2010/07/13 03:43:42 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/07/12 22:00:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/12 19:58:45 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Prince\Local Settings\Application Data\fusioncache.dat
[2010/07/12 19:58:30 | 000,041,810 | ---- | C] () -- C:\WINDOWS\System32\compare.dat
[2005/12/31 16:29:02 | 000,160,963 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 23/10/2011 17:09:11 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Prince\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.38% Memory free
3.85 Gb Paging File | 3.22 Gb Available in Paging File | 83.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 105.98 Gb Free Space | 71.10% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 146.85 Gb Free Space | 98.52% Space Free | Partition Type: NTFS

Computer Name: WORKSTATION1 | User Name: Prince | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1512602942-559049672-3746681627-1007\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe:*:Enabled:BT Broadband Desktop Help -- (Alcatel-Lucent)
"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe:*:Enabled:BT Broadband Desktop Help Notifier -- (Alcatel-Lucent)
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}" = Visual Studio C++ 9.0 Runtime
"{0ED98038-0885-F902-C419-669ADE471A46}" = ATI Stream SDK v2 Developer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A433AE09-2126-4dad-9CBD-C1B05DC42787}" = Windows Messenger 5.1
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B9060398-FB64-2A4C-C4E6-D1236447E026}" = ATI Catalyst Install Manager
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Broadband Support Tools
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BTHomeHub" = BTHomeHub
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX7300_CX8300_DX7400_DX8400 User’s Guide" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 7.0.1 (x86 en-GB)" = Mozilla Firefox 7.0.1 (x86 en-GB)
"MSC" = BT NetProtect Plus
"MyTomTom" = MyTomTom 3.0.2.267
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroVision!UninstallKey" = Nero Digital
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVEContent!UninstallKey" = NeroVision Express Content
"PROSet" = Intel® PRO Network Connections Drivers
"QuickTime" = QuickTime
"SopCast" = SopCast 3.2.9
"Veetle TV" = Veetle TV 0.9.18
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = BT Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1512602942-559049672-3746681627-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23/10/2011 11:46:43 | Computer Name = WORKSTATION1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 480 (0x1e0) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.835
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee.com\Agent\mcagent.exe

by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 23/10/2011 11:48:33 | Computer Name = WORKSTATION1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 4056 (0xfd8) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.835
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee.com\Agent\mcagent.exe

by C:\WINDOWS\system32\svchost.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 23/10/2011 11:51:21 | Computer Name = WORKSTATION1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2236 (0x8bc) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.835
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee.com\Agent\mcupdate.exe

by **\MCUPDATE.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)
5006(0)(0) 5004(0)(0)

Error - 23/10/2011 11:53:51 | Computer Name = WORKSTATION1 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8328.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 23/10/2011 12:08:20 | Computer Name = WORKSTATION1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3592 (0xe08) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.835
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Prince\Desktop\OTL.exe

by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 23/10/2011 12:10:46 | Computer Name = WORKSTATION1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3360 (0xd20) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.835
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee.com\Agent\mcagent.exe

by C:\Documents and Settings\Prince\Desktop\OTL.exe 4(0)(0) 4(0)(0) 7200(0)(0)
7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 23/10/2011 12:12:58 | Computer Name = WORKSTATION1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2140 (0x85c) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.835
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\SiteAdvisor\SaSSHMod.dll

by C:\Documents and Settings\Prince\Desktop\OTL.exe 4(0)(0) 4(0)(0) 7200(0)(0)
7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 23/10/2011 12:15:04 | Computer Name = WORKSTATION1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3264 (0xcc0) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.835
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee.com\Agent\mcagent.exe

by C:\Documents and Settings\Prince\Desktop\OTL.exe 4(0)(0) 4(0)(0) 7200(0)(0)
7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 23/10/2011 12:17:39 | Computer Name = WORKSTATION1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3412 (0xd54) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.835
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\Common
Files\Motive\npMotive.dll by C:\Documents and Settings\Prince\Desktop\OTL.exe 4(0)(0)

4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 23/10/2011 12:20:04 | Computer Name = WORKSTATION1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2068 (0x814) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.835
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee.com\Agent\mcagent.exe

by C:\Documents and Settings\Prince\Desktop\OTL.exe 4(0)(0) 4(0)(0) 7200(0)(0)
7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

[ System Events ]
Error - 23/10/2011 12:03:05 | Computer Name = WORKSTATION1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 23/10/2011 12:04:24 | Computer Name = WORKSTATION1 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 23/10/2011 12:04:33 | Computer Name = WORKSTATION1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Browser Defender Update
Service service to connect.

Error - 23/10/2011 12:04:33 | Computer Name = WORKSTATION1 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5

Error - 23/10/2011 12:08:20 | Computer Name = WORKSTATION1 | Source = Service Control Manager | ID = 7031
Description = The McShield service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 5000 milliseconds: Restart
the service.

Error - 23/10/2011 12:10:46 | Computer Name = WORKSTATION1 | Source = Service Control Manager | ID = 7031
Description = The McShield service terminated unexpectedly. It has done this 2
time(s). The following corrective action will be taken in 5000 milliseconds: Restart
the service.

Error - 23/10/2011 12:12:58 | Computer Name = WORKSTATION1 | Source = Service Control Manager | ID = 7031
Description = The McShield service terminated unexpectedly. It has done this 3
time(s). The following corrective action will be taken in 5000 milliseconds: Restart
the service.

Error - 23/10/2011 12:15:04 | Computer Name = WORKSTATION1 | Source = Service Control Manager | ID = 7031
Description = The McShield service terminated unexpectedly. It has done this 4
time(s). The following corrective action will be taken in 5000 milliseconds: Restart
the service.

Error - 23/10/2011 12:17:39 | Computer Name = WORKSTATION1 | Source = Service Control Manager | ID = 7031
Description = The McShield service terminated unexpectedly. It has done this 5
time(s). The following corrective action will be taken in 5000 milliseconds: Restart
the service.

Error - 23/10/2011 12:20:04 | Computer Name = WORKSTATION1 | Source = Service Control Manager | ID = 7034
Description = The McShield service terminated unexpectedly. It has done this 6
time(s).


< End of report >

#12 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 24 October 2011 - 05:09 PM

Hi Zebedee!


We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    [2011/01/13 00:26:36 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jquvujepopepacu.dat
    [2011/01/13 00:26:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Sqicaliko.bin
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    IE - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8075
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8075
    
    :commands
    [CREATERESTOREPOINT]
    [REBOOT]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.



From the looks of your logs, I think you have a problem with your McAfee install. It might have been caused by the Malware and really needs to be reinstalled.


Click "Start" on the taskbar and then click on "Control Panel".

Doubleclick the "Add or Remove Programs" icon

A list of programs installed will be "populated" this may take a bit of time
.
Uninstall any "Programs" or "Modules" that are related to McAfee. You may have more than one and you may need to reboot in between uninstalls.


Additional instructions can be found here if needed.


When you are finished with that...

Then, you need to run the McAfee Uninstall Tool, available HERE.

Save that to a folder which you can then navigate to and run it.

After it is finished, you should receive a "CleanUp Successful".

Restart the computer.

You will then be ready to either Reinstall McAfee or to install "some other" AV program.

If you need help selecting one, please ask.

And please, tell me how your computer is running now.

Thanks.

Dave

#13 Zebedee

Zebedee
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Suffolk, England
  • Local time:05:32 PM

Posted 25 October 2011 - 04:00 PM

Good evening Dave,

I've run the OTL fix. It would only run in safe mode and I have pasted the log at the end of this post. I have also uninstalled McAfee using Add/Remove programs and run the McAfee Uninstall Tool.

The computer now appears to run slightly faster but the other issues still remain. System restore is still disabled, downloads are blocked in normal mode, I still get the "unresponsive plugin" message, some programs will not run etc etc etc. I have also noticed that Windows Media Player will not work!

Finally, you offer advice on selecting alternative AV software. McAfee came as part of the broadband package from our ISP - BT (British Telecom). We've had it for about 18 months and during that time we have had three or four malware infections. Previously we had no problems whatsoever.

Regards

Zebedee

========== OTL ==========
File C:\WINDOWS\Jquvujepopepacu.dat not found.
File C:\WINDOWS\Sqicaliko.bin not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
HKU\S-1-5-21-1512602942-559049672-3746681627-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1512602942-559049672-3746681627-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== COMMANDS ==========
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.31.0 log created on 10252011_184652

#14 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 26 October 2011 - 05:14 PM

Hi Zebedee

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will not be created

Thanks.

Dave

#15 Zebedee

Zebedee
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Suffolk, England
  • Local time:05:32 PM

Posted 27 October 2011 - 03:21 AM

Hello Dave,

The new OTL logs are pasted below. You will see that I have now installed Avast! AV to replace McAfee for the time being.

Regards

Zebedee

OTL logfile created on: 27/10/2011 09:03:38 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Prince\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.16% Memory free
3.85 Gb Paging File | 3.38 Gb Available in Paging File | 87.86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 105.39 Gb Free Space | 70.71% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 146.66 Gb Free Space | 98.40% Space Free | Partition Type: NTFS

Computer Name: WORKSTATION1 | User Name: Prince | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/26 15:31:09 | 003,495,256 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\Setup\avast.setup
PRC - [2011/10/23 17:01:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Prince\Desktop\OTL.exe
PRC - [2011/10/09 21:26:30 | 000,513,032 | ---- | M] () -- C:\Documents and Settings\Prince\Desktop\sdasetup.exe
PRC - [2011/09/30 16:12:41 | 001,030,200 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/09/29 21:22:22 | 004,611,456 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/09/25 18:59:56 | 000,919,352 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/09/20 15:44:29 | 000,386,944 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SSUPDATE.EXE
PRC - [2011/09/20 15:44:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/08/08 14:15:42 | 000,722,616 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2011/05/10 13:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/09/30 21:10:14 | 000,323,280 | ---- | M] (Napster) -- C:\Program Files\Napster\napster.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 23:32:16 | 004,048,168 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\ManagerApp\UpdateCheck.exe
PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/27 08:54:46 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/10/27 08:54:45 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/10/09 21:26:30 | 000,513,032 | ---- | M] () -- C:\Documents and Settings\Prince\Desktop\sdasetup.exe
MOD - [2011/09/30 16:12:40 | 000,412,728 | ---- | M] () -- C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppgooglenaclpluginchrome.dll
MOD - [2011/09/30 16:12:39 | 003,696,184 | ---- | M] () -- C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
MOD - [2011/09/30 16:11:39 | 000,309,304 | ---- | M] () -- C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\Locales\en-US.dll
MOD - [2011/09/30 16:11:13 | 000,142,568 | ---- | M] () -- C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\avutil-51.dll
MOD - [2011/09/30 16:11:12 | 000,253,320 | ---- | M] () -- C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\avformat-53.dll
MOD - [2011/09/30 16:11:10 | 002,403,240 | ---- | M] () -- C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\avcodec-53.dll
MOD - [2011/09/21 08:55:24 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/09/21 08:55:24 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/07/12 09:27:57 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/05/10 08:44:10 | 000,950,272 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11051000\algo.dll
MOD - [2011/02/23 16:15:02 | 000,190,000 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\Setup\setiface.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/09/25 18:59:56 | 000,919,352 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/09/20 15:44:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/09/01 11:38:54 | 000,337,872 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/08/08 14:15:42 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/05/10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/09/25 19:00:08 | 000,161,936 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/09/25 19:00:08 | 000,070,416 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/09/25 19:00:08 | 000,056,336 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/09/20 15:44:25 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/20 15:44:25 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/08/03 16:36:06 | 000,216,912 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys -- (RapportCerberus_29574)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/05/10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 13:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 12:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/29 18:30:08 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2005/08/18 14:35:00 | 003,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/11/13 18:19:48 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/13 18:18:36 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/13 18:17:00 | 001,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8075

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8075



IE - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: cfxHelper@Triton:1.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {47483980-F685-413A-86F8-AF2E7F9F6F52}:1.9.1
FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6.5


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/09 17:51:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/10/26 15:26:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/10 14:09:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/25 13:42:24 | 000,000,000 | ---D | M]

[2010/07/29 23:21:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Prince\Application Data\Mozilla\Extensions
[2011/10/09 21:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Prince\Application Data\Mozilla\Firefox\Profiles\5uhewi56.default\extensions
[2010/08/12 11:35:07 | 000,000,000 | ---D | M] (Chromifox Extreme) -- C:\Documents and Settings\Prince\Application Data\Mozilla\Firefox\Profiles\5uhewi56.default\extensions\cfxe@Triton
[2010/08/12 11:35:19 | 000,000,000 | ---D | M] (Chromifox Companion) -- C:\Documents and Settings\Prince\Application Data\Mozilla\Firefox\Profiles\5uhewi56.default\extensions\cfxHelper@Triton
[2011/08/12 13:29:11 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Prince\Application Data\Mozilla\Firefox\Profiles\5uhewi56.default\extensions\firefox@tvunetworks.com
[2011/08/13 08:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/09 17:51:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/07 08:01:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/08/13 08:32:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/07/27 22:26:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/10 14:09:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/30 20:10:14 | 000,106,192 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npstrlnk.dll
[2011/10/10 14:09:35 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/10 14:09:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/10 14:09:35 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/10 14:09:35 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/10 14:09:35 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: NapsterLink (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npstrlnk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\WINDOWS\system32\TVUAx\npTVUAx.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_HedgehogInTheFog_v2 = C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg\3\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1125_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Prince\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\

O1 HOSTS File: ([2011/10/21 10:46:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\..\Toolbar\WebBrowser: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007..\Run: [Spyware Doctor with AntiVirus] C:\Documents and Settings\Prince\Desktop\sdasetup.exe ()
O4 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
O15 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1512602942-559049672-3746681627-1007\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8603B23-318E-4C99-A556-F6BA51907EA0}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Prince\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Prince\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/30 14:28:55 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/26 15:27:00 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/10/26 15:27:00 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/10/26 15:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/10/26 15:26:58 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/10/26 15:26:58 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/10/26 15:26:58 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/10/26 15:26:57 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/10/26 15:26:57 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/10/26 15:26:56 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/10/26 15:26:50 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/10/26 15:26:50 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/10/26 15:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/10/26 15:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/10/25 18:54:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/25 18:09:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/23 17:01:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Prince\Desktop\OTL.exe
[2011/10/21 10:38:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/21 10:35:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/21 10:35:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/21 10:35:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/21 10:35:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/21 10:35:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/21 10:32:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/21 10:07:18 | 004,268,137 | R--- | C] (Swearware) -- C:\Documents and Settings\Prince\Desktop\ComboFix.exe
[2011/10/09 21:32:27 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/10/09 21:32:26 | 002,189,264 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/10/09 21:32:26 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/10/09 21:29:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/10/09 21:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/10/09 21:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/10/09 21:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/10/08 19:56:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/10/06 15:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\iolo

========== Files - Modified Within 30 Days ==========

[2011/10/27 08:51:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/27 08:51:25 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/27 08:34:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1512602942-559049672-3746681627-1007UA.job
[2011/10/27 08:24:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1512602942-559049672-3746681627-1008UA.job
[2011/10/26 18:29:40 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Prince\Desktop\Core Workout.xlr
[2011/10/26 18:29:40 | 000,000,404 | ---- | M] () -- C:\Documents and Settings\Prince\Application Data\wklnhst.dat
[2011/10/26 15:27:00 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/10/26 15:26:57 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/10/26 14:24:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1512602942-559049672-3746681627-1008Core.job
[2011/10/26 13:34:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1512602942-559049672-3746681627-1007Core.job
[2011/10/26 01:23:32 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/23 17:01:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Prince\Desktop\OTL.exe
[2011/10/21 10:46:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/21 10:38:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/21 10:07:36 | 004,268,137 | R--- | M] (Swearware) -- C:\Documents and Settings\Prince\Desktop\ComboFix.exe
[2011/10/14 20:38:18 | 000,000,277 | ---- | M] () -- C:\Documents and Settings\Prince\Desktop\D Drive.lnk
[2011/10/13 15:36:52 | 000,175,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/13 09:14:28 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/09 21:26:30 | 000,513,032 | ---- | M] () -- C:\Documents and Settings\Prince\Desktop\sdasetup.exe
[2011/10/06 23:19:14 | 000,000,267 | ---- | M] () -- C:\WINDOWS\SysMech.INI
[2011/10/05 09:30:20 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/05 09:30:19 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\Prince\Desktop\Google Chrome.lnk
[2011/10/03 09:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

========== Files Created - No Company Name ==========

[2011/10/26 15:32:19 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/26 15:27:00 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/10/21 10:38:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/21 10:38:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/21 10:35:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/21 10:35:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/21 10:35:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/21 10:35:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/21 10:35:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/09 21:32:27 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/10/09 21:32:27 | 000,002,125 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2011/10/09 21:32:27 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2011/10/09 21:32:27 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2011/10/09 21:32:27 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2011/10/09 21:27:33 | 000,513,032 | ---- | C] () -- C:\Documents and Settings\Prince\Desktop\sdasetup.exe
[2011/10/06 23:19:14 | 000,000,267 | ---- | C] () -- C:\WINDOWS\SysMech.INI
[2011/07/26 17:26:44 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/03/11 03:37:48 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/28 11:42:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/27 19:27:38 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/07/27 19:27:38 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/07/27 19:27:38 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/07/27 19:27:37 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/07/27 19:27:37 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/07/27 19:27:37 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/07/27 19:27:37 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/07/27 19:27:37 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/07/27 19:27:37 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/07/27 19:27:37 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/07/27 19:27:37 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/07/27 19:27:37 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/07/27 19:27:37 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/07/27 19:27:37 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/07/27 19:27:37 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/07/27 19:27:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/07/27 19:27:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/07/27 19:27:37 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/07/27 19:27:37 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/07/27 19:19:11 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX7400DEFGIPS.ini
[2010/07/13 23:07:01 | 000,156,672 | ---- | C] () -- C:\Documents and Settings\Prince\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/13 22:53:52 | 000,000,404 | ---- | C] () -- C:\Documents and Settings\Prince\Application Data\wklnhst.dat
[2010/07/13 03:45:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/07/13 03:45:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/13 03:45:02 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2010/07/13 03:45:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/13 03:45:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/13 03:44:34 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/07/13 03:44:30 | 000,384,926 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/13 03:44:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010/07/13 03:44:30 | 000,054,484 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/13 03:44:30 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010/07/13 03:44:29 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010/07/13 03:44:29 | 000,000,828 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2010/07/13 03:44:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010/07/13 03:44:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2010/07/13 03:44:11 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010/07/13 03:44:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2010/07/13 03:44:07 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/07/13 03:44:06 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/07/13 03:44:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/07/13 03:44:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/07/13 03:44:06 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/07/13 03:44:06 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/07/13 03:43:59 | 000,175,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/13 03:43:59 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/07/13 03:43:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/13 03:43:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010/07/13 03:43:52 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2010/07/13 03:43:42 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/07/12 22:00:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/12 19:58:45 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Prince\Local Settings\Application Data\fusioncache.dat
[2010/07/12 19:58:30 | 000,041,810 | ---- | C] () -- C:\WINDOWS\System32\compare.dat
[2005/12/31 16:29:02 | 000,160,963 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >



OTL Extras logfile created on: 27/10/2011 09:03:38 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Prince\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.16% Memory free
3.85 Gb Paging File | 3.38 Gb Available in Paging File | 87.86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 105.39 Gb Free Space | 70.71% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 146.66 Gb Free Space | 98.40% Space Free | Partition Type: NTFS

Computer Name: WORKSTATION1 | User Name: Prince | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1512602942-559049672-3746681627-1007\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe:*:Enabled:BT Broadband Desktop Help -- (Alcatel-Lucent)
"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe:*:Enabled:BT Broadband Desktop Help Notifier -- (Alcatel-Lucent)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}" = Visual Studio C++ 9.0 Runtime
"{0ED98038-0885-F902-C419-669ADE471A46}" = ATI Stream SDK v2 Developer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A433AE09-2126-4dad-9CBD-C1B05DC42787}" = Windows Messenger 5.1
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B9060398-FB64-2A4C-C4E6-D1236447E026}" = ATI Catalyst Install Manager
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Broadband Support Tools
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BTHomeHub" = BTHomeHub
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX7300_CX8300_DX7400_DX8400 User’s Guide" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 7.0.1 (x86 en-GB)" = Mozilla Firefox 7.0.1 (x86 en-GB)
"MyTomTom" = MyTomTom 3.0.2.267
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroVision!UninstallKey" = Nero Digital
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVEContent!UninstallKey" = NeroVision Express Content
"PROSet" = Intel® PRO Network Connections Drivers
"QuickTime" = QuickTime
"Veetle TV" = Veetle TV 0.9.18
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = BT Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1512602942-559049672-3746681627-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/10/2011 13:57:22 | Computer Name = WORKSTATION1 | Source = McLogEvent | ID = 5051
Description =

Error - 25/10/2011 14:03:01 | Computer Name = WORKSTATION1 | Source = McLogEvent | ID = 5051
Description =

Error - 25/10/2011 14:09:49 | Computer Name = WORKSTATION1 | Source = McLogEvent | ID = 5051
Description =

Error - 25/10/2011 14:11:22 | Computer Name = WORKSTATION1 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 25/10/2011 14:11:22 | Computer Name = WORKSTATION1 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 25/10/2011 14:38:39 | Computer Name = WORKSTATION1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 7.0.1.4288, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 25/10/2011 14:39:07 | Computer Name = WORKSTATION1 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 25/10/2011 16:47:26 | Computer Name = WORKSTATION1 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 10.0.0.3802, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 25/10/2011 17:58:01 | Computer Name = WORKSTATION1 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/10/2011 09:32:37 | Computer Name = WORKSTATION1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 7.0.1.4288, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 26/10/2011 10:31:33 | Computer Name = WORKSTATION1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 26/10/2011 10:33:31 | Computer Name = WORKSTATION1 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 26/10/2011 10:33:38 | Computer Name = WORKSTATION1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Browser Defender Update
Service service to connect.

Error - 26/10/2011 10:33:38 | Computer Name = WORKSTATION1 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5

Error - 27/10/2011 03:14:33 | Computer Name = WORKSTATION1 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 27/10/2011 03:14:35 | Computer Name = WORKSTATION1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Browser Defender Update
Service service to connect.

Error - 27/10/2011 03:14:35 | Computer Name = WORKSTATION1 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5

Error - 27/10/2011 03:51:50 | Computer Name = WORKSTATION1 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 27/10/2011 03:51:52 | Computer Name = WORKSTATION1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Browser Defender Update
Service service to connect.

Error - 27/10/2011 03:51:52 | Computer Name = WORKSTATION1 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5


< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users