Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Home Security 2012 virus / ping.exe virus / Google redirects


  • This topic is locked This topic is locked
22 replies to this topic

#1 Gallager2014

Gallager2014

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 05 December 2011 - 10:21 PM

A few days a ago I got a warning advising my firewall was disabled followed by a windows screen for XP home security 2012, which I knew was fake. I tried to remove as much of it as possible from the registry. After doing so, ping.exe keeps starting, hogging the cpu and RAM. When I terminate the process, it will restart. When it does, I get a Malwarebytes blocked ip warning for 146.185.250.210, 212, and 213. Also, all attempts to acces google are redirect to other sites. Any help would be greatly appreciated.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Gallager2014 at 19:47:50 on 2011-12-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.977 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Intel\Schedule2\schedul2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
G:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
G:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
G:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
G:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
F:\Program Files\ZuneLauncher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe
C:\Program Files\Common Files\Intel\Schedule2\schedhlp.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ping.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = http=127.0.0.1:63677
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] "e:\program files\steam\Steam.exe" -silent
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "g:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "g:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Zune Launcher] "f:\program files\ZuneLauncher.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DataMigrationSoftwareMonitor.exe] c:\program files\intel\datamigrationsoftware\DataMigrationSoftwareMonitor.exe
mRun: [Intel Scheduler2 Service] "c:\program files\common files\intel\schedule2\schedhlp.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
LSP: mswsock.dll
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://vpn.mtu.edu/vdesk/terminal/urxvpn.cab#version=7000,2010,611,2100
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://vpn.mtu.edu/vdesk/terminal/f5tunsrv.cab#version=7000,2010,611,2051
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://vpn.mtu.edu/vdesk/terminal/InstallerControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267668203250
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} - hxxps://webvpn214.ford.com/+CSCOL+/cscopf.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://vpn.mtu.edu/vdesk/terminal/urxshost.cab#version=7000,2010,611,2044
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://vpn.mtu.edu/vdesk/terminal/urxhost.cab#version=7000,2010,611,2119
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{58594E26-74CC-4685-861A-C7D63FBE6CF8} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 axwhisky;axwhisky;c:\windows\system32\drivers\axwhisky.sys [2003-7-2 5248]
R0 axwskbus;axwskbus;c:\windows\system32\drivers\axwskbus.sys [2003-7-2 124160]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-3-3 343664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\spybot - search & destroy 2\SDHookDrv32.sys [2011-12-4 38504]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 DriverX;DriverX;c:\windows\system32\drivers\DRIVERX.SYS [2010-10-16 234140]
R2 IntSch2Svc;Intel Scheduler2 Service;c:\program files\common files\intel\schedule2\schedul2.exe [2010-11-1 817056]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-4 366152]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2009-10-22 21256]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-8-25 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-10-22 146448]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-10-22 66896]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-3-3 70728]
R2 MySQL5;MySQL5;"g:\program files\mysql\mysql server 5.1\bin\mysqld" --defaults-file="g:\program files\mysql\mysql server 5.1\my.ini" mysql5 --> g:\program files\mysql\mysql server 5.1\bin\mysqld [?]
R2 MySQL51;MySQL51;"g:\program files\mysql\mysql server 5.5\bin\mysqld" --defaults-file="g:\program files\mysql\mysql server 5.5\my.ini" mysql51 --> g:\program files\mysql\mysql server 5.5\bin\mysqld [?]
R2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\spybot - search & destroy 2\SDHookSvc.exe [2011-12-4 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2011-12-4 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2011-12-4 955816]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-4 22216]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-3-3 91672]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-3-3 43288]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [2010-6-11 35448]
S0 EzImage;DPS EzImage;c:\windows\system32\drivers\EzImage.sys [2008-6-23 11088]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2011-3-23 10744]
S3 LAWHCZBOD;LAWHCZBOD;c:\docume~1\gallag~1\locals~1\temp\lawhczbod.exe --> c:\docume~1\gallag~1\locals~1\temp\LAWHCZBOD.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-3-3 65448]
S3 PciCon;PciCon;\??\h:\pcicon.sys --> h:\PciCon.sys [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-6-27 332928]
.
=============== File Associations ===============
.
scrfile="%1" %*
.
=============== Created Last 30 ================
.
2011-12-04 08:10:58 -------- d-----w- c:\documents and settings\gallager2014\application data\Malwarebytes
2011-12-04 08:05:12 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-12-04 08:04:46 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-12-04 08:04:38 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-12-04 08:03:36 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-04 08:03:33 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 08:03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-04 08:02:23 -------- d-----w- c:\documents and settings\gallager2014\application data\SUPERAntiSpyware.com
2011-12-04 08:01:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-04 08:01:58 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-12-04 07:45:40 -------- d-----w- c:\program files\CCleaner
2011-12-03 20:28:46 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2011-11-15 01:15:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
============= FINISH: 19:50:54.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:34 AM

Posted 06 December 2011 - 05:16 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

It looks like you maybe infected with a nasty infection called ZeroAccess.

Please run the following scans;


Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.



NEXT:


OTS Scan
Download OTS to your Desktop
  • Double-click on OTS.exe to start the program. Make sure you close all other programs.
  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Please copy and paste the contents of the OTS report into your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Gallager2014

Gallager2014
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 06 December 2011 - 07:35 PM

Thank you for helping out with this. Does the ZeroAccess virus load itself onto attached thumbdrives? Is it only Windows based?
TDDSKiller did not give a reboot option when it ran. It did find 5 threats. Here are the logs that you requested.

18:40:09.0187 15520 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44

18:40:09.0250 15520 ============================================================

18:40:09.0250 15520 Current date / time: 2011/12/06 18:40:09.0250

18:40:09.0250 15520 SystemInfo:

18:40:09.0250 15520

18:40:09.0250 15520 OS Version: 5.1.2600 ServicePack: 3.0

18:40:09.0250 15520 Product type: Workstation

18:40:09.0250 15520 ComputerName: GALAXY

18:40:09.0250 15520 UserName: Gallager2014

18:40:09.0250 15520 Windows directory: C:\WINDOWS

18:40:09.0250 15520 System windows directory: C:\WINDOWS

18:40:09.0250 15520 Processor architecture: Intel x86

18:40:09.0250 15520 Number of processors: 2

18:40:09.0250 15520 Page size: 0x1000

18:40:09.0250 15520 Boot type: Normal boot

18:40:09.0250 15520 ============================================================

18:40:09.0890 15520 Initialize success

18:40:58.0046 11708 ============================================================

18:40:58.0046 11708 Scan started

18:40:58.0046 11708 Mode: Manual; SigCheck; TDLFS;

18:40:58.0046 11708 ============================================================

18:40:58.0390 11708 Abiosdsk - ok

18:40:58.0406 11708 abp480n5 - ok

18:40:58.0421 11708 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:40:58.0937 11708 ACPI - ok

18:40:58.0953 11708 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

18:40:59.0078 11708 ACPIEC - ok

18:40:59.0093 11708 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys

18:40:59.0203 11708 adfs - ok

18:40:59.0234 11708 adpu160m - ok

18:40:59.0250 11708 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

18:40:59.0359 11708 aec - ok

18:40:59.0375 11708 AFD (019e4406ea95f682d601b4180de098b6) C:\WINDOWS\System32\drivers\afd.sys

18:40:59.0437 11708 AFD ( UnsignedFile.Multi.Generic ) - warning

18:40:59.0437 11708 AFD - detected UnsignedFile.Multi.Generic (1)

18:40:59.0437 11708 Aha154x - ok

18:40:59.0453 11708 aic78u2 - ok

18:40:59.0468 11708 aic78xx - ok

18:40:59.0484 11708 AliIde - ok

18:40:59.0500 11708 amsint - ok

18:40:59.0500 11708 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

18:40:59.0625 11708 Arp1394 - ok

18:40:59.0640 11708 asc - ok

18:40:59.0656 11708 asc3350p - ok

18:40:59.0687 11708 asc3550 - ok

18:40:59.0703 11708 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:40:59.0828 11708 AsyncMac - ok

18:40:59.0828 11708 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

18:40:59.0953 11708 atapi - ok

18:40:59.0953 11708 Atdisk - ok

18:41:00.0015 11708 ati2mtag (15b2fe76e2eceb98c49ed52311a6f26f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

18:41:00.0250 11708 ati2mtag - ok

18:41:00.0265 11708 AtiHdmiService (d9bc8892b9440a2551b8148c57aa039e) C:\WINDOWS\system32\drivers\AtiHdmi.sys

18:41:00.0390 11708 AtiHdmiService - ok

18:41:00.0406 11708 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:41:00.0515 11708 Atmarpc - ok

18:41:00.0531 11708 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

18:41:00.0656 11708 audstub - ok

18:41:00.0687 11708 axwhisky (35a301482478e97be6e1c2748ce930e1) C:\WINDOWS\system32\DRIVERS\axwhisky.sys

18:41:00.0781 11708 axwhisky ( UnsignedFile.Multi.Generic ) - warning

18:41:00.0781 11708 axwhisky - detected UnsignedFile.Multi.Generic (1)

18:41:00.0796 11708 axwskbus (f3b1ce696ccf6448c85e7cdc702098d8) C:\WINDOWS\system32\DRIVERS\axwskbus.sys

18:41:00.0859 11708 axwskbus ( UnsignedFile.Multi.Generic ) - warning

18:41:00.0859 11708 axwskbus - detected UnsignedFile.Multi.Generic (1)

18:41:00.0875 11708 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

18:41:00.0984 11708 Beep - ok

18:41:01.0000 11708 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

18:41:01.0125 11708 cbidf2k - ok

18:41:01.0140 11708 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

18:41:01.0250 11708 CCDECODE - ok

18:41:01.0265 11708 cd20xrnt - ok

18:41:01.0281 11708 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

18:41:01.0390 11708 Cdaudio - ok

18:41:01.0406 11708 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

18:41:01.0531 11708 Cdfs - ok

18:41:01.0546 11708 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:41:01.0671 11708 Cdrom - ok

18:41:01.0687 11708 Changer - ok

18:41:01.0718 11708 CmdIde - ok

18:41:01.0734 11708 Cpqarray - ok

18:41:01.0750 11708 dac2w2k - ok

18:41:01.0765 11708 dac960nt - ok

18:41:01.0781 11708 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

18:41:01.0890 11708 Disk - ok

18:41:01.0921 11708 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

18:41:02.0109 11708 dmboot - ok

18:41:02.0125 11708 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

18:41:02.0234 11708 dmio - ok

18:41:02.0250 11708 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

18:41:02.0375 11708 dmload - ok

18:41:02.0390 11708 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

18:41:02.0500 11708 DMusic - ok

18:41:02.0515 11708 dpti2o - ok

18:41:02.0531 11708 DriverX (d27a3a309da2f9122b64b556a9a2cc71) C:\WINDOWS\System32\drivers\DRIVERX.SYS

18:41:02.0609 11708 DriverX ( UnsignedFile.Multi.Generic ) - warning

18:41:02.0609 11708 DriverX - detected UnsignedFile.Multi.Generic (1)

18:41:02.0625 11708 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

18:41:02.0750 11708 drmkaud - ok

18:41:02.0765 11708 EzImage (f483dfcfab124b75080fd838d1ab7acf) C:\WINDOWS\system32\drivers\ezimage.sys

18:41:02.0890 11708 EzImage ( UnsignedFile.Multi.Generic ) - warning

18:41:02.0890 11708 EzImage - detected UnsignedFile.Multi.Generic (1)

18:41:02.0906 11708 f5ipfw (1bba2dbb1eaa92c4068dfa35c2f22456) C:\WINDOWS\system32\drivers\urfltw2k.sys

18:41:03.0031 11708 f5ipfw - ok

18:41:03.0031 11708 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

18:41:03.0156 11708 Fastfat - ok

18:41:03.0171 11708 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

18:41:03.0296 11708 Fdc - ok

18:41:03.0312 11708 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

18:41:03.0437 11708 Fips - ok

18:41:03.0453 11708 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

18:41:03.0562 11708 Flpydisk - ok

18:41:03.0578 11708 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

18:41:03.0718 11708 FltMgr - ok

18:41:03.0734 11708 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:41:03.0843 11708 Fs_Rec - ok

18:41:03.0859 11708 FTDIBUS (b283f1bc1ff852bd232449a4b3e3ce63) C:\WINDOWS\system32\drivers\ftdibus.sys

18:41:03.0937 11708 FTDIBUS - ok

18:41:03.0953 11708 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:41:04.0156 11708 Ftdisk - ok

18:41:04.0171 11708 FTSER2K (63d72a4cf9f163b59db0ceed940a7d76) C:\WINDOWS\system32\drivers\ftser2k.sys

18:41:04.0250 11708 FTSER2K - ok

18:41:04.0265 11708 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:41:04.0375 11708 Gpc - ok

18:41:04.0390 11708 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

18:41:04.0515 11708 HDAudBus - ok

18:41:04.0531 11708 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:41:04.0656 11708 hidusb - ok

18:41:04.0671 11708 hpn - ok

18:41:04.0687 11708 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

18:41:04.0734 11708 HTTP - ok

18:41:04.0750 11708 i2omgmt - ok

18:41:04.0750 11708 i2omp - ok

18:41:04.0765 11708 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

18:41:04.0875 11708 i8042prt - ok

18:41:04.0890 11708 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

18:41:05.0015 11708 Imapi - ok

18:41:05.0031 11708 ini910u - ok

18:41:05.0109 11708 IntcAzAudAddService (71ae838a88b07268d732f596fc17ced5) C:\WINDOWS\system32\drivers\RtkHDAud.sys

18:41:05.0562 11708 IntcAzAudAddService - ok

18:41:05.0625 11708 IntelIde - ok

18:41:05.0968 11708 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:41:06.0078 11708 intelppm - ok

18:41:06.0171 11708 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

18:41:06.0296 11708 Ip6Fw - ok

18:41:06.0359 11708 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:41:06.0578 11708 IpFilterDriver - ok

18:41:06.0593 11708 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:41:06.0718 11708 IpInIp - ok

18:41:06.0734 11708 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:41:06.0859 11708 IpNat - ok

18:41:06.0875 11708 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:41:07.0000 11708 IPSec - ok

18:41:07.0015 11708 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

18:41:07.0078 11708 IRENUM - ok

18:41:07.0093 11708 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:41:07.0203 11708 isapnp - ok

18:41:07.0218 11708 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:41:07.0343 11708 Kbdclass - ok

18:41:07.0359 11708 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

18:41:07.0484 11708 kmixer - ok

18:41:07.0500 11708 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

18:41:07.0609 11708 KSecDD - ok

18:41:07.0625 11708 lbrtfdc - ok

18:41:07.0703 11708 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

18:41:07.0812 11708 MBAMProtector - ok

18:41:07.0859 11708 mfeapfk (4d81c0e4ed846e9a70b881891a5598ab) C:\WINDOWS\system32\drivers\mfeapfk.sys

18:41:07.0937 11708 mfeapfk - ok

18:41:07.0953 11708 mfeavfk (ff75f47ec2a9ea3e780a9d08daba1276) C:\WINDOWS\system32\drivers\mfeavfk.sys

18:41:08.0031 11708 mfeavfk - ok

18:41:08.0046 11708 mfebopk (5a3b000fdccf826ffb74e76b0474c856) C:\WINDOWS\system32\drivers\mfebopk.sys

18:41:08.0125 11708 mfebopk - ok

18:41:08.0140 11708 mfehidk (8e6b4e55d3a33b92693f7081ec018c39) C:\WINDOWS\system32\drivers\mfehidk.sys

18:41:08.0234 11708 mfehidk - ok

18:41:08.0250 11708 mferkdet (fa097d72a439c3a387fe38a654df44c5) C:\WINDOWS\system32\drivers\mferkdet.sys

18:41:08.0328 11708 mferkdet - ok

18:41:08.0343 11708 mfetdik (a45d0c099a478de5cbd0d6e8466becd5) C:\WINDOWS\system32\drivers\mfetdik.sys

18:41:08.0421 11708 mfetdik - ok

18:41:08.0453 11708 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

18:41:08.0562 11708 mnmdd - ok

18:41:08.0578 11708 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

18:41:08.0750 11708 Modem - ok

18:41:08.0781 11708 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:41:08.0906 11708 Mouclass - ok

18:41:08.0921 11708 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:41:09.0031 11708 mouhid - ok

18:41:09.0046 11708 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

18:41:09.0171 11708 MountMgr - ok

18:41:09.0187 11708 mraid35x - ok

18:41:09.0203 11708 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:41:09.0312 11708 MRxDAV - ok

18:41:09.0328 11708 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:41:09.0484 11708 MRxSmb - ok

18:41:09.0515 11708 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

18:41:09.0625 11708 Msfs - ok

18:41:09.0640 11708 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:41:09.0765 11708 MSKSSRV - ok

18:41:09.0781 11708 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:41:09.0906 11708 MSPCLOCK - ok

18:41:09.0921 11708 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

18:41:10.0031 11708 MSPQM - ok

18:41:10.0046 11708 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:41:10.0171 11708 mssmbios - ok

18:41:10.0187 11708 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

18:41:10.0296 11708 MSTEE - ok

18:41:10.0312 11708 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

18:41:10.0343 11708 MTsensor - ok

18:41:10.0359 11708 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

18:41:10.0437 11708 Mup - ok

18:41:10.0468 11708 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

18:41:10.0593 11708 NABTSFEC - ok

18:41:10.0609 11708 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

18:41:10.0734 11708 NDIS - ok

18:41:10.0750 11708 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

18:41:10.0859 11708 NdisIP - ok

18:41:10.0875 11708 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:41:10.0953 11708 NdisTapi - ok

18:41:10.0968 11708 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:41:11.0078 11708 Ndisuio - ok

18:41:11.0093 11708 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:41:11.0218 11708 NdisWan - ok

18:41:11.0234 11708 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

18:41:11.0312 11708 NDProxy - ok

18:41:11.0328 11708 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

18:41:11.0437 11708 NetBIOS - ok

18:41:11.0453 11708 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

18:41:11.0578 11708 NetBT - ok

18:41:11.0609 11708 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

18:41:11.0734 11708 NIC1394 - ok

18:41:11.0750 11708 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

18:41:11.0875 11708 Npfs - ok

18:41:11.0890 11708 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

18:41:12.0031 11708 Ntfs - ok

18:41:12.0046 11708 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

18:41:12.0171 11708 Null - ok

18:41:12.0187 11708 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:41:12.0281 11708 NwlnkFlt - ok

18:41:12.0296 11708 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:41:12.0421 11708 NwlnkFwd - ok

18:41:12.0437 11708 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

18:41:12.0546 11708 ohci1394 - ok

18:41:12.0578 11708 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

18:41:12.0703 11708 Parport - ok

18:41:12.0718 11708 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

18:41:12.0812 11708 PartMgr - ok

18:41:12.0828 11708 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

18:41:12.0937 11708 ParVdm - ok

18:41:12.0953 11708 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

18:41:13.0078 11708 PCI - ok

18:41:13.0078 11708 PciCon - ok

18:41:13.0093 11708 PCIDump - ok

18:41:13.0109 11708 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

18:41:13.0234 11708 PCIIde - ok

18:41:13.0250 11708 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

18:41:13.0359 11708 Pcmcia - ok

18:41:13.0375 11708 PDCOMP - ok

18:41:13.0390 11708 PDFRAME - ok

18:41:13.0406 11708 PDRELI - ok

18:41:13.0421 11708 PDRFRAME - ok

18:41:13.0437 11708 perc2 - ok

18:41:13.0453 11708 perc2hib - ok

18:41:13.0500 11708 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:41:13.0625 11708 PptpMiniport - ok

18:41:13.0640 11708 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

18:41:13.0765 11708 PSched - ok

18:41:13.0781 11708 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:41:13.0890 11708 Ptilink - ok

18:41:13.0906 11708 ql1080 - ok

18:41:13.0921 11708 Ql10wnt - ok

18:41:13.0937 11708 ql12160 - ok

18:41:13.0953 11708 ql1240 - ok

18:41:13.0968 11708 ql1280 - ok

18:41:13.0984 11708 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:41:14.0109 11708 RasAcd - ok

18:41:14.0125 11708 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:41:14.0234 11708 Rasl2tp - ok

18:41:14.0265 11708 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:41:14.0375 11708 RasPppoe - ok

18:41:14.0390 11708 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

18:41:14.0500 11708 Raspti - ok

18:41:14.0515 11708 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:41:14.0640 11708 Rdbss - ok

18:41:14.0656 11708 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:41:14.0765 11708 RDPCDD - ok

18:41:14.0796 11708 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

18:41:14.0906 11708 rdpdr - ok

18:41:14.0921 11708 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

18:41:15.0078 11708 RDPWD - ok

18:41:15.0093 11708 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

18:41:15.0218 11708 redbook - ok

18:41:15.0250 11708 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys

18:41:15.0328 11708 RimUsb - ok

18:41:15.0359 11708 RTLWUSB (5a850259b849a899990379a75460a4eb) C:\WINDOWS\system32\DRIVERS\RTL8187.sys

18:41:15.0500 11708 RTLWUSB - ok

18:41:15.0515 11708 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

18:41:15.0593 11708 SASDIFSV - ok

18:41:15.0593 11708 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

18:41:15.0671 11708 SASKUTIL - ok

18:41:15.0703 11708 SDHookDriver (47dd7bb6b72a5f49e01f53597bcaeac7) C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys

18:41:15.0781 11708 SDHookDriver - ok

18:41:15.0828 11708 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:41:15.0890 11708 Secdrv - ok

18:41:15.0921 11708 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

18:41:16.0046 11708 serenum - ok

18:41:16.0062 11708 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

18:41:16.0171 11708 Serial - ok

18:41:16.0218 11708 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

18:41:16.0328 11708 Sfloppy - ok

18:41:16.0359 11708 Simbad - ok

18:41:16.0375 11708 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

18:41:16.0484 11708 SLIP - ok

18:41:16.0515 11708 snapman (2676ef0898dec288a34a5a99d6d9502e) C:\WINDOWS\system32\DRIVERS\snapman.sys

18:41:16.0593 11708 snapman - ok

18:41:16.0609 11708 Sparrow - ok

18:41:16.0640 11708 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

18:41:16.0750 11708 splitter - ok

18:41:16.0796 11708 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

18:41:16.0859 11708 sr - ok

18:41:16.0890 11708 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

18:41:16.0968 11708 Srv - ok

18:41:17.0000 11708 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

18:41:17.0109 11708 streamip - ok

18:41:17.0140 11708 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

18:41:17.0250 11708 swenum - ok

18:41:17.0265 11708 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

18:41:17.0375 11708 swmidi - ok

18:41:17.0406 11708 symc810 - ok

18:41:17.0421 11708 symc8xx - ok

18:41:17.0437 11708 sym_hi - ok

18:41:17.0453 11708 sym_u3 - ok

18:41:17.0484 11708 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

18:41:17.0593 11708 sysaudio - ok

18:41:17.0625 11708 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:41:17.0687 11708 Tcpip - ok

18:41:17.0703 11708 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

18:41:17.0812 11708 TDPIPE - ok

18:41:17.0843 11708 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

18:41:17.0953 11708 TDTCP - ok

18:41:17.0968 11708 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

18:41:18.0093 11708 TermDD - ok

18:41:18.0140 11708 TosIde - ok

18:41:18.0171 11708 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

18:41:18.0281 11708 Udfs - ok

18:41:18.0312 11708 ultra - ok

18:41:18.0328 11708 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

18:41:18.0453 11708 Update - ok

18:41:18.0500 11708 urvpndrv (01ebd235c3bb80d315ed13f4ca50f61b) C:\WINDOWS\system32\DRIVERS\covpndrv.sys

18:41:18.0609 11708 urvpndrv - ok

18:41:18.0625 11708 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

18:41:18.0750 11708 usbaudio - ok

18:41:18.0765 11708 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:41:18.0875 11708 usbccgp - ok

18:41:18.0906 11708 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:41:19.0015 11708 usbehci - ok

18:41:19.0031 11708 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:41:19.0140 11708 usbhub - ok

18:41:19.0156 11708 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:41:19.0281 11708 usbscan - ok

18:41:19.0296 11708 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys

18:41:19.0406 11708 usbser - ok

18:41:19.0421 11708 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:41:19.0531 11708 USBSTOR - ok

18:41:19.0546 11708 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

18:41:19.0671 11708 usbuhci - ok

18:41:19.0703 11708 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

18:41:19.0812 11708 usbvideo - ok

18:41:19.0828 11708 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

18:41:19.0937 11708 VgaSave - ok

18:41:19.0968 11708 ViaIde - ok

18:41:19.0984 11708 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

18:41:20.0093 11708 VolSnap - ok

18:41:20.0140 11708 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:41:20.0250 11708 Wanarp - ok

18:41:20.0281 11708 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

18:41:20.0421 11708 Wdf01000 - ok

18:41:20.0437 11708 WDICA - ok

18:41:20.0453 11708 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

18:41:20.0578 11708 wdmaud - ok

18:41:20.0656 11708 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys

18:41:20.0750 11708 WinUSB - ok

18:41:20.0828 11708 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

18:41:20.0921 11708 WSTCODEC - ok

18:41:20.0953 11708 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

18:41:21.0078 11708 WudfPf - ok

18:41:21.0093 11708 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

18:41:21.0125 11708 WudfRd - ok

18:41:21.0171 11708 yukonwxp (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

18:41:21.0265 11708 yukonwxp - ok

18:41:21.0281 11708 zumbus (6bfb54f73aae470e9299e66cbc7bb632) C:\WINDOWS\system32\DRIVERS\zumbus.sys

18:41:21.0375 11708 zumbus - ok

18:41:21.0453 11708 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

18:41:21.0687 11708 \Device\Harddisk0\DR0 - ok

18:41:21.0687 11708 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

18:41:21.0750 11708 \Device\Harddisk1\DR1 - ok

18:41:21.0750 11708 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2

18:41:21.0828 11708 \Device\Harddisk2\DR2 - ok

18:41:21.0828 11708 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3

18:41:21.0875 11708 \Device\Harddisk3\DR3 - ok

18:41:21.0875 11708 Boot (0x1200) (16228e126ae9c662f015781fdda4a5d2) \Device\Harddisk0\DR0\Partition0

18:41:21.0890 11708 \Device\Harddisk0\DR0\Partition0 - ok

18:41:21.0906 11708 Boot (0x1200) (bbfe09df3b917b0cc9e2f459adef1a19) \Device\Harddisk0\DR0\Partition1

18:41:21.0906 11708 \Device\Harddisk0\DR0\Partition1 - ok

18:41:21.0906 11708 Boot (0x1200) (e21374c2790a9acd80600d991d605ddb) \Device\Harddisk1\DR1\Partition0

18:41:21.0906 11708 \Device\Harddisk1\DR1\Partition0 - ok

18:41:21.0921 11708 Boot (0x1200) (63480e7a3026b00aa33dfbd13d315bf6) \Device\Harddisk2\DR2\Partition0

18:41:21.0921 11708 \Device\Harddisk2\DR2\Partition0 - ok

18:41:21.0921 11708 Boot (0x1200) (7cefb4fa639d4018f68804be4eb32e24) \Device\Harddisk2\DR2\Partition1

18:41:21.0921 11708 \Device\Harddisk2\DR2\Partition1 - ok

18:41:21.0921 11708 Boot (0x1200) (15d37fd85acc9c9fafce233dc55ae78a) \Device\Harddisk3\DR3\Partition0

18:41:21.0921 11708 \Device\Harddisk3\DR3\Partition0 - ok

18:41:21.0921 11708 ============================================================

18:41:21.0921 11708 Scan finished

18:41:21.0921 11708 ============================================================

18:41:22.0031 12652 Detected object count: 5

18:41:22.0031 12652 Actual detected object count: 5

18:43:45.0468 12652 AFD ( UnsignedFile.Multi.Generic ) - skipped by user

18:43:45.0468 12652 AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:43:45.0468 12652 axwhisky ( UnsignedFile.Multi.Generic ) - skipped by user

18:43:45.0468 12652 axwhisky ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:43:45.0468 12652 axwskbus ( UnsignedFile.Multi.Generic ) - skipped by user

18:43:45.0468 12652 axwskbus ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:43:45.0468 12652 DriverX ( UnsignedFile.Multi.Generic ) - skipped by user

18:43:45.0468 12652 DriverX ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:43:45.0468 12652 EzImage ( UnsignedFile.Multi.Generic ) - skipped by user

18:43:45.0468 12652 EzImage ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:44:21.0640 16164 ============================================================

18:44:21.0640 16164 Scan started

18:44:21.0640 16164 Mode: Manual; SigCheck; TDLFS;

18:44:21.0640 16164 ============================================================

18:44:21.0843 16164 Abiosdsk - ok

18:44:21.0859 16164 abp480n5 - ok

18:44:21.0875 16164 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:44:22.0093 16164 ACPI - ok

18:44:22.0109 16164 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

18:44:22.0218 16164 ACPIEC - ok

18:44:22.0234 16164 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys

18:44:22.0250 16164 adfs - ok

18:44:22.0265 16164 adpu160m - ok

18:44:22.0265 16164 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

18:44:22.0390 16164 aec - ok

18:44:22.0406 16164 AFD (019e4406ea95f682d601b4180de098b6) C:\WINDOWS\System32\drivers\afd.sys

18:44:22.0406 16164 AFD ( UnsignedFile.Multi.Generic ) - warning

18:44:22.0406 16164 AFD - detected UnsignedFile.Multi.Generic (1)

18:44:22.0406 16164 Aha154x - ok

18:44:22.0421 16164 aic78u2 - ok

18:44:22.0437 16164 aic78xx - ok

18:44:22.0453 16164 AliIde - ok

18:44:22.0453 16164 amsint - ok

18:44:22.0468 16164 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

18:44:22.0578 16164 Arp1394 - ok

18:44:22.0593 16164 asc - ok

18:44:22.0609 16164 asc3350p - ok

18:44:22.0609 16164 asc3550 - ok

18:44:22.0640 16164 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:44:22.0750 16164 AsyncMac - ok

18:44:22.0765 16164 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

18:44:22.0875 16164 atapi - ok

18:44:22.0890 16164 Atdisk - ok

18:44:22.0937 16164 ati2mtag (15b2fe76e2eceb98c49ed52311a6f26f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

18:44:23.0187 16164 ati2mtag - ok

18:44:23.0265 16164 AtiHdmiService (d9bc8892b9440a2551b8148c57aa039e) C:\WINDOWS\system32\drivers\AtiHdmi.sys

18:44:23.0296 16164 AtiHdmiService - ok

18:44:23.0703 16164 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:44:23.0812 16164 Atmarpc - ok

18:44:23.0875 16164 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

18:44:23.0984 16164 audstub - ok

18:44:24.0000 16164 axwhisky (35a301482478e97be6e1c2748ce930e1) C:\WINDOWS\system32\DRIVERS\axwhisky.sys

18:44:24.0000 16164 axwhisky ( UnsignedFile.Multi.Generic ) - warning

18:44:24.0000 16164 axwhisky - detected UnsignedFile.Multi.Generic (1)

18:44:24.0000 16164 axwskbus (f3b1ce696ccf6448c85e7cdc702098d8) C:\WINDOWS\system32\DRIVERS\axwskbus.sys

18:44:24.0015 16164 axwskbus ( UnsignedFile.Multi.Generic ) - warning

18:44:24.0015 16164 axwskbus - detected UnsignedFile.Multi.Generic (1)

18:44:24.0031 16164 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

18:44:24.0140 16164 Beep - ok

18:44:24.0156 16164 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

18:44:24.0265 16164 cbidf2k - ok

18:44:24.0281 16164 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

18:44:24.0390 16164 CCDECODE - ok

18:44:24.0406 16164 cd20xrnt - ok

18:44:24.0406 16164 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

18:44:24.0515 16164 Cdaudio - ok

18:44:24.0531 16164 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

18:44:24.0656 16164 Cdfs - ok

18:44:24.0671 16164 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:44:24.0687 16164 Cdrom - ok

18:44:24.0703 16164 Changer - ok

18:44:24.0718 16164 CmdIde - ok

18:44:24.0734 16164 Cpqarray - ok

18:44:24.0750 16164 dac2w2k - ok

18:44:24.0765 16164 dac960nt - ok

18:44:24.0765 16164 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

18:44:24.0890 16164 Disk - ok

18:44:24.0906 16164 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

18:44:25.0031 16164 dmboot - ok

18:44:25.0046 16164 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

18:44:25.0171 16164 dmio - ok

18:44:25.0171 16164 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

18:44:25.0281 16164 dmload - ok

18:44:25.0296 16164 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

18:44:25.0406 16164 DMusic - ok

18:44:25.0421 16164 dpti2o - ok

18:44:25.0437 16164 DriverX (d27a3a309da2f9122b64b556a9a2cc71) C:\WINDOWS\System32\drivers\DRIVERX.SYS

18:44:25.0437 16164 DriverX ( UnsignedFile.Multi.Generic ) - warning

18:44:25.0437 16164 DriverX - detected UnsignedFile.Multi.Generic (1)

18:44:25.0453 16164 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

18:44:25.0562 16164 drmkaud - ok

18:44:25.0578 16164 EzImage (f483dfcfab124b75080fd838d1ab7acf) C:\WINDOWS\system32\drivers\ezimage.sys

18:44:25.0593 16164 EzImage ( UnsignedFile.Multi.Generic ) - warning

18:44:25.0593 16164 EzImage - detected UnsignedFile.Multi.Generic (1)

18:44:25.0593 16164 f5ipfw (1bba2dbb1eaa92c4068dfa35c2f22456) C:\WINDOWS\system32\drivers\urfltw2k.sys

18:44:25.0609 16164 f5ipfw - ok

18:44:25.0625 16164 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

18:44:25.0750 16164 Fastfat - ok

18:44:25.0750 16164 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

18:44:25.0890 16164 Fdc - ok

18:44:25.0906 16164 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

18:44:26.0015 16164 Fips - ok

18:44:26.0031 16164 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

18:44:26.0140 16164 Flpydisk - ok

18:44:26.0156 16164 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

18:44:26.0265 16164 FltMgr - ok

18:44:26.0281 16164 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:44:26.0390 16164 Fs_Rec - ok

18:44:26.0406 16164 FTDIBUS (b283f1bc1ff852bd232449a4b3e3ce63) C:\WINDOWS\system32\drivers\ftdibus.sys

18:44:26.0421 16164 FTDIBUS - ok

18:44:26.0437 16164 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:44:26.0546 16164 Ftdisk - ok

18:44:26.0562 16164 FTSER2K (63d72a4cf9f163b59db0ceed940a7d76) C:\WINDOWS\system32\drivers\ftser2k.sys

18:44:26.0578 16164 FTSER2K - ok

18:44:26.0593 16164 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:44:26.0703 16164 Gpc - ok

18:44:26.0703 16164 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

18:44:26.0812 16164 HDAudBus - ok

18:44:26.0843 16164 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:44:27.0015 16164 hidusb - ok

18:44:27.0015 16164 hpn - ok

18:44:27.0031 16164 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

18:44:27.0062 16164 HTTP - ok

18:44:27.0078 16164 i2omgmt - ok

18:44:27.0078 16164 i2omp - ok

18:44:27.0093 16164 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

18:44:27.0203 16164 i8042prt - ok

18:44:27.0218 16164 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

18:44:27.0328 16164 Imapi - ok

18:44:27.0343 16164 ini910u - ok

18:44:27.0406 16164 IntcAzAudAddService (71ae838a88b07268d732f596fc17ced5) C:\WINDOWS\system32\drivers\RtkHDAud.sys

18:44:27.0734 16164 IntcAzAudAddService - ok

18:44:27.0781 16164 IntelIde - ok

18:44:28.0125 16164 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:44:28.0250 16164 intelppm - ok

18:44:28.0296 16164 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

18:44:28.0406 16164 Ip6Fw - ok

18:44:28.0484 16164 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:44:28.0609 16164 IpFilterDriver - ok

18:44:28.0609 16164 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:44:28.0734 16164 IpInIp - ok

18:44:28.0734 16164 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:44:28.0843 16164 IpNat - ok

18:44:28.0859 16164 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:44:28.0968 16164 IPSec - ok

18:44:28.0984 16164 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

18:44:29.0046 16164 IRENUM - ok

18:44:29.0062 16164 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:44:29.0171 16164 isapnp - ok

18:44:29.0171 16164 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:44:29.0281 16164 Kbdclass - ok

18:44:29.0296 16164 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

18:44:29.0406 16164 kmixer - ok

18:44:29.0421 16164 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

18:44:29.0437 16164 KSecDD - ok

18:44:29.0468 16164 lbrtfdc - ok

18:44:29.0484 16164 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

18:44:29.0500 16164 MBAMProtector - ok

18:44:29.0531 16164 mfeapfk (4d81c0e4ed846e9a70b881891a5598ab) C:\WINDOWS\system32\drivers\mfeapfk.sys

18:44:29.0546 16164 mfeapfk - ok

18:44:29.0562 16164 mfeavfk (ff75f47ec2a9ea3e780a9d08daba1276) C:\WINDOWS\system32\drivers\mfeavfk.sys

18:44:29.0578 16164 mfeavfk - ok

18:44:29.0593 16164 mfebopk (5a3b000fdccf826ffb74e76b0474c856) C:\WINDOWS\system32\drivers\mfebopk.sys

18:44:29.0625 16164 mfebopk - ok

18:44:29.0640 16164 mfehidk (8e6b4e55d3a33b92693f7081ec018c39) C:\WINDOWS\system32\drivers\mfehidk.sys

18:44:29.0671 16164 mfehidk - ok

18:44:29.0671 16164 mferkdet (fa097d72a439c3a387fe38a654df44c5) C:\WINDOWS\system32\drivers\mferkdet.sys

18:44:29.0703 16164 mferkdet - ok

18:44:29.0718 16164 mfetdik (a45d0c099a478de5cbd0d6e8466becd5) C:\WINDOWS\system32\drivers\mfetdik.sys

18:44:29.0750 16164 mfetdik - ok

18:44:29.0750 16164 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

18:44:29.0859 16164 mnmdd - ok

18:44:29.0875 16164 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

18:44:29.0984 16164 Modem - ok

18:44:30.0000 16164 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:44:30.0109 16164 Mouclass - ok

18:44:30.0109 16164 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:44:30.0234 16164 mouhid - ok

18:44:30.0234 16164 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

18:44:30.0359 16164 MountMgr - ok

18:44:30.0359 16164 mraid35x - ok

18:44:30.0375 16164 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:44:30.0484 16164 MRxDAV - ok

18:44:30.0500 16164 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:44:30.0531 16164 MRxSmb - ok

18:44:30.0562 16164 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

18:44:30.0671 16164 Msfs - ok

18:44:30.0687 16164 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:44:30.0796 16164 MSKSSRV - ok

18:44:30.0812 16164 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:44:30.0921 16164 MSPCLOCK - ok

18:44:30.0937 16164 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

18:44:31.0046 16164 MSPQM - ok

18:44:31.0062 16164 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:44:31.0156 16164 mssmbios - ok

18:44:31.0171 16164 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

18:44:31.0281 16164 MSTEE - ok

18:44:31.0296 16164 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

18:44:31.0328 16164 MTsensor - ok

18:44:31.0328 16164 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

18:44:31.0359 16164 Mup - ok

18:44:31.0375 16164 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

18:44:31.0484 16164 NABTSFEC - ok

18:44:31.0500 16164 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

18:44:31.0609 16164 NDIS - ok

18:44:31.0609 16164 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

18:44:31.0734 16164 NdisIP - ok

18:44:31.0734 16164 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:44:31.0765 16164 NdisTapi - ok

18:44:31.0765 16164 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:44:31.0875 16164 Ndisuio - ok

18:44:31.0890 16164 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:44:32.0000 16164 NdisWan - ok

18:44:32.0015 16164 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

18:44:32.0031 16164 NDProxy - ok

18:44:32.0046 16164 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

18:44:32.0156 16164 NetBIOS - ok

18:44:32.0171 16164 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

18:44:32.0281 16164 NetBT - ok

18:44:32.0343 16164 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

18:44:32.0453 16164 NIC1394 - ok

18:44:32.0500 16164 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

18:44:32.0609 16164 Npfs - ok

18:44:32.0906 16164 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

18:44:33.0078 16164 Ntfs - ok

18:44:33.0156 16164 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

18:44:33.0265 16164 Null - ok

18:44:33.0312 16164 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:44:33.0421 16164 NwlnkFlt - ok

18:44:33.0515 16164 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:44:33.0625 16164 NwlnkFwd - ok

18:44:33.0640 16164 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

18:44:33.0750 16164 ohci1394 - ok

18:44:33.0781 16164 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

18:44:33.0875 16164 Parport - ok

18:44:33.0890 16164 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

18:44:33.0984 16164 PartMgr - ok

18:44:34.0000 16164 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

18:44:34.0109 16164 ParVdm - ok

18:44:34.0125 16164 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

18:44:34.0234 16164 PCI - ok

18:44:34.0234 16164 PciCon - ok

18:44:34.0250 16164 PCIDump - ok

18:44:34.0265 16164 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

18:44:34.0359 16164 PCIIde - ok

18:44:34.0375 16164 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

18:44:34.0484 16164 Pcmcia - ok

18:44:34.0500 16164 PDCOMP - ok

18:44:34.0500 16164 PDFRAME - ok

18:44:34.0515 16164 PDRELI - ok

18:44:34.0531 16164 PDRFRAME - ok

18:44:34.0546 16164 perc2 - ok

18:44:34.0562 16164 perc2hib - ok

18:44:34.0609 16164 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:44:34.0718 16164 PptpMiniport - ok

18:44:34.0734 16164 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

18:44:34.0843 16164 PSched - ok

18:44:34.0859 16164 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:44:34.0953 16164 Ptilink - ok

18:44:34.0968 16164 ql1080 - ok

18:44:34.0984 16164 Ql10wnt - ok

18:44:35.0000 16164 ql12160 - ok

18:44:35.0015 16164 ql1240 - ok

18:44:35.0015 16164 ql1280 - ok

18:44:35.0031 16164 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:44:35.0140 16164 RasAcd - ok

18:44:35.0156 16164 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:44:35.0265 16164 Rasl2tp - ok

18:44:35.0296 16164 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:44:35.0390 16164 RasPppoe - ok

18:44:35.0406 16164 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

18:44:35.0515 16164 Raspti - ok

18:44:35.0531 16164 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:44:35.0640 16164 Rdbss - ok

18:44:35.0656 16164 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:44:35.0765 16164 RDPCDD - ok

18:44:35.0781 16164 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

18:44:35.0875 16164 rdpdr - ok

18:44:35.0906 16164 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

18:44:35.0921 16164 RDPWD - ok

18:44:35.0937 16164 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

18:44:36.0046 16164 redbook - ok

18:44:36.0062 16164 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys

18:44:36.0093 16164 RimUsb - ok

18:44:36.0125 16164 RTLWUSB (5a850259b849a899990379a75460a4eb) C:\WINDOWS\system32\DRIVERS\RTL8187.sys

18:44:36.0156 16164 RTLWUSB - ok

18:44:36.0156 16164 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

18:44:36.0187 16164 SASDIFSV - ok

18:44:36.0187 16164 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

18:44:36.0218 16164 SASKUTIL - ok

18:44:36.0234 16164 SDHookDriver (47dd7bb6b72a5f49e01f53597bcaeac7) C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys

18:44:36.0250 16164 SDHookDriver - ok

18:44:36.0281 16164 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:44:36.0343 16164 Secdrv - ok

18:44:36.0375 16164 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

18:44:36.0484 16164 serenum - ok

18:44:36.0500 16164 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

18:44:36.0609 16164 Serial - ok

18:44:36.0640 16164 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

18:44:36.0750 16164 Sfloppy - ok

18:44:36.0781 16164 Simbad - ok

18:44:36.0781 16164 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

18:44:36.0890 16164 SLIP - ok

18:44:36.0906 16164 snapman (2676ef0898dec288a34a5a99d6d9502e) C:\WINDOWS\system32\DRIVERS\snapman.sys

18:44:36.0937 16164 snapman - ok

18:44:36.0953 16164 Sparrow - ok

18:44:36.0968 16164 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

18:44:37.0078 16164 splitter - ok

18:44:37.0093 16164 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

18:44:37.0156 16164 sr - ok

18:44:37.0187 16164 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

18:44:37.0218 16164 Srv - ok

18:44:37.0250 16164 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

18:44:37.0343 16164 streamip - ok

18:44:37.0359 16164 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

18:44:37.0468 16164 swenum - ok

18:44:37.0484 16164 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

18:44:37.0593 16164 swmidi - ok

18:44:37.0625 16164 symc810 - ok

18:44:37.0625 16164 symc8xx - ok

18:44:37.0640 16164 sym_hi - ok

18:44:37.0656 16164 sym_u3 - ok

18:44:37.0671 16164 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

18:44:37.0796 16164 sysaudio - ok

18:44:37.0828 16164 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:44:37.0859 16164 Tcpip - ok

18:44:37.0875 16164 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

18:44:37.0984 16164 TDPIPE - ok

18:44:37.0984 16164 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

18:44:38.0093 16164 TDTCP - ok

18:44:38.0109 16164 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

18:44:38.0218 16164 TermDD - ok

18:44:38.0250 16164 TosIde - ok

18:44:38.0281 16164 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

18:44:38.0390 16164 Udfs - ok

18:44:38.0406 16164 ultra - ok

18:44:38.0421 16164 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

18:44:38.0546 16164 Update - ok

18:44:38.0562 16164 urvpndrv (01ebd235c3bb80d315ed13f4ca50f61b) C:\WINDOWS\system32\DRIVERS\covpndrv.sys

18:44:38.0593 16164 urvpndrv - ok

18:44:38.0609 16164 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

18:44:38.0703 16164 usbaudio - ok

18:44:38.0718 16164 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:44:38.0843 16164 usbccgp - ok

18:44:38.0843 16164 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:44:38.0953 16164 usbehci - ok

18:44:38.0968 16164 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:44:39.0078 16164 usbhub - ok

18:44:39.0093 16164 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:44:39.0203 16164 usbscan - ok

18:44:39.0218 16164 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys

18:44:39.0328 16164 usbser - ok

18:44:39.0343 16164 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:44:39.0453 16164 USBSTOR - ok

18:44:39.0468 16164 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

18:44:39.0562 16164 usbuhci - ok

18:44:39.0578 16164 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

18:44:39.0687 16164 usbvideo - ok

18:44:39.0703 16164 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

18:44:39.0812 16164 VgaSave - ok

18:44:39.0828 16164 ViaIde - ok

18:44:39.0843 16164 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

18:44:39.0953 16164 VolSnap - ok

18:44:39.0984 16164 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:44:40.0093 16164 Wanarp - ok

18:44:40.0109 16164 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

18:44:40.0140 16164 Wdf01000 - ok

18:44:40.0156 16164 WDICA - ok

18:44:40.0171 16164 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

18:44:40.0281 16164 wdmaud - ok

18:44:40.0328 16164 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys

18:44:40.0343 16164 WinUSB - ok

18:44:40.0421 16164 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

18:44:40.0531 16164 WSTCODEC - ok

18:44:40.0546 16164 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

18:44:40.0562 16164 WudfPf - ok

18:44:40.0578 16164 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

18:44:40.0609 16164 WudfRd - ok

18:44:40.0640 16164 yukonwxp (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

18:44:40.0671 16164 yukonwxp - ok

18:44:40.0687 16164 zumbus (6bfb54f73aae470e9299e66cbc7bb632) C:\WINDOWS\system32\DRIVERS\zumbus.sys

18:44:40.0718 16164 zumbus - ok

18:44:40.0765 16164 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

18:44:40.0984 16164 \Device\Harddisk0\DR0 - ok

18:44:40.0984 16164 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

18:44:41.0031 16164 \Device\Harddisk1\DR1 - ok

18:44:41.0031 16164 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2

18:44:41.0062 16164 \Device\Harddisk2\DR2 - ok

18:44:41.0062 16164 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3

18:44:41.0078 16164 \Device\Harddisk3\DR3 - ok

18:44:41.0078 16164 Boot (0x1200) (16228e126ae9c662f015781fdda4a5d2) \Device\Harddisk0\DR0\Partition0

18:44:41.0093 16164 \Device\Harddisk0\DR0\Partition0 - ok

18:44:41.0093 16164 Boot (0x1200) (bbfe09df3b917b0cc9e2f459adef1a19) \Device\Harddisk0\DR0\Partition1

18:44:41.0093 16164 \Device\Harddisk0\DR0\Partition1 - ok

18:44:41.0093 16164 Boot (0x1200) (e21374c2790a9acd80600d991d605ddb) \Device\Harddisk1\DR1\Partition0

18:44:41.0093 16164 \Device\Harddisk1\DR1\Partition0 - ok

18:44:41.0093 16164 Boot (0x1200) (63480e7a3026b00aa33dfbd13d315bf6) \Device\Harddisk2\DR2\Partition0

18:44:41.0093 16164 \Device\Harddisk2\DR2\Partition0 - ok

18:44:41.0093 16164 Boot (0x1200) (7cefb4fa639d4018f68804be4eb32e24) \Device\Harddisk2\DR2\Partition1

18:44:41.0093 16164 \Device\Harddisk2\DR2\Partition1 - ok

18:44:41.0093 16164 Boot (0x1200) (15d37fd85acc9c9fafce233dc55ae78a) \Device\Harddisk3\DR3\Partition0

18:44:41.0093 16164 \Device\Harddisk3\DR3\Partition0 - ok

18:44:41.0093 16164 ============================================================

18:44:41.0093 16164 Scan finished

18:44:41.0093 16164 ============================================================

18:44:41.0109 10984 Detected object count: 5

18:44:41.0109 10984 Actual detected object count: 5

18:45:07.0796 10984 AFD ( UnsignedFile.Multi.Generic ) - skipped by user

18:45:07.0796 10984 AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:45:07.0796 10984 axwhisky ( UnsignedFile.Multi.Generic ) - skipped by user

18:45:07.0796 10984 axwhisky ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:45:07.0796 10984 axwskbus ( UnsignedFile.Multi.Generic ) - skipped by user

18:45:07.0796 10984 axwskbus ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:45:07.0796 10984 DriverX ( UnsignedFile.Multi.Generic ) - skipped by user

18:45:07.0796 10984 DriverX ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:45:07.0796 10984 EzImage ( UnsignedFile.Multi.Generic ) - skipped by user

18:45:07.0796 10984 EzImage ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:47:09.0750 14396 Deinitialize success



OTS:

OTS logfile created on: 12/6/2011 6:48:24 PM - Run 1

OTS by OldTimer - Version 3.1.46.0     Folder = C:\Documents and Settings\Gallager2014\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.27 Gb Total Space | 8.89 Gb Free Space | 23.86% Space Free | Partition Type: NTFS

Drive D: | 159.54 Gb Total Space | 33.64 Gb Free Space | 21.09% Space Free | Partition Type: NTFS

Drive E: | 308.22 Gb Total Space | 208.01 Gb Free Space | 67.49% Space Free | Partition Type: NTFS

Drive F: | 74.21 Gb Total Space | 8.02 Gb Free Space | 10.81% Space Free | Partition Type: NTFS

Drive G: | 157.54 Gb Total Space | 45.49 Gb Free Space | 28.88% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive M: | 1863.01 Gb Total Space | 493.51 Gb Free Space | 26.49% Space Free | Partition Type: NTFS

 

Computer Name: GALAXY

Current User Name: Gallager2014

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

 

[Processes - Safe List]

ots.exe -> C:\Documents and Settings\Gallager2014\Desktop\OTS.exe -> [2011/12/06 18:29:02 | 000,646,144 | ---- | M] (OldTimer Tools)

sdtray.exe -> C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe -> [2011/10/05 15:46:52 | 003,578,272 | ---- | M] (Safer-Networking Ltd.)

sdhooksvc.exe -> C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe -> [2011/10/05 15:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.)

sdupdsvc.exe -> C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe -> [2011/10/05 15:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.)

sdfssvc.exe -> C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe -> [2011/10/05 15:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.)

mbamservice.exe -> C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation)

sascore.exe -> C:\Program Files\SUPERAntiSpyware\SASCore.exe -> [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com)

steam.exe -> E:\Program Files\Steam\Steam.exe -> [2011/08/05 17:57:50 | 001,242,448 | ---- | M] (Valve Corporation)

mysqld.exe -> G:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -> [2011/03/31 17:20:34 | 008,146,944 | ---- | M] ()

tsvncache.exe -> G:\Program Files\TortoiseSVN\bin\TSVNCache.exe -> [2011/03/23 18:32:24 | 000,619,288 | ---- | M] (http://tortoisesvn.net)

schedhlp.exe -> C:\Program Files\Common Files\Intel\Schedule2\schedhlp.exe -> [2010/11/01 12:08:06 | 000,362,296 | ---- | M] (Intel)

schedul2.exe -> C:\Program Files\Common Files\Intel\Schedule2\schedul2.exe -> [2010/11/01 12:07:58 | 000,817,056 | ---- | M] (Intel)

datamigrationsoftwaremonitor.exe -> C:\Program Files\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe -> [2010/11/01 12:06:46 | 002,605,224 | ---- | M] (Intel)

zunebusenum.exe -> C:\WINDOWS\system32\ZuneBusEnum.exe -> [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation)

zunelauncher.exe -> F:\Program Files\ZuneLauncher.exe -> [2010/01/07 13:38:08 | 000,158,448 | ---- | M] (Microsoft Corporation)

acrotray.exe -> G:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe -> [2009/12/21 17:35:18 | 000,640,440 | ---- | M] (Adobe Systems Inc.)

mcshield.exe -> C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -> [2009/10/22 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.)

shstat.exe -> C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe -> [2009/10/22 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.)

mfevtps.exe -> C:\WINDOWS\system32\mfevtps.exe -> [2009/10/22 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.)

vstskmgr.exe -> C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -> [2009/10/22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.)

mfeann.exe -> C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe -> [2009/10/22 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.)

engineserver.exe -> C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -> [2009/10/22 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.)

naprdmgr.exe -> C:\Program Files\McAfee\Common Framework\naPrdMgr.exe -> [2009/08/25 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.)

udaterui.exe -> C:\Program Files\McAfee\Common Framework\UdaterUI.exe -> [2009/08/25 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.)

frameworkservice.exe -> C:\Program Files\McAfee\Common Framework\FrameworkService.exe -> [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.)

mctray.exe -> C:\Program Files\McAfee\Common Framework\McTray.exe -> [2009/08/25 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.)

explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)

ping.exe -> C:\WINDOWS\system32\ping.exe -> [2008/04/14 07:00:00 | 000,017,920 | ---- | M] (Microsoft Corporation)

 

[Modules - No Company Name]

avcodec-52.dll -> E:\Program Files\Steam\bin\avcodec-52.dll -> [2011/12/03 23:39:42 | 000,914,216 | ---- | M] ()

avformat-52.dll -> E:\Program Files\Steam\bin\avformat-52.dll -> [2011/12/03 23:39:42 | 000,155,432 | ---- | M] ()

avutil-50.dll -> E:\Program Files\Steam\bin\avutil-50.dll -> [2011/12/03 23:39:42 | 000,091,432 | ---- | M] ()

jsdialogpack150.bpl -> C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl -> [2011/10/05 13:53:06 | 000,576,000 | ---- | M] ()

system.web.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll -> [2011/08/20 19:21:45 | 011,800,576 | ---- | M] ()

system.configuration.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll -> [2011/08/20 19:18:34 | 000,971,264 | ---- | M] ()

system.xml.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll -> [2011/08/20 18:53:29 | 005,450,752 | ---- | M] ()

system.windows.forms.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll -> [2011/08/20 18:53:25 | 012,430,848 | ---- | M] ()

system.drawing.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll -> [2011/08/20 18:53:14 | 001,587,200 | ---- | M] ()

system.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll -> [2011/08/20 18:52:20 | 007,950,848 | ---- | M] ()

system.runtime.remoting.dll -> C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll -> [2011/08/20 18:51:48 | 000,303,104 | ---- | M] ()

accessibility.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll -> [2011/06/24 18:42:32 | 000,025,600 | ---- | M] ()

mscorlib.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll -> [2011/06/24 18:27:57 | 011,490,816 | ---- | M] ()

sqlite3.dll -> C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll -> [2011/04/20 12:39:12 | 000,565,827 | ---- | M] ()

mysqld.exe -> G:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -> [2011/03/31 17:20:34 | 008,146,944 | ---- | M] ()

rpc_client.dll -> C:\Program Files\Intel\DataMigrationSoftware\Common\rpc_client.dll -> [2010/11/01 10:58:44 | 000,028,512 | ---- | M] ()

fzshellext.dll -> C:\Program Files\FileZilla FTP Client\fzshellext.dll -> [2010/03/21 13:19:50 | 000,094,208 | ---- | M] ()

rarext.dll -> C:\Program Files\WinRAR\RarExt.dll -> [2010/03/15 10:28:22 | 000,141,824 | ---- | M] ()

cli.aspect.displaysmanager.graphics.wizard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3257.27012__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll -> [2010/03/03 16:17:44 | 001,691,648 | ---- | M] ()

cli.aspect.hydravision.wizard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3257.27115__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.dll -> [2010/03/03 16:17:44 | 000,307,200 | ---- | M] ()

cli.caste.graphics.runtime.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3257.26996__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll -> [2010/03/03 16:17:44 | 000,278,528 | ---- | M] ()

cli.aspect.infocentre.graphics.wizard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll -> [2010/03/03 16:17:44 | 000,204,800 | ---- | M] ()

cli.caste.graphics.wizard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll -> [2010/03/03 16:17:44 | 000,040,960 | ---- | M] ()

cli.aspect.hotkeyshandling.graphics.runtime.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3257.27003__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll -> [2010/03/03 16:17:44 | 000,020,480 | ---- | M] ()

cli.caste.hydravision.runtime.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll -> [2010/03/03 16:17:44 | 000,011,776 | ---- | M] ()

cli.caste.hydravision.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll -> [2010/03/03 16:17:44 | 000,008,704 | ---- | M] ()

cli.caste.hydravision.wizard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3257.27112__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll -> [2010/03/03 16:17:44 | 000,007,680 | ---- | M] ()

cli.caste.hydravision.dashboard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll -> [2010/03/03 16:17:44 | 000,007,680 | ---- | M] ()

cli.aspect.devicecv.graphics.wizard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3257.27061__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll -> [2010/03/03 16:17:43 | 000,692,224 | ---- | M] ()

cli.aspect.overdrive5.graphics.dashboard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3257.27107__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll -> [2010/03/03 16:17:43 | 000,671,744 | ---- | M] ()

cli.aspect.transcode.graphics.wizard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3257.27092__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll -> [2010/03/03 16:17:43 | 000,466,944 | ---- | M] ()

cli.aspect.devicetv.graphics.wizard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3257.27076__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll -> [2010/03/03 16:17:43 | 000,364,544 | ---- | M] ()

cli.aspect.radeon3d.graphics.dashboard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3257.27056__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll -> [2010/03/03 16:17:43 | 000,344,064 | ---- | M] ()

cli.aspect.welcome.graphics.dashboard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3257.27093__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll -> [2010/03/03 16:17:43 | 000,135,168 | ---- | M] ()

cli.aspect.vpurecover.graphics.dashboard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3257.27012__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll -> [2010/03/03 16:17:43 | 000,106,496 | ---- | M] ()

cli.aspect.radeon3d.graphics.wizard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3257.27056__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll -> [2010/03/03 16:17:43 | 000,094,208 | ---- | M] ()

cli.aspect.overdrive5.graphics.runtime.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3257.27106__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll -> [2010/03/03 16:17:43 | 000,077,824 | ---- | M] ()

cli.aspect.devicetv.graphics.runtime.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3257.27071__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll -> [2010/03/03 16:17:43 | 000,077,824 | ---- | M] ()

cli.caste.graphics.dashboard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3257.27003__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll -> [2010/03/03 16:17:43 | 000,073,728 | ---- | M] ()

cli.aspect.devicecv.graphics.runtime.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3257.27050__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll -> [2010/03/03 16:17:43 | 000,069,632 | ---- | M] ()

cli.aspect.radeon3d.graphics.runtime.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3257.27055__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll -> [2010/03/03 16:17:43 | 000,057,344 | ---- | M] ()

cli.aspect.deviceproperty.graphics.runtime.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3257.27037__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll -> [2010/03/03 16:17:43 | 000,036,864 | ---- | M] ()

cli.aspect.vpurecover.graphics.runtime.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3257.27012__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll -> [2010/03/03 16:17:43 | 000,028,672 | ---- | M] ()

cli.aspect.mmvideo.graphics.dashboard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3257.27039__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll -> [2010/03/03 16:17:42 | 000,811,008 | ---- | M] ()

cli.aspect.devicetv.graphics.dashboard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3257.27072__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll -> [2010/03/03 16:17:42 | 000,798,720 | ---- | M] ()

cli.aspect.displaysmanager.graphics.dashboard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3257.27004__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll -> [2010/03/03 16:17:42 | 000,716,800 | ---- | M] ()

cli.aspect.devicecv.graphics.dashboard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3257.27051__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll -> [2010/03/03 16:17:42 | 000,675,840 | ---- | M] ()

cli.aspect.displayscolour2.graphics.dashboard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3257.27014__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll -> [2010/03/03 16:17:42 | 000,589,824 | ---- | M] ()

cli.aspect.devicedfp.graphics.dashboard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3257.27033__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll -> [2010/03/03 16:17:42 | 000,450,560 | ---- | M] ()

cli.aspect.devicecrt.graphics.dashboard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll -> [2010/03/03 16:17:42 | 000,438,272 | ---- | M] ()

cli.aspect.mmvideo.graphics.wizard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3257.27065__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll -> [2010/03/03 16:17:42 | 000,405,504 | ---- | M] ()

cli.aspect.infocentre.graphics.dashboard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll -> [2010/03/03 16:17:42 | 000,225,280 | ---- | M] ()

cli.aspect.displaysoptions.graphics.dashboard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3257.27048__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll -> [2010/03/03 16:17:42 | 000,122,880 | ---- | M] ()

cli.aspect.mmvideo.graphics.runtime.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll -> [2010/03/03 16:17:42 | 000,081,920 | ---- | M] ()

cli.aspect.devicedfp.graphics.runtime.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3257.27037__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll -> [2010/03/03 16:17:42 | 000,061,440 | ---- | M] ()

cli.aspect.displayscolour2.graphics.runtime.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3257.27017__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll -> [2010/03/03 16:17:42 | 000,040,960 | ---- | M] ()

cli.aspect.devicecrt.graphics.runtime.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll -> [2010/03/03 16:17:42 | 000,040,960 | ---- | M] ()

cli.aspect.displaysoptions.graphics.runtime.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3257.27047__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll -> [2010/03/03 16:17:42 | 000,036,864 | ---- | M] ()

cli.aspect.devicelcd.graphics.runtime.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3257.27049__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll -> [2010/03/03 16:17:42 | 000,032,768 | ---- | M] ()

cli.foundation.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll -> [2010/03/03 16:17:41 | 000,073,728 | ---- | M] ()

cli.aspect.devicetv.graphics.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll -> [2010/03/03 16:17:41 | 000,065,536 | ---- | M] ()

cli.caste.graphics.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll -> [2010/03/03 16:17:41 | 000,061,440 | ---- | M] ()

cli.aspect.overdrive5.graphics.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3218.28705__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll -> [2010/03/03 16:17:41 | 000,061,440 | ---- | M] ()

cli.aspect.mmvideo.graphics.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll -> [2010/03/03 16:17:41 | 000,053,248 | ---- | M] ()

cli.aspect.radeon3d.graphics.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll -> [2010/03/03 16:17:41 | 000,049,152 | ---- | M] ()

cli.aspect.devicedfp.graphics.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll -> [2010/03/03 16:17:41 | 000,049,152 | ---- | M] ()

dem.graphics.i0601.dll -> C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll -> [2010/03/03 16:17:41 | 000,045,056 | ---- | M] ()

cli.aspect.transcode.graphics.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll -> [2010/03/03 16:17:41 | 000,040,960 | ---- | M] ()

cli.aspect.devicecv.graphics.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll -> [2010/03/03 16:17:41 | 000,040,960 | ---- | M] ()

log.foundation.dll -> C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll -> [2010/03/03 16:17:41 | 000,032,768 | ---- | M] ()

cli.aspect.deviceproperty.graphics.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3218.28685__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll -> [2010/03/03 16:17:41 | 000,032,768 | ---- | M] ()

newaem.foundation.dll -> C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll -> [2010/03/03 16:17:41 | 000,028,672 | ---- | M] ()

cli.foundation.xmanifest.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll -> [2010/03/03 16:17:41 | 000,028,672 | ---- | M] ()

cli.aspect.displayscolour2.graphics.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll -> [2010/03/03 16:17:41 | 000,028,672 | ---- | M] ()

cli.aspect.devicelcd.graphics.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll -> [2010/03/03 16:17:41 | 000,028,672 | ---- | M] ()

cli.aspect.displaysoptions.graphics.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll -> [2010/03/03 16:17:41 | 000,024,576 | ---- | M] ()

dem.os.i0602.dll -> C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll -> [2010/03/03 16:17:41 | 000,020,480 | ---- | M] ()

dem.graphics.i0703.dll -> C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll -> [2010/03/03 16:17:41 | 000,020,480 | ---- | M] ()

cli.component.wizard.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll -> [2010/03/03 16:17:41 | 000,020,480 | ---- | M] ()

cli.component.dashboard.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll -> [2010/03/03 16:17:41 | 000,020,480 | ---- | M] ()

cli.component.client.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll -> [2010/03/03 16:17:41 | 000,020,480 | ---- | M] ()

cli.aspect.vpurecover.graphics.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll -> [2010/03/03 16:17:41 | 000,020,480 | ---- | M] ()

cli.aspect.hotkeyshandling.graphics.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll -> [2010/03/03 16:17:41 | 000,020,480 | ---- | M] ()

aem.plugin.hotkeys.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll -> [2010/03/03 16:17:41 | 000,020,480 | ---- | M] ()

aem.actions.ccaa.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll -> [2010/03/03 16:17:41 | 000,020,480 | ---- | M] ()

mom.foundation.dll -> C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll -> [2010/03/03 16:17:41 | 000,016,384 | ---- | M] ()

dem.os.dll -> C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll -> [2010/03/03 16:17:41 | 000,016,384 | ---- | M] ()

dem.graphics.i0706.dll -> C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll -> [2010/03/03 16:17:41 | 000,016,384 | ---- | M] ()

dem.graphics.dll -> C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll -> [2010/03/03 16:17:41 | 000,016,384 | ---- | M] ()

dem.foundation.dll -> C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll -> [2010/03/03 16:17:41 | 000,016,384 | ---- | M] ()

cli.component.runtime.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll -> [2010/03/03 16:17:41 | 000,016,384 | ---- | M] ()

cli.caste.graphics.wizard.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll -> [2010/03/03 16:17:41 | 000,016,384 | ---- | M] ()

cli.caste.graphics.dashboard.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll -> [2010/03/03 16:17:41 | 000,016,384 | ---- | M] ()

aem.plugin.winmessages.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll -> [2010/03/03 16:17:41 | 000,016,384 | ---- | M] ()

aem.plugin.gd.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll -> [2010/03/03 16:17:41 | 000,016,384 | ---- | M] ()

aem.plugin.eeu.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3218.28685__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll -> [2010/03/03 16:17:41 | 000,016,384 | ---- | M] ()

aem.plugin.dppe.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll -> [2010/03/03 16:17:41 | 000,016,384 | ---- | M] ()

atixclib.dll -> C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll -> [2010/03/03 16:17:41 | 000,006,656 | ---- | M] ()

cli.component.dashboard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3257.27000__90ba9c70f846762e\CLI.Component.Dashboard.dll -> [2010/03/03 16:17:40 | 001,073,152 | ---- | M] ()

cli.component.systemtray.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3257.27080__90ba9c70f846762e\CLI.Component.Systemtray.dll -> [2010/03/03 16:17:40 | 000,532,480 | ---- | M] ()

cli.component.wizard.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Component.Wizard.dll -> [2010/03/03 16:17:40 | 000,393,216 | ---- | M] ()

mom.implementation.dll -> C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3257.27085__90ba9c70f846762e\MOM.Implementation.dll -> [2010/03/03 16:17:40 | 000,106,496 | ---- | M] ()

cli.component.runtime.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.dll -> [2010/03/03 16:17:40 | 000,069,632 | ---- | M] ()

log.foundation.implementation.dll -> C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3257.27084__90ba9c70f846762e\LOG.Foundation.Implementation.dll -> [2010/03/03 16:17:40 | 000,061,440 | ---- | M] ()

cli.component.skinfactory.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3257.26995__90ba9c70f846762e\CLI.Component.SkinFactory.dll -> [2010/03/03 16:17:40 | 000,057,344 | ---- | M] ()

cli.aspect.devicecrt.graphics.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll -> [2010/03/03 16:17:40 | 000,053,248 | ---- | M] ()

cli.component.runtime.shared.private.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll -> [2010/03/03 16:17:40 | 000,045,056 | ---- | M] ()

aem.plugin.source.kit.server.dll -> C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3257.27101__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll -> [2010/03/03 16:17:40 | 000,045,056 | ---- | M] ()

cli.foundation.private.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll -> [2010/03/03 16:17:40 | 000,040,960 | ---- | M] ()

log.foundation.private.dll -> C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll -> [2010/03/03 16:17:40 | 000,032,768 | ---- | M] ()

cli.aspect.customformats.graphics.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3218.28686__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll -> [2010/03/03 16:17:40 | 000,028,672 | ---- | M] ()

cli.component.wizard.shared.private.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll -> [2010/03/03 16:17:40 | 000,024,576 | ---- | M] ()

ace.graphics.displaysmanager.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll -> [2010/03/03 16:17:40 | 000,024,576 | ---- | M] ()

log.foundation.implementation.private.dll -> C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll -> [2010/03/03 16:17:40 | 000,020,480 | ---- | M] ()

cli.component.dashboard.shared.private.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll -> [2010/03/03 16:17:40 | 000,020,480 | ---- | M] ()

apm.foundation.dll -> C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll -> [2010/03/03 16:17:40 | 000,020,480 | ---- | M] ()

localization.foundation.private.dll -> C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll -> [2010/03/03 16:17:40 | 000,016,384 | ---- | M] ()

aem.server.shared.dll -> C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll -> [2010/03/03 16:17:40 | 000,016,384 | ---- | M] ()

axinterop.wbocxlib.dll -> C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll -> [2010/03/03 16:17:40 | 000,014,848 | ---- | M] ()

interop.wbocxlib.dll -> C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll -> [2010/03/03 16:17:40 | 000,013,312 | ---- | M] ()

localization.foundation.implementation.dll -> C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3257.27109__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll -> [2010/03/03 16:17:40 | 000,011,264 | ---- | M] ()

cli.component.runtime.extension.eeu.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll -> [2010/03/03 16:17:40 | 000,007,168 | ---- | M] ()

atidemos.dll -> C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3257.26994__90ba9c70f846762e\ATIDEMOS.dll -> [2010/03/03 16:17:39 | 000,073,728 | ---- | M] ()

apm.server.dll -> C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3257.26992__90ba9c70f846762e\APM.Server.dll -> [2010/03/03 16:17:39 | 000,061,440 | ---- | M] ()

aem.server.dll -> C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3257.26993__90ba9c70f846762e\AEM.Server.dll -> [2010/03/03 16:17:39 | 000,045,056 | ---- | M] ()

cli.component.client.shared.private.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll -> [2010/03/03 16:17:39 | 000,040,960 | ---- | M] ()

aticccom.dll -> C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll -> [2010/03/03 16:17:39 | 000,032,768 | ---- | M] ()

ccc.implementation.dll -> C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3257.27085__90ba9c70f846762e\CCC.Implementation.dll -> [2010/03/03 16:17:39 | 000,028,672 | ---- | M] ()

cli.caste.graphics.runtime.shared.private.dll -> C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3218.28695__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll -> [2010/03/03 16:17:39 | 000,020,480 | ---- | M] ()

boost_thread-vc71-mt-1_32.dll -> C:\Program Files\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll -> [2009/08/25 16:00:00 | 000,057,344 | ---- | M] ()

acrotray.deu -> G:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU -> [2009/02/27 15:39:29 | 000,019,968 | ---- | M] ()

acrotray.fra -> G:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA -> [2009/02/27 15:32:27 | 000,020,480 | ---- | M] ()

branding.dll -> C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll -> [2008/10/30 14:39:12 | 000,016,384 | R--- | M] ()

mswsock.dll -> \\?\globalroot\systemroot\system32\mswsock.dll -> [2008/06/20 11:02:47 | 000,245,248 | ---- | M] ()

mswsock.dll -> \\.\globalroot\systemroot\system32\mswsock.dll -> [2008/06/20 11:02:47 | 000,245,248 | ---- | M] ()

mmfinfo.dll -> C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll -> [2005/11/24 16:24:54 | 000,053,248 | ---- | M] ()

mkunicode.dll -> C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll -> [2005/11/24 16:22:52 | 000,023,552 | ---- | M] ()

cryptocme2.dll -> C:\Program Files\McAfee\Common Framework\cryptocme2.dll -> [2005/08/22 16:38:16 | 003,264,512 | ---- | M] ()

 

[Win32 Services - Safe List]

(LAWHCZBOD) LAWHCZBOD [On_Demand | Stopped] ->  -> File not found

(HidServ) Human Interface Device Access [Disabled | Stopped] ->  -> File not found

(SDHookService) Spybot S&D 2 Live Protection Service [Auto | Running] -> C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe -> [2011/10/05 15:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.)

(SDUpdateService) Spybot-S&D 2 Updating Service [Auto | Running] -> C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe -> [2011/10/05 15:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.)

(SDScannerService) Spybot-S&D 2 Scanner Service [Auto | Running] -> C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe -> [2011/10/05 15:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.)

(MBAMService) MBAMService [Auto | Running] -> C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation)

(!SASCORE) SAS Core Service [Auto | Running] -> C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -> [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com)

(MySQL51) MySQL51 [Auto | Running] -> G:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -> [2011/03/31 17:20:34 | 008,146,944 | ---- | M] ()

(IntSch2Svc) Intel Scheduler2 Service [Auto | Running] -> C:\Program Files\Common Files\Intel\Schedule2\schedul2.exe -> [2010/11/01 12:07:58 | 000,817,056 | ---- | M] (Intel)

(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2010/03/17 12:05:43 | 000,655,624 | ---- | M] (Acresso Software Inc.)

(ZuneWlanCfgSvc) Zune Wireless Configuration Service [On_Demand | Stopped] -> C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -> [2010/01/07 13:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation)

(ZuneBusEnum) Zune Bus Enumerator [Auto | Running] -> C:\WINDOWS\system32\ZuneBusEnum.exe -> [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation)

(ZuneNetworkSvc) Zune Network Sharing Service [On_Demand | Stopped] -> F:\Program Files\ZuneNss.exe -> [2010/01/07 13:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation)

(McShield) McAfee McShield [Unknown | Running] -> C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -> [2009/10/22 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.)

(mfevtp) McAfee Validation Trust Protection Service [Unknown | Running] -> C:\WINDOWS\system32\mfevtps.exe -> [2009/10/22 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.)

(McTaskManager) McAfee Task Manager [Unknown | Running] -> C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -> [2009/10/22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.)

(McAfeeEngineService) McAfee Engine Service [Unknown | Running] -> C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -> [2009/10/22 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.)

(McAfeeFramework) McAfee Framework Service [Unknown | Running] -> C:\Program Files\McAfee\Common Framework\FrameworkService.exe -> [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.)

(Adobe Version Cue CS4) Adobe Version Cue CS4 [On_Demand | Stopped] -> C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -> [2008/08/15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated)

(msvsmon90) Visual Studio 2008 Remote Debugger [Disabled | Stopped] -> G:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -> [2007/11/07 07:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation)

 

[Driver Services - Safe List]

(SDHookDriver) Spybot-S&D 2 Hook Driver [Kernel | System | Running] -> C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys -> [2011/10/05 15:45:46 | 000,038,504 | ---- | M] ()

(MBAMProtector) MBAMProtector [File_System | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mbam.sys -> [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation)

(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

(AFD) AFD [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\afd.sys -> [2011/02/16 08:22:48 | 000,138,496 | ---- | M] ()

(snapman) Acronis Snapshots Manager [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\snapman.sys -> [2011/01/30 16:47:02 | 000,170,336 | ---- | M] (Acronis)

(FTDIBUS) USB Serial Converter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ftdibus.sys -> [2010/08/12 15:43:17 | 000,047,249 | ---- | M] (FTDI Ltd.)

(FTSER2K) USB Serial Port Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ftser2k.sys -> [2010/07/12 12:48:56 | 000,073,032 | ---- | M] (FTDI Ltd.)

(urvpndrv) F5 Networks VPN Adapter [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\covpndrv.sys -> [2010/06/11 13:02:32 | 000,035,448 | ---- | M] (F5 Networks, Inc.)

(f5ipfw) F5 Networks StoneWall Filter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\urfltw2k.sys -> [2010/06/11 13:02:22 | 000,010,744 | ---- | M] (F5 Networks, Inc.)

(mfehidk) McAfee Inc. mfehidk [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\mfehidk.sys -> [2009/10/22 20:07:00 | 000,343,664 | ---- | M] (McAfee, Inc.)

(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mfeavfk.sys -> [2009/10/22 20:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.)

(mfeapfk) McAfee Inc. mfeapfk [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mfeapfk.sys -> [2009/10/22 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.)

(mferkdet) McAfee Inc. mferkdet [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mferkdet.sys -> [2009/10/22 20:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.)

(mfetdik) McAfee Inc. mfetdik [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\mfetdik.sys -> [2009/10/22 20:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.)

(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mfebopk.sys -> [2009/10/22 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.)

(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2008/12/01 17:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.)

(AtiHdmiService) ATI Function Driver for HDMI Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\AtiHdmi.sys -> [2008/10/31 13:52:16 | 000,093,184 | ---- | M] (ATI Research Inc.)

(DriverX) DriverX [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\DRIVERX.SYS -> [2008/09/17 09:43:30 | 000,234,140 | ---- | M] (Tetradyne Software, Inc.)

(RTLWUSB) Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\RTL8187.sys -> [2008/06/27 01:39:42 | 000,332,928 | ---- | M] (Realtek Semiconductor Corporation                           )

(EzImage) DPS EzImage [Kernel | Boot | Stopped] -> C:\WINDOWS\system32\drivers\ezimage.sys -> [2008/06/23 16:15:58 | 000,011,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider)

(yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\yk51x86.sys -> [2007/12/06 09:51:00 | 000,285,952 | ---- | M] (Marvell)

(WinUSB) WinUSB [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\winusb.sys -> [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation)

(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.Sys -> [2006/04/17 03:31:26 | 004,262,912 | R--- | M] (Realtek Semiconductor Corp.)

(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ASACPI.sys -> [2004/08/13 05:56:20 | 000,005,810 | R--- | M] ()

(axwhisky) axwhisky [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\axwhisky.sys -> [2003/07/02 16:41:42 | 000,005,248 | ---- | M] ( )

(axwskbus) axwskbus [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\axwskbus.sys -> [2003/07/02 15:49:52 | 000,124,160 | ---- | M] ( )

 

[Registry - Safe List]

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\"XMLHTTP_UUID_Default" -> 07 1D CF 0C EA 49 14 48 A7 87 9C 35 DD 0F 74 72  [binary data] -> 

HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 

HKEY_CURRENT_USER\: "ProxyServer" -> http=127.0.0.1:63677 -> 

< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKLM\software\mozilla\Firefox\Extensions ->  -> 

< FireFox Extensions [User Folders] > -> 

Hosts file not found -> -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll [Spybot-S&D IE Protection] -> [2011/10/05 15:45:34 | 002,930,632 | ---- | M] (Safer-Networking Ltd.)

{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll [scriptproxy] -> [2009/10/22 20:07:00 | 000,067,120 | ---- | M] (McAfee, Inc.)

{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2009/12/21 17:33:03 | 000,349,640 | ---- | M] (Adobe Systems Incorporated)

{F4971EE7-DAA0-4053-9964-665D8EE6A077} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [SmartSelect Class] -> [2009/12/21 17:33:03 | 000,349,640 | ---- | M] (Adobe Systems Incorporated)

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2009/12/21 17:33:03 | 000,349,640 | ---- | M] (Adobe Systems Incorporated)

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2009/12/21 17:33:03 | 000,349,640 | ---- | M] (Adobe Systems Incorporated)

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

"" ->  [] -> File not found

"Acrobat Assistant 8.0" -> G:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe ["G:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"] -> [2009/12/21 17:35:18 | 000,640,440 | ---- | M] (Adobe Systems Inc.)

"Adobe Acrobat Speed Launcher" -> G:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe ["G:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"] -> [2009/12/22 00:26:01 | 000,038,840 | ---- | M] (Adobe Systems Incorporated)

"Adobe_ID0ENQBO" -> C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE] -> [2008/08/15 04:46:20 | 000,378,224 | ---- | M] (Adobe Systems Incorporated)

"AdobeCS4ServiceManager" -> C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe ["C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin] -> [2008/08/14 06:58:34 | 000,611,712 | ---- | M] (Adobe Systems Incorporated)

"Alcmtr" -> C:\WINDOWS\Alcmtr.exe [ALCMTR.EXE] -> [2005/05/03 05:43:28 | 000,069,632 | R--- | M] (Realtek Semiconductor Corp.)

"DataMigrationSoftwareMonitor.exe" -> C:\Program Files\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe [C:\Program Files\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe] -> [2010/11/01 12:06:46 | 002,605,224 | ---- | M] (Intel)

"Intel Scheduler2 Service" -> C:\Program Files\Common Files\Intel\Schedule2\schedhlp.exe ["C:\Program Files\Common Files\Intel\Schedule2\schedhlp.exe"] -> [2010/11/01 12:08:06 | 000,362,296 | ---- | M] (Intel)

"Malwarebytes' Anti-Malware" -> C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray] -> [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation)

"McAfeeUpdaterUI" -> C:\Program Files\McAfee\Common Framework\udaterui.exe ["C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey] -> [2009/08/25 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.)

"SDTray" -> C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe ["C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"] -> [2011/10/05 15:46:52 | 003,578,272 | ---- | M] (Safer-Networking Ltd.)

"ShStatEXE" -> C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE ["C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE] -> [2009/10/22 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.)

"Spybot-S&D Cleaning" -> C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe ["C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean] -> [2011/10/05 15:46:08 | 003,025,304 | ---- | M] (Safer-Networking Ltd.)

"StartCCC" -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2008/08/29 17:11:14 | 000,061,440 | ---- | M] (Advanced Micro Devices, Inc.)

"Zune Launcher" -> F:\Program Files\ZuneLauncher.exe ["F:\Program Files\ZuneLauncher.exe"] -> [2010/01/07 13:38:08 | 000,158,448 | ---- | M] (Microsoft Corporation)

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

"igndlm.exe" -> C:\Program Files\Download Manager\DLM.exe [C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork] -> [2009/10/27 12:18:00 | 001,103,216 | ---- | M] (IGN Entertainment)

"Steam" -> E:\Program Files\Steam\Steam.exe ["E:\Program Files\Steam\Steam.exe" -silent] -> [2011/08/05 17:57:50 | 001,242,448 | ---- | M] (Valve Corporation)

"SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2011/11/07 13:04:36 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com)

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

< Gallager2014 Startup Folder > -> C:\Documents and Settings\Gallager2014\Start Menu\Programs\Startup -> 

< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"HonorAutoRunSetting" ->  [1] -> File not found

\\"NoControlPanel" ->  [0] -> File not found

< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

\\"EnableLinkedConnections" ->  [1] -> File not found

< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 

< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 

Append Link Target to Existing PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2009/12/21 17:33:03 | 000,349,640 | ---- | M] (Adobe Systems Incorporated)

Append to Existing PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html] -> [2009/12/21 17:33:03 | 000,349,640 | ---- | M] (Adobe Systems Incorporated)

Convert Link Target to Adobe PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2009/12/21 17:33:03 | 000,349,640 | ---- | M] (Adobe Systems Incorporated)

Convert to Adobe PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html] -> [2009/12/21 17:33:03 | 000,349,640 | ---- | M] (Adobe Systems Incorporated)

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2011/10/05 15:45:34 | 002,930,632 | ---- | M] (Safer-Networking Ltd.)

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix

"" -> http://

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7655 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7654 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{2BCDB465-81F9-41CB-832C-8037A4064446} [HKLM] -> https://vpn.mtu.edu/vdesk/terminal/urxvpn.cab#version=7000,2010,611,2100 [F5 Networks VPN Manager] -> 

{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} [HKLM] -> http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab [CDownloadCtrl Object] -> 

{41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} [HKLM] -> https://vpn.mtu.edu/vdesk/terminal/f5tunsrv.cab#version=7000,2010,611,2051 [F5 Networks Dynamic Application Tunnel Control] -> 

{45B69029-F3AB-4204-92DE-D5140C3E8E74} [HKLM] -> https://vpn.mtu.edu/vdesk/terminal/InstallerControl.cab [F5 Networks Auto Update] -> 

{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267668203250 [WUWebControl Class] -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> 

{B8E73359-3422-4384-8D27-4EA1B4C01232} [HKLM] -> https://webvpn214.ford.com/+CSCOL+/cscopf.cab [CISCO Portforwarder Control] -> 

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Reg Error: Key error.] -> 

{CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} [HKLM] -> https://vpn.mtu.edu/vdesk/terminal/urxshost.cab#version=7000,2010,611,2044 [F5 Networks SuperHost Class] -> 

{E0FF21FA-B857-45C5-8621-F120A0C17FF2} [HKLM] -> https://vpn.mtu.edu/vdesk/terminal/urxhost.cab#version=7000,2010,611,2119 [F5 Networks Host Control] -> 

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 

Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> -> 

*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 

C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -> [2011/05/04 12:54:14 | 000,551,296 | ---- | M] (SUPERAntiSpyware.com)

AtiExtEvent -> C:\WINDOWS\System32\ati2evxx.dll -> [2008/12/01 15:40:14 | 000,143,360 | ---- | M] (ATI Technologies Inc.)

SDWinLogon ->  -> File not found

< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 

"{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [] -> [2009/05/24 22:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation)

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2011/07/18 19:02:18 | 000,113,024 | ---- | M] (SuperAdBlocker.com)

< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 

< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 

"C:\Documents and Settings\Gallager2014\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" -> C:\Documents and Settings\Gallager2014\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe [C:\Documents and Settings\Gallager2014\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client] -> [2008/11/14 04:05:02 | 000,128,384 | ---- | M] (Juniper Networks)

"C:\Documents and Settings\Gallager2014\Desktop\utorrent.exe" -> C:\Documents and Settings\Gallager2014\Desktop\utorrent.exe [C:\Documents and Settings\Gallager2014\Desktop\utorrent.exe:*:Enabled:µTorrent] -> [2011/04/16 00:32:27 | 000,399,736 | ---- | M] (BitTorrent, Inc.)

"C:\Documents and Settings\Gallager2014\My Documents\eclipse-SDK-3.5.2-win32\eclipse\eclipse.exe" -> C:\Documents and Settings\Gallager2014\My Documents\eclipse-SDK-3.5.2-win32\eclipse\eclipse.exe [C:\Documents and Settings\Gallager2014\My Documents\eclipse-SDK-3.5.2-win32\eclipse\eclipse.exe:*:Enabled:eclipse] -> [2010/03/30 00:48:17 | 000,057,344 | ---- | M] ()

"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -> C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server] -> [2008/08/15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated)

"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -> C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4] -> [2008/08/14 06:58:34 | 000,611,712 | ---- | M] (Adobe Systems Incorporated)

"C:\Program Files\Java\jre6\bin\java.exe" -> C:\Program Files\Java\jre6\bin\java.exe [C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary] -> [2010/09/15 03:50:49 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)

"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" -> C:\Program Files\McAfee\Common Framework\FrameworkService.exe [C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service] -> [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.)

"C:\Program Files\mIRC\mirc.exe" -> C:\Program Files\mIRC\mirc.exe [C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC] -> [2008/10/17 03:39:50 | 002,810,880 | ---- | M] (mIRC Co. Ltd.)

"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" -> C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service] -> [2011/10/05 15:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.)

"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" -> C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon] -> [2011/10/05 15:46:52 | 003,578,272 | ---- | M] (Safer-Networking Ltd.)

"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" -> C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater] -> [2011/10/05 15:46:58 | 003,868,568 | ---- | M] (Safer-Networking Ltd.)

"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" -> C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service] -> [2011/10/05 15:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.)

"C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2011/04/16 00:33:30 | 000,399,736 | ---- | M] (BitTorrent, Inc.)

"C:\Program Files\X-Chat 2\xchat.exe" -> C:\Program Files\X-Chat 2\xchat.exe [C:\Program Files\X-Chat 2\xchat.exe:*:Enabled:X-Chat IRC Client] -> [2006/11/21 19:32:50 | 000,351,744 | ---- | M] ()

"C:\WINDOWS\system32\ftp.exe" -> C:\WINDOWS\System32\ftp.exe [C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program] -> [2008/04/14 07:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)

"E:\Program Files\BitTorrent\bittorrent.exe" ->  [E:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found

"E:\Program Files\EA Games\Command and Conquer Generals\game.dat" -> E:\Program Files\EA Games\Command and Conquer Generals\game.dat [E:\Program Files\EA Games\Command and Conquer Generals\game.dat:*:Enabled:game] -> [2003/01/15 18:17:56 | 007,045,120 | ---- | M] ()

"E:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD" -> E:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD [E:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion] -> [2000/06/27 16:09:58 | 002,695,213 | ---- | M] (Microsoft Corporation)

"E:\Program Files\Microsoft Games\Rise of Nations\patriots.exe" -> E:\Program Files\Microsoft Games\Rise of Nations\patriots.exe [E:\Program Files\Microsoft Games\Rise of Nations\patriots.exe:*:Enabled:Rise of Nations] -> [2004/08/12 13:50:00 | 007,740,957 | ---- | M] (Big Huge Games, Inc.)

"E:\Program Files\Microsoft Games\Rise of Nations\thrones.exe" -> E:\Program Files\Microsoft Games\Rise of Nations\thrones.exe [E:\Program Files\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations] -> [2004/04/01 19:02:50 | 000,520,235 | ---- | M] (Big Huge Games, Inc.)

"E:\Program Files\Steam\Steam.exe" -> E:\Program Files\Steam\Steam.exe [E:\Program Files\Steam\Steam.exe:*:Enabled:Steam] -> [2011/08/05 17:57:50 | 001,242,448 | ---- | M] (Valve Corporation)

"E:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" -> E:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe [E:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead] -> [2011/05/10 17:37:28 | 000,098,304 | ---- | M] ()

"F:\Program Files\MusicBrainz Picard\picard.exe" -> F:\Program Files\MusicBrainz Picard\picard.exe [F:\Program Files\MusicBrainz Picard\picard.exe:*:Enabled:The next generation MusicBrainz tagger] -> [2009/11/01 13:07:50 | 000,107,520 | ---- | M] ()

"G:\eclipse\eclipse.exe" -> G:\eclipse\eclipse.exe [G:\eclipse\eclipse.exe:*:Enabled:eclipse] -> [2010/03/30 00:48:17 | 000,057,344 | ---- | M] ()

"G:\Program Files\BitTorrent\bittorrent.exe" -> G:\Program Files\BitTorrent\bittorrent.exe [G:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> [2011/03/28 20:43:14 | 000,400,760 | ---- | M] (BitTorrent, Inc.)

"K:\Torrent\Video\mIRC 6.35\mIRC.v6.35-DEViLiSiON\mirc.exe" ->  [K:\Torrent\Video\mIRC 6.35\mIRC.v6.35-DEViLiSiON\mirc.exe:*:Enabled:mIRC] -> File not found

< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 

< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->

"AutoRun" -> 1 -> 

"DisplayName" -> CD-ROM Driver -> 

"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found

< Drives with AutoRun files > ->  -> 

C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2010/03/03 15:55:22 | 000,000,000 | ---- | M] ()

< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 

< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 

comfile [open] -> "%1" %* -> 

exefile [open] -> "%1" %* -> 

< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 

.com [@ = comfile] -> "%1" %* -> 

.exe [@ = exefile] -> "%1" %* -> 

< File Associations - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>\ -> 

.exe [@ = exefile] -> Reg Error: Key error. -> File not found

 

 

[Files/Folders - Created Within 30 Days]

 OTS.exe -> C:\Documents and Settings\Gallager2014\Desktop\OTS.exe -> [2011/12/06 18:37:56 | 000,646,144 | ---- | C] (OldTimer Tools)

 dds.scr -> C:\Documents and Settings\Gallager2014\Desktop\dds.scr -> [2011/12/05 19:44:29 | 000,607,260 | R--- | C] (Swearware)

 Sun -> C:\Documents and Settings\NetworkService\Application Data\Sun -> [2011/12/05 02:03:04 | 000,000,000 | ---D | C]

 Recent -> C:\Documents and Settings\Gallager2014\Recent -> [2011/12/05 01:13:59 | 000,000,000 | RH-D | C]

 Malwarebytes -> C:\Documents and Settings\Gallager2014\Application Data\Malwarebytes -> [2011/12/04 03:10:58 | 000,000,000 | ---D | C]

 Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> [2011/12/04 03:05:12 | 000,000,000 | ---D | C]

 Spybot - Search & Destroy 2 -> C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2 -> [2011/12/04 03:04:53 | 000,000,000 | ---D | C]

 sdnclean.exe -> C:\WINDOWS\System32\sdnclean.exe -> [2011/12/04 03:04:46 | 000,015,224 | ---- | C] (Safer Networking Limited)

 Spybot - Search & Destroy 2 -> C:\Program Files\Spybot - Search & Destroy 2 -> [2011/12/04 03:04:38 | 000,000,000 | ---D | C]

 Malwarebytes' Anti-Malware -> C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/12/04 03:03:38 | 000,000,000 | ---D | C]

 Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2011/12/04 03:03:36 | 000,000,000 | ---D | C]

 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2011/12/04 03:03:33 | 000,022,216 | ---- | C] (Malwarebytes Corporation)

 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2011/12/04 03:03:32 | 000,000,000 | ---D | C]

 SUPERAntiSpyware.com -> C:\Documents and Settings\Gallager2014\Application Data\SUPERAntiSpyware.com -> [2011/12/04 03:02:23 | 000,000,000 | ---D | C]

 SUPERAntiSpyware -> C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware -> [2011/12/04 03:02:04 | 000,000,000 | ---D | C]

 SUPERAntiSpyware.com -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com -> [2011/12/04 03:01:58 | 000,000,000 | ---D | C]

 SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2011/12/04 03:01:58 | 000,000,000 | ---D | C]

 CCleaner -> C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner -> [2011/12/04 02:45:43 | 000,000,000 | ---D | C]

 CCleaner -> C:\Program Files\CCleaner -> [2011/12/04 02:45:40 | 000,000,000 | ---D | C]

 Security -> C:\Documents and Settings\Gallager2014\Desktop\Security -> [2011/12/04 02:43:15 | 000,000,000 | ---D | C]

 pss -> C:\WINDOWS\pss -> [2011/12/03 15:28:46 | 000,000,000 | ---D | C]

 Macromedia -> C:\Documents and Settings\NetworkService\Application Data\Macromedia -> [2011/12/03 15:15:53 | 000,000,000 | ---D | C]

 Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe -> [2011/12/03 15:15:51 | 000,000,000 | ---D | C]

 Combined-Community-Codec-Pack-2011-11-11.exe -> C:\Documents and Settings\Gallager2014\My Documents\Combined-Community-Codec-Pack-2011-11-11.exe -> [2011/11/18 23:11:27 | 009,889,896 | ---- | C] (CCCP Project                                                )

 axwhisky.sys -> C:\WINDOWS\System32\drivers\axwhisky.sys -> [2003/07/02 16:41:42 | 000,005,248 | ---- | C] ( )

 axwskbus.sys -> C:\WINDOWS\System32\drivers\axwskbus.sys -> [2003/07/02 15:49:52 | 000,124,160 | ---- | C] ( )

 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

 1 C:\Documents and Settings\Gallager2014\Desktop\*.tmp files -> C:\Documents and Settings\Gallager2014\Desktop\*.tmp -> 

 1 C:\Documents and Settings\Gallager2014\*.tmp files -> C:\Documents and Settings\Gallager2014\*.tmp -> 

 

[Files/Folders - Modified Within 30 Days]

 OTS.exe -> C:\Documents and Settings\Gallager2014\Desktop\OTS.exe -> [2011/12/06 18:29:02 | 000,646,144 | ---- | M] (OldTimer Tools)

 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2011/12/06 00:33:11 | 000,512,736 | ---- | M] ()

 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2011/12/06 00:33:10 | 000,097,812 | ---- | M] ()

 Check for updates (Spybot - Search & Destroy).job -> C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job -> [2011/12/06 00:31:20 | 000,000,364 | ---- | M] ()

 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2011/12/06 00:31:05 | 000,013,646 | ---- | M] ()

 ativvaxx.cap -> C:\WINDOWS\System32\ativvaxx.cap -> [2011/12/05 23:59:27 | 000,069,112 | ---- | M] ()

 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2011/12/05 23:59:27 | 000,002,048 | --S- | M] ()

 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2011/12/05 20:54:46 | 000,001,324 | ---- | M] ()

 defogger_reenable -> C:\Documents and Settings\Gallager2014\defogger_reenable -> [2011/12/05 19:46:53 | 000,000,000 | ---- | M] ()

 3r75nv8m.exe -> C:\Documents and Settings\Gallager2014\Desktop\3r75nv8m.exe -> [2011/12/05 19:45:09 | 000,302,592 | ---- | M] ()

 dds.scr -> C:\Documents and Settings\Gallager2014\Desktop\dds.scr -> [2011/12/05 19:44:31 | 000,607,260 | R--- | M] (Swearware)

 Defogger.exe -> C:\Documents and Settings\Gallager2014\Desktop\Defogger.exe -> [2011/12/05 19:44:01 | 000,050,477 | ---- | M] ()

 Scan the system (Spybot - Search & Destroy).job -> C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job -> [2011/12/05 01:22:31 | 000,000,334 | ---- | M] ()

 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2011/12/05 01:18:06 | 002,150,952 | ---- | M] ()

 Refresh immunization (Spybot - Search & Destroy).job -> C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job -> [2011/12/04 19:53:33 | 000,000,348 | ---- | M] ()

 Spybot-S&D Start Center.lnk -> C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk -> [2011/12/04 03:04:53 | 000,001,836 | ---- | M] ()

 SUPERAntiSpyware Free Edition.lnk -> C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2011/12/04 03:02:04 | 000,001,678 | ---- | M] ()

 cc_20111204_025413.reg -> C:\Documents and Settings\Gallager2014\My Documents\cc_20111204_025413.reg -> [2011/12/04 02:54:40 | 000,320,364 | ---- | M] ()

 MDALUAI -> C:\WINDOWS\System32\MDALUAI -> [2011/12/03 23:41:37 | 000,000,000 | ---- | M] ()

 boot.ini -> C:\boot.ini -> [2011/12/03 16:41:01 | 000,000,211 | -HS- | M] ()

 3g33i64u6x4t446137pj431d57w8x08u65hsu -> C:\Documents and Settings\Gallager2014\Local Settings\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu -> [2011/12/03 16:02:28 | 000,014,240 | -HS- | M] ()

 3g33i64u6x4t446137pj431d57w8x08u65hsu -> C:\Documents and Settings\All Users\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu -> [2011/12/03 16:02:28 | 000,014,240 | -HS- | M] ()

 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Gallager2014\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/12/03 14:38:54 | 000,142,336 | ---- | M] ()

 Combined-Community-Codec-Pack-2011-11-11.exe -> C:\Documents and Settings\Gallager2014\My Documents\Combined-Community-Codec-Pack-2011-11-11.exe -> [2011/11/18 23:11:27 | 009,889,896 | ---- | M] (CCCP Project                                                )

 FlashPlayerCPLApp.cpl -> C:\WINDOWS\System32\FlashPlayerCPLApp.cpl -> [2011/11/14 20:15:48 | 000,414,368 | ---- | M] (Adobe Systems Incorporated)

 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

 19 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 

 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

 1 C:\Documents and Settings\Gallager2014\Desktop\*.tmp files -> C:\Documents and Settings\Gallager2014\Desktop\*.tmp -> 

 1 C:\Documents and Settings\Gallager2014\*.tmp files -> C:\Documents and Settings\Gallager2014\*.tmp -> 

 

[Files - No Company Name]

 defogger_reenable -> C:\Documents and Settings\Gallager2014\defogger_reenable -> [2011/12/05 19:46:53 | 000,000,000 | ---- | C] ()

 3r75nv8m.exe -> C:\Documents and Settings\Gallager2014\Desktop\3r75nv8m.exe -> [2011/12/05 19:45:05 | 000,302,592 | ---- | C] ()

 Defogger.exe -> C:\Documents and Settings\Gallager2014\Desktop\Defogger.exe -> [2011/12/05 19:44:01 | 000,050,477 | ---- | C] ()

 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2011/12/05 01:17:59 | 002,150,952 | ---- | C] ()

 Check for updates (Spybot - Search & Destroy).job -> C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job -> [2011/12/04 03:05:14 | 000,000,364 | ---- | C] ()

 Refresh immunization (Spybot - Search & Destroy).job -> C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job -> [2011/12/04 03:05:14 | 000,000,348 | ---- | C] ()

 Scan the system (Spybot - Search & Destroy).job -> C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job -> [2011/12/04 03:05:14 | 000,000,334 | ---- | C] ()

 Spybot-S&D Start Center.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk -> [2011/12/04 03:04:53 | 000,001,842 | ---- | C] ()

 Spybot-S&D Start Center.lnk -> C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk -> [2011/12/04 03:04:53 | 000,001,836 | ---- | C] ()

 SUPERAntiSpyware Free Edition.lnk -> C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2011/12/04 03:02:04 | 000,001,678 | ---- | C] ()

 cc_20111204_025413.reg -> C:\Documents and Settings\Gallager2014\My Documents\cc_20111204_025413.reg -> [2011/12/04 02:54:17 | 000,320,364 | ---- | C] ()

 MDALUAI -> C:\WINDOWS\System32\MDALUAI -> [2011/12/03 23:41:37 | 000,000,000 | ---- | C] ()

 3g33i64u6x4t446137pj431d57w8x08u65hsu -> C:\Documents and Settings\Gallager2014\Local Settings\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu -> [2011/12/03 15:02:10 | 000,014,240 | -HS- | C] ()

 3g33i64u6x4t446137pj431d57w8x08u65hsu -> C:\Documents and Settings\All Users\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu -> [2011/12/03 15:02:10 | 000,014,240 | -HS- | C] ()

 WAVEMIX.INI -> C:\WINDOWS\WAVEMIX.INI -> [2011/06/22 18:02:24 | 000,002,554 | ---- | C] ()

 SimTower.ini -> C:\WINDOWS\SimTower.ini -> [2011/06/22 18:02:16 | 000,000,164 | ---- | C] ()

 PUTTY.RND -> C:\Documents and Settings\Gallager2014\Local Settings\Application Data\PUTTY.RND -> [2011/04/10 12:37:19 | 000,000,600 | ---- | C] ()

 f5unistall.INI -> C:\WINDOWS\f5unistall.INI -> [2011/03/23 23:41:26 | 000,000,000 | ---- | C] ()

 CP30LS.DLL -> C:\WINDOWS\System32\CP30LS.DLL -> [2011/01/27 01:03:35 | 000,011,157 | ---- | C] ()

 eReg.dat -> C:\WINDOWS\eReg.dat -> [2010/11/09 20:06:38 | 000,000,617 | ---- | C] ()

 XalanMessages_1_8.dll -> C:\WINDOWS\System32\XalanMessages_1_8.dll -> [2010/10/16 22:06:26 | 000,036,864 | R--- | C] ()

 d3d8caps.dat -> C:\WINDOWS\System32\d3d8caps.dat -> [2010/07/25 22:05:16 | 000,000,768 | ---- | C] ()

 CDPlayer.ini -> C:\WINDOWS\CDPlayer.ini -> [2010/07/13 10:10:33 | 000,002,170 | ---- | C] ()

 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/06/30 08:19:44 | 000,001,324 | ---- | C] ()

 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2010/06/13 12:38:27 | 000,000,306 | ---- | C] ()

 AVSredirect.dll -> C:\WINDOWS\System32\AVSredirect.dll -> [2010/03/19 19:05:18 | 000,027,648 | ---- | C] ()

 nsreg.dat -> C:\WINDOWS\nsreg.dat -> [2010/03/04 13:04:21 | 000,000,000 | ---- | C] ()

 MRT.exe -> C:\WINDOWS\System32\MRT.exe -> [2010/03/03 21:33:00 | 050,295,240 | ---- | C] ()

 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Gallager2014\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/03/03 17:44:57 | 000,142,336 | ---- | C] ()

 ativpsrm.bin -> C:\WINDOWS\ativpsrm.bin -> [2010/03/03 16:19:09 | 000,000,000 | ---- | C] ()

 ati2sgag.exe -> C:\WINDOWS\System32\ati2sgag.exe -> [2010/03/03 16:15:04 | 000,593,920 | ---- | C] ()

 RtlCPAPI.dll -> C:\WINDOWS\System32\RtlCPAPI.dll -> [2010/03/03 16:09:02 | 000,135,168 | R--- | C] ()

 ChCfg.exe -> C:\WINDOWS\System32\ChCfg.exe -> [2010/03/03 16:09:02 | 000,040,960 | R--- | C] ()

 Ascd_tmp.ini -> C:\WINDOWS\Ascd_tmp.ini -> [2010/03/03 16:03:12 | 000,028,342 | ---- | C] ()

 ASACPI.sys -> C:\WINDOWS\System32\drivers\ASACPI.sys -> [2010/03/03 16:03:11 | 000,005,810 | R--- | C] ()

 ASUSHWIO.SYS -> C:\WINDOWS\System32\drivers\ASUSHWIO.SYS -> [2010/03/03 16:03:07 | 000,005,824 | ---- | C] ()

 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/03/03 15:56:46 | 000,002,048 | --S- | C] ()

 emptyregdb.dat -> C:\WINDOWS\System32\emptyregdb.dat -> [2010/03/03 15:53:14 | 000,021,640 | ---- | C] ()

 ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2010/03/03 10:27:41 | 000,004,161 | ---- | C] ()

 ftdiunin.exe -> C:\WINDOWS\System32\ftdiunin.exe -> [2010/01/29 14:16:28 | 000,188,416 | ---- | C] ()

 ftdiun2k.ini -> C:\WINDOWS\System32\ftdiun2k.ini -> [2010/01/29 14:16:28 | 000,000,133 | ---- | C] ()

 xlive.dll.cat -> C:\WINDOWS\System32\xlive.dll.cat -> [2009/08/07 19:51:34 | 000,178,430 | ---- | C] ()

 OGACheckControl.dll -> C:\WINDOWS\System32\OGACheckControl.dll -> [2009/08/03 15:07:42 | 000,403,816 | ---- | C] ()

 OGAEXEC.exe -> C:\WINDOWS\System32\OGAEXEC.exe -> [2009/08/03 15:07:42 | 000,230,768 | ---- | C] ()

 ativvaxx.dat -> C:\WINDOWS\System32\ativvaxx.dat -> [2008/12/01 15:11:20 | 003,107,788 | ---- | C] ()

 ativva5x.dat -> C:\WINDOWS\System32\ativva5x.dat -> [2008/12/01 15:11:20 | 003,107,788 | ---- | C] ()

 ativva6x.dat -> C:\WINDOWS\System32\ativva6x.dat -> [2008/12/01 15:11:20 | 000,887,724 | ---- | C] ()

 atiicdxx.dat -> C:\WINDOWS\System32\atiicdxx.dat -> [2008/10/30 09:45:42 | 000,180,720 | ---- | C] ()

 ATIODE.exe -> C:\WINDOWS\System32\ATIODE.exe -> [2008/10/21 12:40:00 | 000,081,920 | ---- | C] ()

 ATIODCLI.exe -> C:\WINDOWS\System32\ATIODCLI.exe -> [2008/10/21 12:40:00 | 000,045,056 | ---- | C] ()

 structuredqueryschematrivial.bin -> C:\WINDOWS\System32\structuredqueryschematrivial.bin -> [2008/05/26 21:59:42 | 000,018,904 | ---- | C] ()

 structuredqueryschema.bin -> C:\WINDOWS\System32\structuredqueryschema.bin -> [2008/05/26 21:59:40 | 000,106,605 | ---- | C] ()

 oembios.bin -> C:\WINDOWS\System32\oembios.bin -> [2008/04/14 07:00:00 | 013,107,200 | ---- | C] ()

 mlang.dat -> C:\WINDOWS\System32\mlang.dat -> [2008/04/14 07:00:00 | 000,673,088 | ---- | C] ()

 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2008/04/14 07:00:00 | 000,512,736 | ---- | C] ()

 perfi009.dat -> C:\WINDOWS\System32\perfi009.dat -> [2008/04/14 07:00:00 | 000,272,128 | ---- | C] ()

 dssec.dat -> C:\WINDOWS\System32\dssec.dat -> [2008/04/14 07:00:00 | 000,218,003 | ---- | C] ()

 afd.sys -> C:\WINDOWS\System32\drivers\afd.sys -> [2008/04/14 07:00:00 | 000,138,496 | ---- | C] ()

 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2008/04/14 07:00:00 | 000,097,812 | ---- | C] ()

 mib.bin -> C:\WINDOWS\System32\mib.bin -> [2008/04/14 07:00:00 | 000,046,258 | ---- | C] ()

 perfd009.dat -> C:\WINDOWS\System32\perfd009.dat -> [2008/04/14 07:00:00 | 000,028,626 | ---- | C] ()

 secupd.dat -> C:\WINDOWS\System32\secupd.dat -> [2008/04/14 07:00:00 | 000,004,569 | ---- | C] ()

 oembios.dat -> C:\WINDOWS\System32\oembios.dat -> [2008/04/14 07:00:00 | 000,004,461 | ---- | C] ()

 Dcache.bin -> C:\WINDOWS\System32\Dcache.bin -> [2008/04/14 07:00:00 | 000,001,804 | ---- | C] ()

 noise.dat -> C:\WINDOWS\System32\noise.dat -> [2008/04/14 07:00:00 | 000,000,741 | ---- | C] ()

 idxcntrs.ini -> C:\WINDOWS\System32\idxcntrs.ini -> [2007/09/27 10:51:02 | 000,020,698 | ---- | C] ()

 gsrvctr.ini -> C:\WINDOWS\System32\gsrvctr.ini -> [2007/09/27 10:48:48 | 000,030,628 | ---- | C] ()

 gthrctr.ini -> C:\WINDOWS\System32\gthrctr.ini -> [2007/09/27 10:48:28 | 000,031,698 | ---- | C] ()

 vorbisenc.dll -> C:\WINDOWS\System32\vorbisenc.dll -> [2003/11/16 04:48:02 | 000,909,312 | ---- | C] ()

 vorbis.dll -> C:\WINDOWS\System32\vorbis.dll -> [2003/11/16 04:48:00 | 001,060,864 | ---- | C] ()

 ogg.dll -> C:\WINDOWS\System32\ogg.dll -> [2003/11/15 11:54:18 | 000,036,864 | ---- | C] ()

 OggDS.dll -> C:\WINDOWS\System32\OggDS.dll -> [2002/10/06 17:42:58 | 000,237,568 | ---- | C] ()

 iyvu9_32.dll -> C:\WINDOWS\System32\iyvu9_32.dll -> [1997/06/13 20:56:08 | 000,056,832 | ---- | C] ()

< End of report >



#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:34 AM

Posted 07 December 2011 - 02:24 AM

Good Evening!

You're more than welcome!!

I've never seen it infect a flash drive myself, but I wouldn't put it past this infection as it's a pretty nasty beast.

Yes, this infection is only Windows based.

Running OTS Fix
Start OTS Copy/Paste the information inside the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: "ProxyServer" -> http=127.0.0.1:63677
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "" -> []
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
YN -> \\"NoControlPanel" -> [0]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22]
YN -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22]
YN -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Reg Error: Key error.]
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> SDWinLogon -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "E:\Program Files\BitTorrent\bittorrent.exe" -> [E:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent]
YN -> "K:\Torrent\Video\mIRC 6.35\mIRC.v6.35-DEViLiSiON\mirc.exe" -> [K:\Torrent\Video\mIRC 6.35\mIRC.v6.35-DEViLiSiON\mirc.exe:*:Enabled:mIRC]
< File Associations - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>\
YN -> .exe [@ = exefile] -> Reg Error: Key error.
[Files/Folders - Modified Within 30 Days]
NY ->  3g33i64u6x4t446137pj431d57w8x08u65hsu -> C:\Documents and Settings\Gallager2014\Local Settings\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu
NY ->  3g33i64u6x4t446137pj431d57w8x08u65hsu -> C:\Documents and Settings\All Users\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu
NY ->  Combined-Community-Codec-Pack-2011-11-11.exe -> C:\Documents and Settings\Gallager2014\My Documents\Combined-Community-Codec-Pack-2011-11-11.exe
[Files - No Company Name]
NY ->  3g33i64u6x4t446137pj431d57w8x08u65hsu -> C:\Documents and Settings\Gallager2014\Local Settings\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu
NY ->  3g33i64u6x4t446137pj431d57w8x08u65hsu -> C:\Documents and Settings\All Users\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu
[EmptyFlash]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.


NEXT:



Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Gallager2014

Gallager2014
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 07 December 2011 - 07:57 PM

I had to uninstall Spybot since I could not disable it and it was interfering with OTS fix. I am now getting a screen for "Outlook Express" asking if I want to compress messages to save space. Outlook is installed because of Office 2008 Ultimate. I do not use Outlook. Also, I am unable to enable the Windows Firewall. When I try to turn it on, it says it cannot start the ICS service. I have not tried google yet due to the firewall issue.

All Processes Killed

[Registry - Safe List]

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel deleted successfully.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\Contains\Files\ not found.

not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\Contains\Files\ not found.

not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\Contains\Files\ not found.

not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\Program Files\BitTorrent\bittorrent.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\K:\Torrent\Video\mIRC 6.35\mIRC.v6.35-DEViLiSiON\mirc.exe deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\shell\open\exefile\\'' updated successfully.

[Files/Folders - Modified Within 30 Days]

C:\Documents and Settings\Gallager2014\Local Settings\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu moved successfully.

C:\Documents and Settings\All Users\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu moved successfully.

C:\Documents and Settings\Gallager2014\My Documents\Combined-Community-Codec-Pack-2011-11-11.exe moved successfully.

[Files - No Company Name]

File C:\Documents and Settings\Gallager2014\Local Settings\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu not found!

File C:\Documents and Settings\All Users\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu not found!



[EMPTYFLASH]



User: Administrator



User: All Users



User: Default User



User: Gallager2014

->Flash cache emptied: 40582 bytes



User: LocalService



User: NetworkService

->Flash cache emptied: 8964 bytes



Total Flash Files Cleaned = 0.00 mb



Error starting restore point: System Restore is disabled.

Error closing restore point: System Restore is disabled.

< End of fix log >

OTS by OldTimer - Version 3.1.46.0 fix logfile created on 12072011_174728





ComboFix 11-12-04.01 - Gallager2014 12/07/2011 19:07:57.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1491 [GMT -5:00]

Running from: c:\documents and settings\Gallager2014\Desktop\Security\ComboFix.exe

AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

* Resident AV is active

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\1033\NonSDKAddonLangVer.dll

c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\1033\SDKAddonLangVer.dll

c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\addons\NonSDKAddonVer.dll

c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\addons\SDKAddonVer.dll

c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\SDKFilesVer.dll

c:\documents and settings\Gallager2014\aeohdghbqw.tmp

c:\documents and settings\Gallager2014\Application Data\mIRC\logs\status.log

c:\documents and settings\Gallager2014\WINDOWS

c:\windows\$NtUninstallKB15067$\3115971422

c:\windows\$NtUninstallKB15067$\4043492313\@

c:\windows\$NtUninstallKB15067$\4043492313\bckfg.tmp

c:\windows\$NtUninstallKB15067$\4043492313\cfg.ini

c:\windows\$NtUninstallKB15067$\4043492313\Desktop.ini

c:\windows\$NtUninstallKB15067$\4043492313\keywords

c:\windows\$NtUninstallKB15067$\4043492313\kwrd.dll

c:\windows\$NtUninstallKB15067$\4043492313\L\fmmetjjo

c:\windows\$NtUninstallKB15067$\4043492313\lsflt7.ver

c:\windows\$NtUninstallKB15067$\4043492313\U\00000001.@

c:\windows\$NtUninstallKB15067$\4043492313\U\00000002.@

c:\windows\$NtUninstallKB15067$\4043492313\U\00000004.@

c:\windows\$NtUninstallKB15067$\4043492313\U\80000000.@

c:\windows\$NtUninstallKB15067$\4043492313\U\80000004.@

c:\windows\$NtUninstallKB15067$\4043492313\U\80000032.@

c:\windows\hosts

c:\windows\system32\html

c:\windows\system32\html\calendar.html

c:\windows\system32\html\calendarbottom.html

c:\windows\system32\html\calendartop.html

c:\windows\system32\html\crystalexportdialog.htm

c:\windows\system32\html\crystalprinthost.html

c:\windows\system32\images

c:\windows\system32\images\toolbar\calendar.gif

c:\windows\system32\images\toolbar\crlogo.gif

c:\windows\system32\images\toolbar\export.gif

c:\windows\system32\images\toolbar\export_over.gif

c:\windows\system32\images\toolbar\exportd.gif

c:\windows\system32\images\toolbar\First.gif

c:\windows\system32\images\toolbar\first_over.gif

c:\windows\system32\images\toolbar\Firstd.gif

c:\windows\system32\images\toolbar\gotopage.gif

c:\windows\system32\images\toolbar\gotopage_over.gif

c:\windows\system32\images\toolbar\gotopaged.gif

c:\windows\system32\images\toolbar\grouptree.gif

c:\windows\system32\images\toolbar\grouptree_over.gif

c:\windows\system32\images\toolbar\grouptreed.gif

c:\windows\system32\images\toolbar\grouptreepressed.gif

c:\windows\system32\images\toolbar\Last.gif

c:\windows\system32\images\toolbar\last_over.gif

c:\windows\system32\images\toolbar\Lastd.gif

c:\windows\system32\images\toolbar\Next.gif

c:\windows\system32\images\toolbar\next_over.gif

c:\windows\system32\images\toolbar\Nextd.gif

c:\windows\system32\images\toolbar\Prev.gif

c:\windows\system32\images\toolbar\prev_over.gif

c:\windows\system32\images\toolbar\Prevd.gif

c:\windows\system32\images\toolbar\print.gif

c:\windows\system32\images\toolbar\print_over.gif

c:\windows\system32\images\toolbar\printd.gif

c:\windows\system32\images\toolbar\Refresh.gif

c:\windows\system32\images\toolbar\refresh_over.gif

c:\windows\system32\images\toolbar\refreshd.gif

c:\windows\system32\images\toolbar\Search.gif

c:\windows\system32\images\toolbar\search_over.gif

c:\windows\system32\images\toolbar\searchd.gif

c:\windows\system32\images\toolbar\up.gif

c:\windows\system32\images\toolbar\up_over.gif

c:\windows\system32\images\toolbar\upd.gif

c:\windows\system32\images\tree\begindots.gif

c:\windows\system32\images\tree\beginminus.gif

c:\windows\system32\images\tree\beginplus.gif

c:\windows\system32\images\tree\blank.gif

c:\windows\system32\images\tree\blankdots.gif

c:\windows\system32\images\tree\dots.gif

c:\windows\system32\images\tree\lastdots.gif

c:\windows\system32\images\tree\lastminus.gif

c:\windows\system32\images\tree\lastplus.gif

c:\windows\system32\images\tree\Magnify.gif

c:\windows\system32\images\tree\minus.gif

c:\windows\system32\images\tree\minusbox.gif

c:\windows\system32\images\tree\plus.gif

c:\windows\system32\images\tree\plusbox.gif

c:\windows\system32\images\tree\singleminus.gif

c:\windows\system32\images\tree\singleplus.gif

c:\windows\$NtUninstallKB15067$ . . . . Failed to delete

.

.

((((((((((((((((((((((((( Files Created from 2011-11-08 to 2011-12-08 )))))))))))))))))))))))))))))))

.

.

2011-12-07 22:29 . 2011-12-07 22:29 -------- d-----w- C:\_OTS

2011-12-07 22:22 . 2011-12-07 22:22 -------- d-----w- C:\ProcAlyzer Dumps

2011-12-04 08:10 . 2011-12-04 08:10 -------- d-----w- c:\documents and settings\Gallager2014\Application Data\Malwarebytes

2011-12-04 08:05 . 2011-12-07 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-12-04 08:04 . 2011-12-07 23:05 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2011-12-04 08:03 . 2011-12-04 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-12-04 08:03 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-04 08:03 . 2011-12-04 08:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-04 08:02 . 2011-12-04 08:02 -------- d-----w- c:\documents and settings\Gallager2014\Application Data\SUPERAntiSpyware.com

2011-12-04 08:01 . 2011-12-04 08:02 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-12-04 08:01 . 2011-12-04 08:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-12-04 07:45 . 2011-12-04 07:45 -------- d-----w- c:\program files\CCleaner

2011-12-03 20:24 . 2011-12-03 20:24 -------- d-----w- c:\documents and settings\Administrator

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-15 01:15 . 2011-06-16 21:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="e:\program files\Steam\Steam.exe" [2011-08-05 1242448]

"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Acrobat Speed Launcher"="g:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-12-22 38840]

"Acrobat Assistant 8.0"="g:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-12-21 640440]

"Zune Launcher"="f:\program files\ZuneLauncher.exe" [2010-01-07 158448]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"DataMigrationSoftwareMonitor.exe"="c:\program files\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe" [2010-11-01 2605224]

"Intel Scheduler2 Service"="c:\program files\Common Files\Intel\Schedule2\schedhlp.exe" [2010-11-01 362296]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"g:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Documents and Settings\\Gallager2014\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=

"c:\\Documents and Settings\\Gallager2014\\My Documents\\eclipse-SDK-3.5.2-win32\\eclipse\\eclipse.exe"=

"f:\\Program Files\\MusicBrainz Picard\\picard.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"g:\\eclipse\\eclipse.exe"=

"e:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=

"e:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"=

"e:\\Program Files\\Steam\\Steam.exe"=

"e:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"=

"e:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\X-Chat 2\\xchat.exe"=

"c:\\Documents and Settings\\Gallager2014\\Desktop\\utorrent.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server

"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server

"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"3306:TCP"= 3306:TCP:MySQL Server

"3307:TCP"= 3307:TCP:MySQL Server

.

R?2 MySQL5;MySQL5;"g:\program files\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="g:\program files\MySQL\MySQL Server 5.1\my.ini" MySQL5 --> g:\program files\MySQL\MySQL Server 5.1\bin\mysqld [?]

R?2 MySQL51;MySQL51;"g:\program files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="g:\program files\MySQL\MySQL Server 5.5\my.ini" MySQL51 --> g:\program files\MySQL\MySQL Server 5.5\bin\mysqld [?]

R0 axwhisky;axwhisky;c:\windows\system32\drivers\axwhisky.sys [7/2/2003 4:41 PM 5248]

R0 axwskbus;axwskbus;c:\windows\system32\drivers\axwskbus.sys [7/2/2003 3:49 PM 124160]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]

R2 DriverX;DriverX;c:\windows\system32\drivers\DRIVERX.SYS [10/16/2010 10:08 PM 234140]

R2 IntSch2Svc;Intel Scheduler2 Service;c:\program files\Common Files\Intel\Schedule2\schedul2.exe [11/1/2010 12:07 PM 817056]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/4/2011 3:03 AM 366152]

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [10/22/2009 8:07 PM 21256]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/3/2010 5:07 PM 70728]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/4/2011 3:03 AM 22216]

R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [6/11/2010 1:02 PM 35448]

S0 EzImage;DPS EzImage;c:\windows\system32\drivers\EzImage.sys [6/23/2008 4:15 PM 11088]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 4:46 AM 284016]

S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [3/23/2011 11:41 PM 10744]

S3 LAWHCZBOD;LAWHCZBOD;c:\docume~1\GALLAG~1\LOCALS~1\Temp\LAWHCZBOD.exe --> c:\docume~1\GALLAG~1\LOCALS~1\Temp\LAWHCZBOD.exe [?]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/3/2010 5:07 PM 65448]

S3 PciCon;PciCon;\??\h:\pcicon.sys --> h:\PciCon.sys [?]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [6/27/2008 1:39 AM 332928]

.

.

------- Supplementary Scan -------

.

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} - hxxps://webvpn214.ford.com/+CSCOL+/cscopf.cab

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-Spybot-S&D Cleaning - c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe

SafeBoot-WudfPf

SafeBoot-WudfRd

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-07 19:16

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL5]

"ImagePath"="\"g:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"g:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL5"

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL51]

"ImagePath"="\"g:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"g:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL51"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1100)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

- - - - - - - > 'explorer.exe'(3184)

c:\windows\system32\WININET.dll

c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

g:\program files\TortoiseSVN\bin\TortoiseStub.dll

g:\program files\TortoiseSVN\bin\TortoiseSVN.dll

g:\program files\TortoiseSVN\bin\intl3_tsvn.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\hnetcfg.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\McAfee\Common Framework\FrameworkService.exe

c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\program files\McAfee\Common Framework\naPrdMgr.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\windows\system32\ZuneBusEnum.exe

c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\McAfee\VirusScan Enterprise\mfeann.exe

g:\program files\TortoiseSVN\bin\TSVNCache.exe

c:\windows\RTHDCPL.EXE

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\McAfee\Common Framework\McTray.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\imapi.exe

.

**************************************************************************

.

Completion time: 2011-12-07 19:17:04 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-08 00:17

.

Pre-Run: 9,485,352,960 bytes free

Post-Run: 9,927,835,648 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

[spybotsd]

timeout.old=30

.

- - End Of File - - CF37D4B93B057EDEC5D0B782C9C2A63A

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:34 AM

Posted 08 December 2011 - 04:17 AM

Hi!

Thanks for that information.

I would select Non in regards to that message you are receiving from Outlook then.

  • You have word wrap turned on, this is making your logs difficult to read
  • Run notepad
  • Goto Format and untick Word Wrap


Can you please provide me with the complete error message you're receiving when you try to enable your firewall?

Also, please run a new scan with ComboFix and post the log it produces afterwords.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 Gallager2014

Gallager2014
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 08 December 2011 - 03:20 PM

The word wrap was coming from Gedit when I transfer the txt files from the problem computer to a computer running linux.
When clicking on "Cancel" for the Outlook Express message, it causes the taskbar to become unresponsive for a minute.
The messages I get pertaining to the firewall are below. I am still getting these messages after re-running ComboFix.:

"We're sorry. The Security Center could not turn on the Windows Firewall. To try turning on the firewall yourself, go to Widows Firewall in the Control Panel. In the Windows Firewall dialog General tab, select On (recommended), and then click OK."
When clicking on "Settings" for the firewall in Local Area Connection Properties, I get the message "Windows Firewall settings cannot be displayed because the associated service is not running. Do you want to start the Windows Firewall/Internet Connection Sharing (ICS) service?"
After I click yes, it states that it is starting the service and then displays "Windows cannot start the Windows Firewall/Internet Connection Sharing (ICS) service."


When running ComboFix this time, I did not get a warning about RootKit activity.

ComboFix 11-12-04.01 - Gallager2014 12/08/2011 14:57:35.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1469 [GMT -5:00]

Running from: c:\documents and settings\Gallager2014\Desktop\Security\ComboFix.exe

AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

.

.

((((((((((((((((((((((((( Files Created from 2011-11-08 to 2011-12-08 )))))))))))))))))))))))))))))))

.

.

2011-12-07 22:29 . 2011-12-07 22:29 -------- d-----w- C:\_OTS

2011-12-07 22:22 . 2011-12-07 22:22 -------- d-----w- C:\ProcAlyzer Dumps

2011-12-04 08:10 . 2011-12-04 08:10 -------- d-----w- c:\documents and settings\Gallager2014\Application Data\Malwarebytes

2011-12-04 08:05 . 2011-12-07 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-12-04 08:04 . 2011-12-07 23:05 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2011-12-04 08:03 . 2011-12-04 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-12-04 08:03 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-04 08:03 . 2011-12-04 08:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-04 08:02 . 2011-12-04 08:02 -------- d-----w- c:\documents and settings\Gallager2014\Application Data\SUPERAntiSpyware.com

2011-12-04 08:01 . 2011-12-04 08:02 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-12-04 08:01 . 2011-12-04 08:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-12-04 07:45 . 2011-12-04 07:45 -------- d-----w- c:\program files\CCleaner

2011-12-03 20:24 . 2011-12-03 20:24 -------- d-----w- c:\documents and settings\Administrator

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-15 01:15 . 2011-06-16 21:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-12-08_00.15.09 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-12-08 00:26 . 2011-12-08 00:26 16384 c:\windows\Temp\Perflib_Perfdata_7f0.dat

+ 2008-04-14 12:00 . 2011-12-08 19:49 97812 c:\windows\system32\perfc009.dat

- 2008-04-14 12:00 . 2011-12-08 00:09 97812 c:\windows\system32\perfc009.dat

+ 2008-04-14 12:00 . 2011-12-08 19:49 512736 c:\windows\system32\perfh009.dat

- 2008-04-14 12:00 . 2011-12-08 00:09 512736 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="e:\program files\Steam\Steam.exe" [2011-08-05 1242448]

"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Acrobat Speed Launcher"="g:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-12-22 38840]

"Acrobat Assistant 8.0"="g:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-12-21 640440]

"Zune Launcher"="f:\program files\ZuneLauncher.exe" [2010-01-07 158448]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"DataMigrationSoftwareMonitor.exe"="c:\program files\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe" [2010-11-01 2605224]

"Intel Scheduler2 Service"="c:\program files\Common Files\Intel\Schedule2\schedhlp.exe" [2010-11-01 362296]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"g:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Documents and Settings\\Gallager2014\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=

"c:\\Documents and Settings\\Gallager2014\\My Documents\\eclipse-SDK-3.5.2-win32\\eclipse\\eclipse.exe"=

"f:\\Program Files\\MusicBrainz Picard\\picard.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"g:\\eclipse\\eclipse.exe"=

"e:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=

"e:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"=

"e:\\Program Files\\Steam\\Steam.exe"=

"e:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"=

"e:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\X-Chat 2\\xchat.exe"=

"c:\\Documents and Settings\\Gallager2014\\Desktop\\utorrent.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server

"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server

"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"3306:TCP"= 3306:TCP:MySQL Server

"3307:TCP"= 3307:TCP:MySQL Server

.

R0 axwhisky;axwhisky;c:\windows\system32\drivers\axwhisky.sys [7/2/2003 4:41 PM 5248]

R0 axwskbus;axwskbus;c:\windows\system32\drivers\axwskbus.sys [7/2/2003 3:49 PM 124160]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]

R2 DriverX;DriverX;c:\windows\system32\drivers\DRIVERX.SYS [10/16/2010 10:08 PM 234140]

R2 IntSch2Svc;Intel Scheduler2 Service;c:\program files\Common Files\Intel\Schedule2\schedul2.exe [11/1/2010 12:07 PM 817056]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/4/2011 3:03 AM 366152]

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [10/22/2009 8:07 PM 21256]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/3/2010 5:07 PM 70728]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/4/2011 3:03 AM 22216]

R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [6/11/2010 1:02 PM 35448]

S0 EzImage;DPS EzImage;c:\windows\system32\drivers\EzImage.sys [6/23/2008 4:15 PM 11088]

S2 MySQL5;MySQL5;"g:\program files\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="g:\program files\MySQL\MySQL Server 5.1\my.ini" MySQL5 --> g:\program files\MySQL\MySQL Server 5.1\bin\mysqld [?]

S2 MySQL51;MySQL51;"g:\program files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="g:\program files\MySQL\MySQL Server 5.5\my.ini" MySQL51 --> g:\program files\MySQL\MySQL Server 5.5\bin\mysqld [?]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 4:46 AM 284016]

S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [3/23/2011 11:41 PM 10744]

S3 LAWHCZBOD;LAWHCZBOD;c:\docume~1\GALLAG~1\LOCALS~1\Temp\LAWHCZBOD.exe --> c:\docume~1\GALLAG~1\LOCALS~1\Temp\LAWHCZBOD.exe [?]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/3/2010 5:07 PM 65448]

S3 PciCon;PciCon;\??\h:\pcicon.sys --> h:\PciCon.sys [?]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [6/27/2008 1:39 AM 332928]

.

.

------- Supplementary Scan -------

.

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} - hxxps://webvpn214.ford.com/+CSCOL+/cscopf.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-08 15:00

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL5]

"ImagePath"="\"g:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"g:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL5"

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL51]

"ImagePath"="\"g:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"g:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL51"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1096)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

- - - - - - - > 'explorer.exe'(3588)

c:\windows\system32\WININET.dll

c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

g:\program files\TortoiseSVN\bin\TortoiseStub.dll

g:\program files\TortoiseSVN\bin\TortoiseSVN.dll

g:\program files\TortoiseSVN\bin\intl3_tsvn.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-12-08 15:01:18

ComboFix-quarantined-files.txt 2011-12-08 20:01

.

Pre-Run: 9,946,800,128 bytes free

Post-Run: 9,920,729,088 bytes free

.

- - End Of File - - D7A72312C4F3983B0A65191A4D03EF45

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:34 AM

Posted 09 December 2011 - 02:08 AM

Hi!

The word wrap was coming from Gedit when I transfer the txt files from the problem computer to a computer running linux.

ahh.. okay. Thanks for that information.

For the firewall issue please try this:

Go to Start > Run > Type in: netsh winsock reset

Followed by Enter.

Restart your computer and let me know if that error message is gone when you try to enable Windows Firewall.

Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 Gallager2014

Gallager2014
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 09 December 2011 - 05:59 PM

After resetting the winsock, I still get the same messages regarding the firewall. When I go into the services section of the Administrators Tools and try to start the service, I get error 10050, dead network.
Now I am unable to connect to the internet or anything on my network as to before it said I had minimal connectivity, but still allowed internet use., Since I do not a network connection on the problem computer, I cannot run the ESET Online Scanner

MBAM Log
Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org



Database version: 8320



Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702



12/9/2011 1:10:02 PM

mbam-log-2011-12-09 (13-10-02).txt



Scan type: Full scan (C:\|)

Objects scanned: 284639

Time elapsed: 23 minute(s), 16 second(s)



Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2



Memory Processes Infected:

(No malicious items detected)



Memory Modules Infected:

(No malicious items detected)



Registry Keys Infected:

(No malicious items detected)



Registry Values Infected:

(No malicious items detected)



Registry Data Items Infected:

(No malicious items detected)



Folders Infected:

(No malicious items detected)



Files Infected:

c:\documents and settings\gallager2014\application data\Sun\Java\deployment\cache\6.0\0\229ac5c0-71b955b0 (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\documents and settings\gallager2014\application data\Sun\Java\deployment\cache\6.0\0\433baf00-4bcab49d (Trojan.FakeMS) -> Quarantined and deleted successfully.



Results of screen317's Security Check version 0.99.28

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:


McAfee VirusScan Enterprise

McAfee Agent

Antivirus out of date!

```````````````````````````````

Anti-malware/Other Utilities Check:


Malwarebytes' Anti-Malware

CCleaner

Java DB 10.5.3.0

Java™ 6 Update 22

Java™ SE Development Kit 6 Update 22

Java version out of date!

Adobe Flash Player ( 10.0.2.54) Flash Player out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent


Malwarebytes' Anti-Malware mbamservice.exe

McAfee VirusScan Enterprise EngineServer.exe

McAfee VirusScan Enterprise VsTskMgr.exe

McAfee VirusScan Enterprise Mcshield.exe

``````````End of Log````````````

#10 Gallager2014

Gallager2014
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 09 December 2011 - 11:45 PM

I ran the lastest version of Kaspersky Virus Removal Tool. It flagged file "C:\WINDOWS\system32\drivers\afd.sys" as "Rootkit.Win32.ZAccess.k". It deleted the file and I still cannot enable the firewall or get a network connection.

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:34 AM

Posted 10 December 2011 - 01:51 AM

Go to Start > Run > copy/paste the following bolded commanded followed by ENTER: netsh winsock reset catalog

Please reboot your computer and see if you're able to connect to the internet.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 Gallager2014

Gallager2014
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 10 December 2011 - 04:42 PM

The firewall now enabled and I can connect to the internet. What is the next step?

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:34 AM

Posted 11 December 2011 - 06:31 AM

Hi!

Great! Glad to hear you're back up and running.

Please try to run the ESET Online Scanner.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 Gallager2014

Gallager2014
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 11 December 2011 - 05:54 PM

Not sure if the ones on the M drive are an issue. I have not opened them yet.


C:\Documents and Settings\Gallager2014\Application Data\Sun\Java\Deployment\cache\6.0\20\1d4c8254-193d0a7c multiple threats

M:\Torrent\apps\3D Studio Max 9.0 + Tutorials and Keygen\3dsmax9-keygen.zip probably a variant of Win32/Keygen.BT application

M:\Torrent\apps\Autodesk 3D Studio Max Design 2009\Autodesk 3D Studio Max Design 2009.iso a variant of Win32/Keygen.BT application

M:\Torrent\apps\AUTODESK.MAYA.V2011.SP1.WIN32-ISO\maya2011sp1x32.rar a variant of Win32/Keygen.BL application

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:34 AM

Posted 12 December 2011 - 12:37 AM

Hi!

These threat(s) below will be removed very shortly:

C:\Documents and Settings\Gallager2014\Application Data\Sun\Java\Deployment\cache\6.0\20\1d4c8254-193d0a7c multiple threats

M:\Torrent\apps\3D Studio Max 9.0 + Tutorials and Keygen\3dsmax9-keygen.zip probably a variant of Win32/Keygen.BT application

M:\Torrent\apps\Autodesk 3D Studio Max Design 2009\Autodesk 3D Studio Max Design 2009.iso a variant of Win32/Keygen.BT application

M:\Torrent\apps\AUTODESK.MAYA.V2011.SP1.WIN32-ISO\maya2011sp1x32.rar a variant of Win32/Keygen.BL application


____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Your SecurityCheck log indicates that your version of Flash Player is outdated. This is a vulnerability that needs to be addressed. Please remove the outdated version of Flash Player and then install the latest version.


Your Anti-Virus appears to be out of date, I suggest you update it to the latest version.


Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform:
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    C:\Documents and Settings\Gallager2014\Application Data\Sun\Java\Deployment\cache\6.0\20\1d4c8254-193d0a7c
    M:\Torrent\apps\3D Studio Max 9.0 + Tutorials and Keygen\
    M:\Torrent\apps\Autodesk 3D Studio Max Design 2009\
    M:\Torrent\apps\AUTODESK.MAYA.V2011.SP1.WIN32-ISO\
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Edited by SweetTech, 15 December 2011 - 02:06 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users