Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus trying to access out of my computer


  • This topic is locked This topic is locked
40 replies to this topic

#1 Ravens

Ravens

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 02 January 2012 - 09:59 PM

I keep getting the following message, "MalwareBytes has successfully blocked access to 188.95.52.164". Also, 83.133.121.156 and 62.122.75.230. Also, sometimes I get a Blue Screen when I boot up with "***STOP: 0x00000008E message." Ran GMER log program but went to Blue Screen before it completed.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Kevin at 14:30:10 on 2012-01-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.378 [GMT -5:00]
.
AV: Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PC Tools Security\TFEngine\TFService.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.verizon.net/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://search.myheritage.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
mURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
uWinlogon: Shell=explorer.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - McAfee Phishing Filter
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111221055652.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Virtual%20Families/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Virtual%20Families/Images/armhelper.ocx
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{8C39E20C-9047-4218-86DD-E9231E385F79} : DhcpNameServer = 192.168.1.1 71.242.0.12
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kevin\application data\mozilla\firefox\profiles\6azugwi4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.verizon.net/central/appmanager/portal/vzcentral
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 62848
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\kevin\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\kevin\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\kevin\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\kevin\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7\npapicomadapter.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-23 464176]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-1-1 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-1-1 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-1-1 656320]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2011-9-26 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2011-8-16 59080]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-1-1 51984]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-1-1 69392]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-9-23 89792]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012-1-1 249616]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2012-1-1 247760]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 143360]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-2 652872]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-23 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-23 150856]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2012-1-1 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2012-1-1 1150936]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2010-9-23 689392]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-23 57600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-2 20464]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-23 180816]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-23 338176]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-9-23 83856]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2012-1-1 70536]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-1-1 33552]
R3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2011-9-26 61328]
S2 gupdate1c965ed4c9097ae;Google Update Service (gupdate1c965ed4c9097ae);c:\program files\google\update\GoogleUpdate.exe [2008-12-24 133104]
S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-23 166288]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-7-2 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2008-12-24 133104]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-7-31 16968]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-23 59456]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-9-23 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-23 87656]
S4 McOobeSv;McAfee OOBE Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 214904]
.
=============== Created Last 30 ================
.
2012-01-02 14:20:03 -------- d-----w- c:\documents and settings\kevin\application data\Malwarebytes
2012-01-02 14:19:42 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-02 14:19:37 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-02 14:19:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-02 13:41:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-02 13:41:05 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-01-02 00:53:21 -------- d-----w- c:\documents and settings\kevin\application data\PCTools
2012-01-01 15:52:52 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-01-01 15:52:52 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-01-01 15:52:51 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-01-01 15:51:48 767952 ----a-w- c:\windows\BDTSupport.dll
2012-01-01 15:51:47 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-01-01 15:51:46 1996752 ----a-w- c:\windows\PCTBDCore.dll
2012-01-01 15:51:46 1533904 ----a-w- c:\windows\PCTBDRes.dll
2012-01-01 14:21:01 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-01-01 14:21:01 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-01-01 14:20:58 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-01-01 14:20:39 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-01-01 14:20:38 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-01-01 14:20:04 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-01-01 14:19:01 -------- d-----w- c:\program files\common files\PC Tools
2012-01-01 14:19:00 -------- d-----w- c:\program files\PC Tools Security
2012-01-01 14:19:00 -------- d-----w- c:\documents and settings\kevin\application data\PC Tools
2012-01-01 14:19:00 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-01-01 03:04:05 -------- d-----w- c:\documents and settings\kevin\local settings\application data\ESET
2011-12-31 16:50:16 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
2011-12-31 16:50:07 -------- d-----w- c:\program files\Security Task Manager
2011-12-30 13:59:55 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-30 13:59:55 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-24 14:28:04 -------- d-----w- c:\documents and settings\kevin\local settings\application data\Help
2011-12-15 01:13:58 -------- d-----w- c:\program files\STOPzilla!
2011-12-07 22:12:22 68648 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-12-07 22:12:22 547880 ----a-r- c:\windows\system32\SZComp5.dll
2011-12-07 22:12:22 482344 ----a-r- c:\windows\system32\SZBase5.dll
2011-12-07 22:12:22 457768 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-12-07 22:12:22 30248 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-12-07 22:12:22 24616 ----a-r- c:\windows\system32\SZIO5.dll
2011-12-07 22:12:22 134184 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-12-07 22:12:20 740392 ----a-r- c:\windows\system32\IS3Base5.dll
2011-12-07 22:12:20 392232 ----a-r- c:\windows\system32\IS3UI5.dll
2011-12-07 22:12:20 232488 ----a-r- c:\windows\system32\IS3Win325.dll
2011-12-07 22:12:20 105512 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-12-07 22:12:20 101416 ----a-r- c:\windows\system32\IS3Svc5.dll
.
==================== Find3M ====================
.
2011-12-30 13:54:28 90112 ----a-w- c:\windows\DUMP37d8.tmp
2011-12-30 13:52:37 90112 ----a-w- c:\windows\DUMP3846.tmp
2011-10-15 18:16:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 18:16:16 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-10-15 18:16:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 18:16:16 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-10-15 18:16:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-15 18:16:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 18:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 18:16:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 18:16:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 18:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
============= FINISH: 14:35:35.84 ===============

Attached Files


Edited by Budapest, 02 January 2012 - 10:07 PM.
Moved from XP ~Budapest


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:18 PM

Posted 05 January 2012 - 03:30 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


Please let me know how the above scans go.

Kindest Regards,
ST

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Ravens

Ravens
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 05 January 2012 - 03:59 AM

03:52:06.0437 0788 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
03:52:07.0656 0788 ============================================================
03:52:07.0656 0788 Current date / time: 2012/01/05 03:52:07.0656
03:52:07.0656 0788 SystemInfo:
03:52:07.0656 0788
03:52:07.0656 0788 OS Version: 5.1.2600 ServicePack: 3.0
03:52:07.0656 0788 Product type: Workstation
03:52:07.0656 0788 ComputerName: 779EDD7EF01147F
03:52:07.0656 0788 UserName: Kevin
03:52:07.0656 0788 Windows directory: C:\WINDOWS
03:52:07.0656 0788 System windows directory: C:\WINDOWS
03:52:07.0656 0788 Processor architecture: Intel x86
03:52:07.0656 0788 Number of processors: 2
03:52:07.0656 0788 Page size: 0x1000
03:52:07.0656 0788 Boot type: Safe boot with network
03:52:07.0656 0788 ============================================================
03:52:08.0625 0788 Initialize success
03:52:10.0781 0736 ============================================================
03:52:10.0781 0736 Scan started
03:52:10.0781 0736 Mode: Manual;
03:52:10.0781 0736 ============================================================
03:52:11.0890 0736 Scan interrupted by user!
03:52:11.0890 0736 Scan interrupted by user!
03:52:11.0890 0736 Scan interrupted by user!
03:52:11.0890 0736 ============================================================
03:52:11.0890 0736 Scan finished
03:52:11.0890 0736 ============================================================
03:52:11.0906 0912 Detected object count: 0
03:52:11.0906 0912 Actual detected object count: 0
03:52:23.0109 1572 ============================================================
03:52:23.0109 1572 Scan started
03:52:23.0109 1572 Mode: Manual;
03:52:23.0109 1572 ============================================================
03:52:24.0515 1572 Abiosdsk - ok
03:52:24.0640 1572 abp480n5 - ok
03:52:24.0843 1572 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
03:52:24.0859 1572 ACPI - ok
03:52:25.0062 1572 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
03:52:25.0062 1572 ACPIEC - ok
03:52:25.0171 1572 adpu160m - ok
03:52:25.0343 1572 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
03:52:25.0359 1572 aec - ok
03:52:25.0578 1572 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
03:52:25.0593 1572 AFD - ok
03:52:25.0718 1572 Aha154x - ok
03:52:25.0843 1572 aic78u2 - ok
03:52:25.0953 1572 aic78xx - ok
03:52:26.0078 1572 AliIde - ok
03:52:26.0500 1572 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
03:52:26.0703 1572 Ambfilt - ok
03:52:26.0875 1572 amsint - ok
03:52:27.0031 1572 asc - ok
03:52:27.0140 1572 asc3350p - ok
03:52:27.0265 1572 asc3550 - ok
03:52:27.0500 1572 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
03:52:27.0500 1572 AsyncMac - ok
03:52:27.0703 1572 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
03:52:27.0703 1572 atapi - ok
03:52:27.0843 1572 Atdisk - ok
03:52:28.0031 1572 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
03:52:28.0031 1572 Atmarpc - ok
03:52:28.0250 1572 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
03:52:28.0250 1572 audstub - ok
03:52:28.0406 1572 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
03:52:28.0406 1572 Beep - ok
03:52:28.0640 1572 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
03:52:28.0640 1572 cbidf2k - ok
03:52:28.0750 1572 cd20xrnt - ok
03:52:28.0984 1572 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
03:52:28.0984 1572 Cdaudio - ok
03:52:29.0203 1572 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
03:52:29.0203 1572 Cdfs - ok
03:52:29.0359 1572 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
03:52:29.0375 1572 Cdrom - ok
03:52:29.0578 1572 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\WINDOWS\system32\drivers\cfwids.sys
03:52:29.0578 1572 cfwids - ok
03:52:29.0703 1572 Changer - ok
03:52:29.0828 1572 CmdIde - ok
03:52:29.0968 1572 Cpqarray - ok
03:52:30.0078 1572 dac2w2k - ok
03:52:30.0203 1572 dac960nt - ok
03:52:30.0375 1572 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
03:52:30.0375 1572 Disk - ok
03:52:30.0671 1572 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
03:52:30.0781 1572 dmboot - ok
03:52:30.0953 1572 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
03:52:30.0968 1572 dmio - ok
03:52:31.0156 1572 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
03:52:31.0156 1572 dmload - ok
03:52:31.0343 1572 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
03:52:31.0359 1572 DMusic - ok
03:52:31.0531 1572 dpti2o - ok
03:52:31.0671 1572 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
03:52:31.0671 1572 drmkaud - ok
03:52:31.0906 1572 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
03:52:31.0921 1572 Fastfat - ok
03:52:32.0093 1572 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
03:52:32.0093 1572 Fdc - ok
03:52:32.0296 1572 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
03:52:32.0296 1572 Fips - ok
03:52:32.0453 1572 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
03:52:32.0453 1572 Flpydisk - ok
03:52:32.0671 1572 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
03:52:32.0687 1572 FltMgr - ok
03:52:32.0843 1572 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
03:52:32.0843 1572 Fs_Rec - ok
03:52:33.0046 1572 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
03:52:33.0062 1572 Ftdisk - ok
03:52:33.0265 1572 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
03:52:33.0265 1572 GEARAspiWDM - ok
03:52:33.0421 1572 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
03:52:33.0437 1572 Gpc - ok
03:52:33.0687 1572 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
03:52:33.0703 1572 HDAudBus - ok
03:52:33.0875 1572 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
03:52:33.0875 1572 hidusb - ok
03:52:34.0078 1572 hitmanpro35 (30b90793a568281bef70fa57dde305a2) C:\WINDOWS\system32\drivers\hitmanpro35.sys
03:52:34.0078 1572 hitmanpro35 - ok
03:52:34.0187 1572 hpn - ok
03:52:34.0546 1572 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
03:52:34.0703 1572 HSF_DPV - ok
03:52:34.0937 1572 HSXHWBS2 (f13eb2f8c0c1ca7bec4cc711be657d67) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
03:52:34.0968 1572 HSXHWBS2 - ok
03:52:35.0187 1572 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
03:52:35.0218 1572 HTTP - ok
03:52:35.0359 1572 i2omgmt - ok
03:52:35.0484 1572 i2omp - ok
03:52:35.0640 1572 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
03:52:35.0640 1572 i8042prt - ok
03:52:35.0859 1572 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
03:52:35.0859 1572 Imapi - ok
03:52:35.0968 1572 ini910u - ok
03:52:36.0859 1572 IntcAzAudAddService (55920481a44fa7bdde5fc1b9e02c7c2a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
03:52:37.0656 1572 IntcAzAudAddService - ok
03:52:37.0812 1572 IntelIde - ok
03:52:37.0953 1572 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
03:52:37.0968 1572 Ip6Fw - ok
03:52:38.0125 1572 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
03:52:38.0125 1572 IpFilterDriver - ok
03:52:38.0281 1572 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
03:52:38.0281 1572 IpInIp - ok
03:52:38.0453 1572 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
03:52:38.0468 1572 IpNat - ok
03:52:38.0656 1572 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
03:52:38.0671 1572 IPSec - ok
03:52:38.0781 1572 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
03:52:38.0781 1572 IRENUM - ok
03:52:38.0953 1572 is3srv (447e6a7c3e7e1cd550a8af889a8209e9) C:\WINDOWS\system32\drivers\is3srv.sys
03:52:38.0968 1572 is3srv - ok
03:52:39.0078 1572 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
03:52:39.0078 1572 isapnp - ok
03:52:39.0187 1572 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
03:52:39.0187 1572 Kbdclass - ok
03:52:39.0281 1572 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
03:52:39.0296 1572 kbdhid - ok
03:52:39.0406 1572 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
03:52:39.0437 1572 kmixer - ok
03:52:39.0578 1572 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
03:52:39.0578 1572 KSecDD - ok
03:52:39.0671 1572 lbrtfdc - ok
03:52:39.0828 1572 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
03:52:39.0828 1572 MBAMProtector - ok
03:52:39.0953 1572 MCSTRM - ok
03:52:40.0078 1572 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
03:52:40.0078 1572 mdmxsdk - ok
03:52:40.0250 1572 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\WINDOWS\system32\drivers\mfeapfk.sys
03:52:40.0265 1572 mfeapfk - ok
03:52:40.0406 1572 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys
03:52:40.0437 1572 mfeavfk - ok
03:52:40.0531 1572 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys
03:52:40.0546 1572 mfebopk - ok
03:52:40.0703 1572 mfefirek (215666a8a85023ef019b510cbb67f678) C:\WINDOWS\system32\drivers\mfefirek.sys
03:52:40.0703 1572 mfefirek - ok
03:52:40.0843 1572 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys
03:52:40.0906 1572 mfehidk - ok
03:52:41.0015 1572 mfendisk (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
03:52:41.0015 1572 mfendisk - ok
03:52:41.0031 1572 mfendiskmp (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
03:52:41.0031 1572 mfendiskmp - ok
03:52:41.0187 1572 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\WINDOWS\system32\drivers\mferkdet.sys
03:52:41.0187 1572 mferkdet - ok
03:52:41.0312 1572 mfetdi2k (922e64ca38e38106498fb3435a8e399d) C:\WINDOWS\system32\drivers\mfetdi2k.sys
03:52:41.0312 1572 mfetdi2k - ok
03:52:41.0453 1572 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
03:52:41.0453 1572 mnmdd - ok
03:52:41.0593 1572 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
03:52:41.0593 1572 Modem - ok
03:52:41.0906 1572 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
03:52:42.0093 1572 Monfilt - ok
03:52:42.0250 1572 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
03:52:42.0250 1572 Mouclass - ok
03:52:42.0375 1572 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
03:52:42.0375 1572 mouhid - ok
03:52:42.0484 1572 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
03:52:42.0484 1572 MountMgr - ok
03:52:42.0578 1572 mraid35x - ok
03:52:42.0671 1572 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
03:52:42.0671 1572 MREMP50 - ok
03:52:42.0765 1572 MREMPR5 - ok
03:52:42.0859 1572 MRENDIS5 - ok
03:52:42.0953 1572 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
03:52:42.0953 1572 MRESP50 - ok
03:52:43.0125 1572 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
03:52:43.0140 1572 MRxDAV - ok
03:52:43.0312 1572 MRxSmb (e3cdf9613a0ebb54c61481d47a3f4047) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
03:52:43.0312 1572 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: e3cdf9613a0ebb54c61481d47a3f4047, Fake md5: 0ea4d8ed179b75f8afa7998ba22285ca
03:52:43.0312 1572 MRxSmb ( Rootkit.Win32.ZAccess.aml ) - infected
03:52:43.0312 1572 MRxSmb - detected Rootkit.Win32.ZAccess.aml (0)
03:52:43.0453 1572 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
03:52:43.0453 1572 Msfs - ok
03:52:43.0578 1572 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
03:52:43.0578 1572 MSKSSRV - ok
03:52:43.0671 1572 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
03:52:43.0671 1572 MSPCLOCK - ok
03:52:43.0765 1572 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
03:52:43.0765 1572 MSPQM - ok
03:52:43.0859 1572 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
03:52:43.0875 1572 mssmbios - ok
03:52:43.0984 1572 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
03:52:43.0984 1572 Mup - ok
03:52:44.0156 1572 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
03:52:44.0171 1572 NDIS - ok
03:52:44.0281 1572 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
03:52:44.0281 1572 NdisTapi - ok
03:52:44.0375 1572 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
03:52:44.0390 1572 Ndisuio - ok
03:52:44.0484 1572 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
03:52:44.0484 1572 NdisWan - ok
03:52:44.0640 1572 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
03:52:44.0640 1572 NDProxy - ok
03:52:44.0796 1572 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
03:52:44.0796 1572 NetBIOS - ok
03:52:44.0906 1572 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
03:52:44.0937 1572 NetBT - ok
03:52:45.0125 1572 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
03:52:45.0125 1572 Npfs - ok
03:52:45.0281 1572 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
03:52:45.0343 1572 Ntfs - ok
03:52:45.0531 1572 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
03:52:45.0531 1572 Null - ok
03:52:46.0453 1572 nv (cce4877e45f5300fffbb4a6bc5e7fda7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
03:52:47.0250 1572 nv - ok
03:52:47.0453 1572 NVENETFD (1492c7738f68625805f5f53c8bad24c6) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
03:52:47.0453 1572 NVENETFD - ok
03:52:47.0609 1572 nvnetbus (ae73e61f07ddc84255bece6b02f18390) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
03:52:47.0609 1572 nvnetbus - ok
03:52:47.0781 1572 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
03:52:47.0796 1572 NwlnkFlt - ok
03:52:47.0953 1572 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
03:52:47.0968 1572 NwlnkFwd - ok
03:52:48.0140 1572 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
03:52:48.0140 1572 Parport - ok
03:52:48.0296 1572 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
03:52:48.0296 1572 PartMgr - ok
03:52:48.0453 1572 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
03:52:48.0453 1572 ParVdm - ok
03:52:48.0625 1572 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
03:52:48.0640 1572 PCI - ok
03:52:48.0765 1572 PCIDump - ok
03:52:48.0906 1572 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
03:52:48.0906 1572 PCIIde - ok
03:52:49.0078 1572 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
03:52:49.0093 1572 Pcmcia - ok
03:52:49.0265 1572 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\WINDOWS\system32\drivers\PCTCore.sys
03:52:49.0328 1572 PCTCore - ok
03:52:49.0531 1572 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
03:52:49.0593 1572 pctDS - ok
03:52:49.0875 1572 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys
03:52:50.0000 1572 pctEFA - ok
03:52:50.0265 1572 pctgntdi (b76c829f00b9b534405b4ed5f58b8f52) C:\WINDOWS\system32\drivers\pctgntdi.sys
03:52:50.0265 1572 pctgntdi - ok
03:52:50.0453 1572 pctplsg (c5c488e6232b29f5744b8f7988a20730) C:\WINDOWS\system32\drivers\pctplsg.sys
03:52:50.0484 1572 pctplsg - ok
03:52:50.0640 1572 PDCOMP - ok
03:52:50.0796 1572 PDFRAME - ok
03:52:50.0906 1572 PDRELI - ok
03:52:51.0031 1572 PDRFRAME - ok
03:52:51.0140 1572 perc2 - ok
03:52:51.0265 1572 perc2hib - ok
03:52:51.0468 1572 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
03:52:51.0468 1572 PptpMiniport - ok
03:52:51.0671 1572 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
03:52:51.0671 1572 Processor - ok
03:52:51.0843 1572 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
03:52:51.0859 1572 PSched - ok
03:52:52.0000 1572 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
03:52:52.0000 1572 Ptilink - ok
03:52:52.0203 1572 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
03:52:52.0218 1572 PxHelp20 - ok
03:52:52.0328 1572 ql1080 - ok
03:52:52.0437 1572 Ql10wnt - ok
03:52:52.0562 1572 ql12160 - ok
03:52:52.0671 1572 ql1240 - ok
03:52:52.0796 1572 ql1280 - ok
03:52:52.0953 1572 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
03:52:52.0953 1572 RasAcd - ok
03:52:53.0156 1572 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
03:52:53.0156 1572 Rasl2tp - ok
03:52:53.0343 1572 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
03:52:53.0359 1572 RasPppoe - ok
03:52:53.0500 1572 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
03:52:53.0500 1572 Raspti - ok
03:52:53.0750 1572 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
03:52:53.0781 1572 Rdbss - ok
03:52:53.0937 1572 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
03:52:53.0937 1572 RDPCDD - ok
03:52:54.0156 1572 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
03:52:54.0187 1572 rdpdr - ok
03:52:54.0390 1572 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
03:52:54.0406 1572 RDPWD - ok
03:52:54.0578 1572 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
03:52:54.0578 1572 redbook - ok
03:52:54.0843 1572 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
03:52:54.0843 1572 Secdrv - ok
03:52:55.0062 1572 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
03:52:55.0062 1572 Serial - ok
03:52:55.0250 1572 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
03:52:55.0250 1572 Sfloppy - ok
03:52:55.0406 1572 Simbad - ok
03:52:55.0531 1572 Sparrow - ok
03:52:55.0687 1572 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
03:52:55.0687 1572 splitter - ok
03:52:55.0843 1572 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
03:52:55.0859 1572 sr - ok
03:52:56.0078 1572 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
03:52:56.0109 1572 Srv - ok
03:52:56.0359 1572 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
03:52:56.0359 1572 swenum - ok
03:52:56.0531 1572 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
03:52:56.0531 1572 swmidi - ok
03:52:56.0703 1572 symc810 - ok
03:52:56.0812 1572 symc8xx - ok
03:52:56.0937 1572 SymIM - ok
03:52:57.0046 1572 SymIMMP - ok
03:52:57.0171 1572 sym_hi - ok
03:52:57.0281 1572 sym_u3 - ok
03:52:57.0437 1572 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
03:52:57.0453 1572 sysaudio - ok
03:52:57.0625 1572 szkg5 (447e6a7c3e7e1cd550a8af889a8209e9) C:\WINDOWS\system32\DRIVERS\szkg.sys
03:52:57.0640 1572 szkg5 - ok
03:52:57.0812 1572 szkgfs (2b8581dc75d6d043e273eb0244632bcb) C:\WINDOWS\system32\drivers\szkgfs.sys
03:52:57.0812 1572 szkgfs - ok
03:52:58.0015 1572 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
03:52:58.0062 1572 Tcpip - ok
03:52:58.0265 1572 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
03:52:58.0265 1572 TDPIPE - ok
03:52:58.0406 1572 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
03:52:58.0406 1572 TDTCP - ok
03:52:58.0546 1572 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
03:52:58.0562 1572 TermDD - ok
03:52:58.0734 1572 TfFsMon (18d09508877e3f697866b39e9d0e6dcf) C:\WINDOWS\system32\drivers\TfFsMon.sys
03:52:58.0734 1572 TfFsMon - ok
03:52:58.0921 1572 TfNetMon (c657f352613d8e592efb54cc35f21f5e) C:\WINDOWS\system32\drivers\TfNetMon.sys
03:52:58.0921 1572 TfNetMon - ok
03:52:59.0062 1572 TFSysMon (71e3073419cfda8d60813c1502acc420) C:\WINDOWS\system32\drivers\TfSysMon.sys
03:52:59.0078 1572 TFSysMon - ok
03:52:59.0234 1572 TosIde - ok
03:52:59.0390 1572 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
03:52:59.0390 1572 Udfs - ok
03:52:59.0531 1572 ultra - ok
03:52:59.0734 1572 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
03:52:59.0781 1572 Update - ok
03:52:59.0984 1572 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
03:53:00.0000 1572 USBAAPL - ok
03:53:00.0125 1572 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
03:53:00.0140 1572 usbccgp - ok
03:53:00.0343 1572 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
03:53:00.0343 1572 usbehci - ok
03:53:00.0546 1572 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
03:53:00.0546 1572 usbhub - ok
03:53:00.0734 1572 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
03:53:00.0750 1572 usbohci - ok
03:53:00.0906 1572 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
03:53:00.0921 1572 usbprint - ok
03:53:01.0109 1572 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
03:53:01.0109 1572 usbscan - ok
03:53:01.0296 1572 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
03:53:01.0296 1572 USBSTOR - ok
03:53:01.0500 1572 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
03:53:01.0500 1572 VgaSave - ok
03:53:01.0609 1572 ViaIde - ok
03:53:01.0765 1572 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
03:53:01.0781 1572 VolSnap - ok
03:53:01.0937 1572 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
03:53:01.0937 1572 Wanarp - ok
03:53:02.0062 1572 WDICA - ok
03:53:02.0203 1572 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
03:53:02.0218 1572 wdmaud - ok
03:53:02.0453 1572 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
03:53:02.0531 1572 winachsf - ok
03:53:02.0765 1572 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
03:53:02.0781 1572 WS2IFSL - ok
03:53:02.0984 1572 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
03:53:02.0984 1572 WudfPf - ok
03:53:03.0187 1572 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
03:53:03.0203 1572 WudfRd - ok
03:53:03.0343 1572 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\WINDOWS\system32\DRIVERS\xaudio.sys
03:53:03.0359 1572 XAudio - ok
03:53:03.0406 1572 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
03:53:03.0656 1572 \Device\Harddisk0\DR0 - ok
03:53:03.0656 1572 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
03:53:03.0656 1572 \Device\Harddisk1\DR4 - ok
03:53:03.0703 1572 Boot (0x1200) (8b2ba6329a536b013469734302605171) \Device\Harddisk0\DR0\Partition0
03:53:03.0703 1572 \Device\Harddisk0\DR0\Partition0 - ok
03:53:03.0703 1572 Boot (0x1200) (dd948b110c3196d66ffbf6145fd0f80f) \Device\Harddisk0\DR0\Partition1
03:53:03.0703 1572 \Device\Harddisk0\DR0\Partition1 - ok
03:53:03.0718 1572 Boot (0x1200) (6d5352f98d1580ca14c901e506f3bc4a) \Device\Harddisk1\DR4\Partition0
03:53:03.0718 1572 \Device\Harddisk1\DR4\Partition0 - ok
03:53:03.0718 1572 ============================================================
03:53:03.0718 1572 Scan finished
03:53:03.0718 1572 ============================================================
03:53:03.0718 0748 Detected object count: 1
03:53:03.0734 0748 Actual detected object count: 1
03:55:25.0015 0748 MRxSmb ( Rootkit.Win32.ZAccess.aml ) - skipped by user
03:55:25.0015 0748 MRxSmb ( Rootkit.Win32.ZAccess.aml ) - User select action: Skip
03:55:40.0312 0692 ============================================================
03:55:40.0312 0692 Scan started
03:55:40.0312 0692 Mode: Manual;
03:55:40.0312 0692 ============================================================
03:55:40.0531 0692 Abiosdsk - ok
03:55:40.0656 0692 abp480n5 - ok
03:55:40.0828 0692 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
03:55:40.0828 0692 ACPI - ok
03:55:41.0015 0692 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
03:55:41.0015 0692 ACPIEC - ok
03:55:41.0140 0692 adpu160m - ok
03:55:41.0296 0692 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
03:55:41.0296 0692 aec - ok
03:55:41.0515 0692 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
03:55:41.0515 0692 AFD - ok
03:55:41.0640 0692 Aha154x - ok
03:55:41.0750 0692 aic78u2 - ok
03:55:41.0875 0692 aic78xx - ok
03:55:41.0984 0692 AliIde - ok
03:55:42.0343 0692 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
03:55:42.0359 0692 Ambfilt - ok
03:55:42.0484 0692 amsint - ok
03:55:42.0609 0692 asc - ok
03:55:42.0718 0692 asc3350p - ok
03:55:42.0843 0692 asc3550 - ok
03:55:43.0046 0692 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
03:55:43.0046 0692 AsyncMac - ok
03:55:43.0234 0692 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
03:55:43.0234 0692 atapi - ok
03:55:43.0359 0692 Atdisk - ok
03:55:43.0500 0692 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
03:55:43.0500 0692 Atmarpc - ok
03:55:43.0718 0692 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
03:55:43.0718 0692 audstub - ok
03:55:43.0875 0692 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
03:55:43.0875 0692 Beep - ok
03:55:44.0046 0692 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
03:55:44.0046 0692 cbidf2k - ok
03:55:44.0187 0692 cd20xrnt - ok
03:55:44.0437 0692 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
03:55:44.0437 0692 Cdaudio - ok
03:55:44.0609 0692 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
03:55:44.0609 0692 Cdfs - ok
03:55:44.0765 0692 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
03:55:44.0765 0692 Cdrom - ok
03:55:44.0968 0692 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\WINDOWS\system32\drivers\cfwids.sys
03:55:44.0968 0692 cfwids - ok
03:55:45.0078 0692 Changer - ok
03:55:45.0250 0692 CmdIde - ok
03:55:45.0421 0692 Cpqarray - ok
03:55:45.0531 0692 dac2w2k - ok
03:55:45.0640 0692 dac960nt - ok
03:55:45.0812 0692 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
03:55:45.0812 0692 Disk - ok
03:55:46.0062 0692 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
03:55:46.0062 0692 dmboot - ok
03:55:46.0203 0692 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
03:55:46.0218 0692 dmio - ok
03:55:46.0375 0692 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
03:55:46.0375 0692 dmload - ok
03:55:46.0531 0692 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
03:55:46.0546 0692 DMusic - ok
03:55:46.0671 0692 dpti2o - ok
03:55:46.0812 0692 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
03:55:46.0812 0692 drmkaud - ok
03:55:47.0046 0692 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
03:55:47.0046 0692 Fastfat - ok
03:55:47.0187 0692 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
03:55:47.0203 0692 Fdc - ok
03:55:47.0406 0692 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
03:55:47.0406 0692 Fips - ok
03:55:47.0531 0692 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
03:55:47.0531 0692 Flpydisk - ok
03:55:47.0703 0692 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
03:55:47.0703 0692 FltMgr - ok
03:55:47.0859 0692 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
03:55:47.0859 0692 Fs_Rec - ok
03:55:48.0031 0692 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
03:55:48.0046 0692 Ftdisk - ok
03:55:48.0218 0692 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
03:55:48.0218 0692 GEARAspiWDM - ok
03:55:48.0406 0692 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
03:55:48.0406 0692 Gpc - ok
03:55:48.0593 0692 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
03:55:48.0593 0692 HDAudBus - ok
03:55:48.0812 0692 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
03:55:48.0812 0692 hidusb - ok
03:55:48.0968 0692 hitmanpro35 (30b90793a568281bef70fa57dde305a2) C:\WINDOWS\system32\drivers\hitmanpro35.sys
03:55:48.0968 0692 hitmanpro35 - ok
03:55:49.0125 0692 hpn - ok
03:55:49.0390 0692 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
03:55:49.0390 0692 HSF_DPV - ok
03:55:49.0562 0692 HSXHWBS2 (f13eb2f8c0c1ca7bec4cc711be657d67) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
03:55:49.0562 0692 HSXHWBS2 - ok
03:55:49.0750 0692 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
03:55:49.0750 0692 HTTP - ok
03:55:49.0906 0692 i2omgmt - ok
03:55:50.0062 0692 i2omp - ok
03:55:50.0218 0692 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
03:55:50.0218 0692 i8042prt - ok
03:55:50.0421 0692 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
03:55:50.0421 0692 Imapi - ok
03:55:50.0593 0692 ini910u - ok
03:55:51.0468 0692 IntcAzAudAddService (55920481a44fa7bdde5fc1b9e02c7c2a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
03:55:51.0500 0692 IntcAzAudAddService - ok
03:55:51.0671 0692 IntelIde - ok
03:55:51.0812 0692 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
03:55:51.0812 0692 Ip6Fw - ok
03:55:51.0984 0692 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
03:55:51.0984 0692 IpFilterDriver - ok
03:55:52.0140 0692 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
03:55:52.0140 0692 IpInIp - ok
03:55:52.0343 0692 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
03:55:52.0343 0692 IpNat - ok
03:55:52.0546 0692 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
03:55:52.0546 0692 IPSec - ok
03:55:52.0687 0692 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
03:55:52.0687 0692 IRENUM - ok
03:55:52.0875 0692 is3srv (447e6a7c3e7e1cd550a8af889a8209e9) C:\WINDOWS\system32\drivers\is3srv.sys
03:55:52.0875 0692 is3srv - ok
03:55:53.0046 0692 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
03:55:53.0046 0692 isapnp - ok
03:55:53.0234 0692 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
03:55:53.0250 0692 Kbdclass - ok
03:55:53.0406 0692 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
03:55:53.0406 0692 kbdhid - ok
03:55:53.0562 0692 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
03:55:53.0578 0692 kmixer - ok
03:55:53.0750 0692 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
03:55:53.0750 0692 KSecDD - ok
03:55:53.0906 0692 lbrtfdc - ok
03:55:54.0046 0692 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
03:55:54.0046 0692 MBAMProtector - ok
03:55:54.0203 0692 MCSTRM - ok
03:55:54.0343 0692 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
03:55:54.0343 0692 mdmxsdk - ok
03:55:54.0562 0692 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\WINDOWS\system32\drivers\mfeapfk.sys
03:55:54.0562 0692 mfeapfk - ok
03:55:54.0750 0692 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys
03:55:54.0750 0692 mfeavfk - ok
03:55:54.0953 0692 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys
03:55:54.0953 0692 mfebopk - ok
03:55:55.0140 0692 mfefirek (215666a8a85023ef019b510cbb67f678) C:\WINDOWS\system32\drivers\mfefirek.sys
03:55:55.0156 0692 mfefirek - ok
03:55:55.0406 0692 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys
03:55:55.0406 0692 mfehidk - ok
03:55:55.0578 0692 mfendisk (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
03:55:55.0593 0692 mfendisk - ok
03:55:55.0593 0692 mfendiskmp (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
03:55:55.0593 0692 mfendiskmp - ok
03:55:55.0812 0692 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\WINDOWS\system32\drivers\mferkdet.sys
03:55:55.0812 0692 mferkdet - ok
03:55:56.0000 0692 mfetdi2k (922e64ca38e38106498fb3435a8e399d) C:\WINDOWS\system32\drivers\mfetdi2k.sys
03:55:56.0000 0692 mfetdi2k - ok
03:55:56.0171 0692 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
03:55:56.0171 0692 mnmdd - ok
03:55:56.0375 0692 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
03:55:56.0390 0692 Modem - ok
03:55:56.0703 0692 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
03:55:56.0718 0692 Monfilt - ok
03:55:56.0921 0692 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
03:55:56.0921 0692 Mouclass - ok
03:55:57.0093 0692 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
03:55:57.0093 0692 mouhid - ok
03:55:57.0250 0692 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
03:55:57.0265 0692 MountMgr - ok
03:55:57.0390 0692 mraid35x - ok
03:55:57.0484 0692 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
03:55:57.0484 0692 MREMP50 - ok
03:55:57.0640 0692 MREMPR5 - ok
03:55:57.0796 0692 MRENDIS5 - ok
03:55:57.0859 0692 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
03:55:57.0859 0692 MRESP50 - ok
03:55:58.0062 0692 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
03:55:58.0062 0692 MRxDAV - ok
03:55:58.0312 0692 MRxSmb (e3cdf9613a0ebb54c61481d47a3f4047) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
03:55:58.0312 0692 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: e3cdf9613a0ebb54c61481d47a3f4047, Fake md5: 0ea4d8ed179b75f8afa7998ba22285ca
03:55:58.0312 0692 MRxSmb ( Rootkit.Win32.ZAccess.aml ) - infected
03:55:58.0312 0692 MRxSmb - detected Rootkit.Win32.ZAccess.aml (0)
03:55:58.0468 0692 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
03:55:58.0468 0692 Msfs - ok
03:55:58.0609 0692 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
03:55:58.0609 0692 MSKSSRV - ok
03:55:58.0781 0692 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
03:55:58.0781 0692 MSPCLOCK - ok
03:55:58.0937 0692 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
03:55:58.0937 0692 MSPQM - ok
03:55:59.0093 0692 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
03:55:59.0093 0692 mssmbios - ok
03:55:59.0250 0692 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
03:55:59.0265 0692 Mup - ok
03:55:59.0468 0692 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
03:55:59.0484 0692 NDIS - ok
03:55:59.0640 0692 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
03:55:59.0640 0692 NdisTapi - ok
03:55:59.0828 0692 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
03:55:59.0828 0692 Ndisuio - ok
03:55:59.0968 0692 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
03:55:59.0984 0692 NdisWan - ok
03:56:00.0171 0692 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
03:56:00.0171 0692 NDProxy - ok
03:56:00.0375 0692 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
03:56:00.0375 0692 NetBIOS - ok
03:56:00.0531 0692 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
03:56:00.0531 0692 NetBT - ok
03:56:00.0765 0692 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
03:56:00.0765 0692 Npfs - ok
03:56:00.0968 0692 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
03:56:00.0968 0692 Ntfs - ok
03:56:01.0171 0692 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
03:56:01.0171 0692 Null - ok
03:56:02.0125 0692 nv (cce4877e45f5300fffbb4a6bc5e7fda7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
03:56:02.0171 0692 nv - ok
03:56:02.0375 0692 NVENETFD (1492c7738f68625805f5f53c8bad24c6) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
03:56:02.0375 0692 NVENETFD - ok
03:56:02.0531 0692 nvnetbus (ae73e61f07ddc84255bece6b02f18390) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
03:56:02.0531 0692 nvnetbus - ok
03:56:02.0718 0692 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
03:56:02.0718 0692 NwlnkFlt - ok
03:56:02.0875 0692 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
03:56:02.0890 0692 NwlnkFwd - ok
03:56:03.0046 0692 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
03:56:03.0046 0692 Parport - ok
03:56:03.0250 0692 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
03:56:03.0250 0692 PartMgr - ok
03:56:03.0421 0692 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
03:56:03.0421 0692 ParVdm - ok
03:56:03.0562 0692 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
03:56:03.0562 0692 PCI - ok
03:56:03.0703 0692 PCIDump - ok
03:56:03.0843 0692 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
03:56:03.0843 0692 PCIIde - ok
03:56:04.0015 0692 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
03:56:04.0015 0692 Pcmcia - ok
03:56:04.0187 0692 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\WINDOWS\system32\drivers\PCTCore.sys
03:56:04.0203 0692 PCTCore - ok
03:56:04.0359 0692 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
03:56:04.0375 0692 pctDS - ok
03:56:04.0609 0692 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys
03:56:04.0609 0692 pctEFA - ok
03:56:04.0828 0692 pctgntdi (b76c829f00b9b534405b4ed5f58b8f52) C:\WINDOWS\system32\drivers\pctgntdi.sys
03:56:04.0843 0692 pctgntdi - ok
03:56:04.0984 0692 pctplsg (c5c488e6232b29f5744b8f7988a20730) C:\WINDOWS\system32\drivers\pctplsg.sys
03:56:04.0984 0692 pctplsg - ok
03:56:05.0093 0692 PDCOMP - ok
03:56:05.0218 0692 PDFRAME - ok
03:56:05.0328 0692 PDRELI - ok
03:56:05.0453 0692 PDRFRAME - ok
03:56:05.0562 0692 perc2 - ok
03:56:05.0687 0692 perc2hib - ok
03:56:05.0843 0692 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
03:56:05.0843 0692 PptpMiniport - ok
03:56:06.0031 0692 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
03:56:06.0031 0692 Processor - ok
03:56:06.0171 0692 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
03:56:06.0171 0692 PSched - ok
03:56:06.0328 0692 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
03:56:06.0328 0692 Ptilink - ok
03:56:06.0531 0692 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
03:56:06.0531 0692 PxHelp20 - ok
03:56:06.0656 0692 ql1080 - ok
03:56:06.0765 0692 Ql10wnt - ok
03:56:06.0875 0692 ql12160 - ok
03:56:07.0000 0692 ql1240 - ok
03:56:07.0109 0692 ql1280 - ok
03:56:07.0265 0692 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
03:56:07.0265 0692 RasAcd - ok
03:56:07.0437 0692 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
03:56:07.0437 0692 Rasl2tp - ok
03:56:07.0578 0692 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
03:56:07.0578 0692 RasPppoe - ok
03:56:07.0703 0692 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
03:56:07.0703 0692 Raspti - ok
03:56:07.0859 0692 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
03:56:07.0875 0692 Rdbss - ok
03:56:08.0078 0692 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
03:56:08.0078 0692 RDPCDD - ok
03:56:08.0218 0692 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
03:56:08.0218 0692 rdpdr - ok
03:56:08.0390 0692 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
03:56:08.0390 0692 RDPWD - ok
03:56:08.0593 0692 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
03:56:08.0593 0692 redbook - ok
03:56:08.0765 0692 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
03:56:08.0765 0692 Secdrv - ok
03:56:08.0968 0692 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
03:56:08.0968 0692 Serial - ok
03:56:09.0140 0692 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
03:56:09.0140 0692 Sfloppy - ok
03:56:09.0296 0692 Simbad - ok
03:56:09.0437 0692 Sparrow - ok
03:56:09.0593 0692 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
03:56:09.0593 0692 splitter - ok
03:56:09.0781 0692 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
03:56:09.0796 0692 sr - ok
03:56:10.0000 0692 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
03:56:10.0015 0692 Srv - ok
03:56:10.0218 0692 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
03:56:10.0218 0692 swenum - ok
03:56:10.0375 0692 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
03:56:10.0375 0692 swmidi - ok
03:56:10.0546 0692 symc810 - ok
03:56:10.0687 0692 symc8xx - ok
03:56:10.0796 0692 SymIM - ok
03:56:10.0906 0692 SymIMMP - ok
03:56:11.0031 0692 sym_hi - ok
03:56:11.0140 0692 sym_u3 - ok
03:56:11.0312 0692 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
03:56:11.0312 0692 sysaudio - ok
03:56:11.0500 0692 szkg5 (447e6a7c3e7e1cd550a8af889a8209e9) C:\WINDOWS\system32\DRIVERS\szkg.sys
03:56:11.0500 0692 szkg5 - ok
03:56:11.0625 0692 szkgfs (2b8581dc75d6d043e273eb0244632bcb) C:\WINDOWS\system32\drivers\szkgfs.sys
03:56:11.0625 0692 szkgfs - ok
03:56:11.0859 0692 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
03:56:11.0859 0692 Tcpip - ok
03:56:12.0062 0692 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
03:56:12.0062 0692 TDPIPE - ok
03:56:12.0203 0692 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
03:56:12.0203 0692 TDTCP - ok
03:56:12.0343 0692 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
03:56:12.0359 0692 TermDD - ok
03:56:12.0515 0692 TfFsMon (18d09508877e3f697866b39e9d0e6dcf) C:\WINDOWS\system32\drivers\TfFsMon.sys
03:56:12.0531 0692 TfFsMon - ok
03:56:12.0703 0692 TfNetMon (c657f352613d8e592efb54cc35f21f5e) C:\WINDOWS\system32\drivers\TfNetMon.sys
03:56:12.0703 0692 TfNetMon - ok
03:56:12.0906 0692 TFSysMon (71e3073419cfda8d60813c1502acc420) C:\WINDOWS\system32\drivers\TfSysMon.sys
03:56:12.0906 0692 TFSysMon - ok
03:56:13.0046 0692 TosIde - ok
03:56:13.0203 0692 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
03:56:13.0203 0692 Udfs - ok
03:56:13.0359 0692 ultra - ok
03:56:13.0546 0692 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
03:56:13.0546 0692 Update - ok
03:56:13.0765 0692 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
03:56:13.0765 0692 USBAAPL - ok
03:56:13.0906 0692 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
03:56:13.0906 0692 usbccgp - ok
03:56:14.0078 0692 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
03:56:14.0078 0692 usbehci - ok
03:56:14.0281 0692 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
03:56:14.0281 0692 usbhub - ok
03:56:14.0437 0692 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
03:56:14.0437 0692 usbohci - ok
03:56:14.0593 0692 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
03:56:14.0593 0692 usbprint - ok
03:56:14.0781 0692 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
03:56:14.0781 0692 usbscan - ok
03:56:14.0968 0692 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
03:56:14.0968 0692 USBSTOR - ok
03:56:15.0171 0692 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
03:56:15.0171 0692 VgaSave - ok
03:56:15.0296 0692 ViaIde - ok
03:56:15.0453 0692 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
03:56:15.0453 0692 VolSnap - ok
03:56:15.0625 0692 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
03:56:15.0625 0692 Wanarp - ok
03:56:15.0750 0692 WDICA - ok
03:56:15.0906 0692 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
03:56:15.0906 0692 wdmaud - ok
03:56:16.0187 0692 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
03:56:16.0203 0692 winachsf - ok
03:56:16.0406 0692 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
03:56:16.0406 0692 WS2IFSL - ok
03:56:16.0562 0692 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
03:56:16.0562 0692 WudfPf - ok
03:56:16.0734 0692 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
03:56:16.0750 0692 WudfRd - ok
03:56:16.0890 0692 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\WINDOWS\system32\DRIVERS\xaudio.sys
03:56:16.0890 0692 XAudio - ok
03:56:16.0937 0692 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
03:56:17.0125 0692 \Device\Harddisk0\DR0 - ok
03:56:17.0125 0692 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
03:56:17.0140 0692 \Device\Harddisk1\DR4 - ok
03:56:17.0156 0692 Boot (0x1200) (8b2ba6329a536b013469734302605171) \Device\Harddisk0\DR0\Partition0
03:56:17.0156 0692 \Device\Harddisk0\DR0\Partition0 - ok
03:56:17.0171 0692 Boot (0x1200) (dd948b110c3196d66ffbf6145fd0f80f) \Device\Harddisk0\DR0\Partition1
03:56:17.0171 0692 \Device\Harddisk0\DR0\Partition1 - ok
03:56:17.0187 0692 Boot (0x1200) (6d5352f98d1580ca14c901e506f3bc4a) \Device\Harddisk1\DR4\Partition0
03:56:17.0187 0692 \Device\Harddisk1\DR4\Partition0 - ok
03:56:17.0187 0692 ============================================================
03:56:17.0187 0692 Scan finished
03:56:17.0187 0692 ============================================================
03:56:17.0218 0292 Detected object count: 1
03:56:17.0218 0292 Actual detected object count: 1
03:56:25.0984 0292 MRxSmb ( Rootkit.Win32.ZAccess.aml ) - skipped by user
03:56:25.0984 0292 MRxSmb ( Rootkit.Win32.ZAccess.aml ) - User select action: Skip

#4 Ravens

Ravens
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 05 January 2012 - 04:12 AM

OTL logfile created on: 1/5/2012 4:02:47 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Kevin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 77.21% Memory free
3.79 Gb Paging File | 3.49 Gb Available in Paging File | 92.06% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 186.44 Gb Free Space | 83.69% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.22 Gb Free Space | 62.19% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 436.76 Gb Free Space | 93.77% Space Free | Partition Type: NTFS

Computer Name: 779EDD7EF01147F | User Name: Kevin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/05 04:01:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\My Documents\Downloads\OTL.exe
PRC - [2011/11/22 17:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/11/20 23:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/12/01 14:49:56 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/20 23:04:51 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/07/02 09:17:33 | 006,271,648 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/07 17:12:26 | 000,068,648 | R--- | M] (iS3, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/06/23 14:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/05/24 15:02:04 | 000,143,360 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/12/09 10:48:10 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/12/02 11:33:12 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/16 15:28:50 | 000,689,392 | ---- | M] (Radialpoint Inc.) [Auto | Stopped] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/09/25 22:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Stopped] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 13:16:16 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/10/15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/10/15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/10/15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/09/26 11:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2011/09/26 11:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2011/08/16 16:48:30 | 000,059,080 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2011/02/24 17:21:10 | 006,340,200 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011/02/08 23:33:15 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2010/12/02 11:33:12 | 000,069,392 | --S- | M] (PC Tools) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2010/12/02 11:33:12 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/12/02 11:33:12 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/11/25 10:43:00 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/11/25 10:42:10 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/11/17 10:19:50 | 000,249,616 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/11/18 06:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 06:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/11/01 15:47:56 | 000,267,776 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2007/10/18 13:36:54 | 000,008,704 | R--- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/30 10:58:56 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/07/30 10:58:54 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-861567501-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-861567501-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
IE - HKU\S-1-5-21-861567501-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-861567501-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-861567501-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.net/
IE - HKU\S-1-5-21-861567501-1592454029-839522115-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-861567501-1592454029-839522115-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-861567501-1592454029-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.verizon.net/central/appmanager/portal/vzcentral"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 62848
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Kevin\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Kevin\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Kevin\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Kevin\Application Data\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Kevin\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/10 09:00:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/01/03 20:12:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2012/01/01 10:52:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/03 07:39:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/02 09:11:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Kevin\Application Data\Move Networks [2011/12/28 16:50:42 | 000,000,000 | ---D | M]

[2010/04/12 17:50:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions
[2011/05/05 20:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\6azugwi4.default\extensions
[2010/04/12 17:58:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\6azugwi4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/03 07:39:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/03 20:12:36 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2009/03/07 03:00:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/10 09:00:27 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 13:08:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/02/07 09:13:28 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Comcast Search ()
CHR - default_search_provider: search_url = http://search.comcast.net/search?cat=Web&con=ie7&q={searchTerms}
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2012/01/01 06:06:19 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20111221055652.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3 - HKLM\..\Toolbar: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O3 - HKU\S-1-5-21-861567501-1592454029-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-861567501-1592454029-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No CLSID value found.
O3 - HKU\S-1-5-21-861567501-1592454029-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O3 - HKU\S-1-5-21-861567501-1592454029-839522115-1003\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-861567501-1592454029-839522115-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKU\S-1-5-21-861567501-1592454029-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-861567501-1592454029-839522115-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-861567501-1592454029-839522115-1003\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-861567501-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKU\S-1-5-21-861567501-1592454029-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Reg Error: Key error.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Virtual%20Families/Images/stg_drm.ocx (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Reg Error: Key error.)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Virtual%20Families/Images/armhelper.ocx (Reg Error: Key error.)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab (Reg Error: Key error.)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C39E20C-9047-4218-86DD-E9231E385F79}: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-861567501-1592454029-839522115-1003 Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/29 08:41:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/30 15:27:23 | 000,000,067 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-861567501-1592454029-839522115-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/05 03:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Verizon
[2012/01/02 14:30:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kevin\Start Menu\Programs\Administrative Tools
[2012/01/02 09:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\Malwarebytes
[2012/01/02 09:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/02 09:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/02 09:19:37 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/02 09:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/02 08:41:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/02 08:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/01/02 08:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/01/01 19:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\PCTools
[2012/01/01 10:52:52 | 000,069,392 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2012/01/01 10:52:52 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2012/01/01 10:52:51 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2012/01/01 10:51:47 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2012/01/01 10:51:46 | 001,996,752 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2012/01/01 10:51:46 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2012/01/01 09:21:01 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2012/01/01 09:21:01 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2012/01/01 09:20:58 | 000,249,616 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2012/01/01 09:20:39 | 000,239,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2012/01/01 09:20:38 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2012/01/01 09:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2012/01/01 09:20:04 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2012/01/01 09:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/01/01 09:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2012/01/01 09:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\PC Tools
[2012/01/01 09:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/12/31 22:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Local Settings\Application Data\ESET
[2011/12/31 11:50:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/12/31 11:50:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager
[2011/12/31 11:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2011/12/30 14:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2011/12/24 09:28:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Local Settings\Application Data\Help
[2011/12/24 09:28:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\Help
[2011/12/16 01:47:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kevin\Recent
[2011/12/14 20:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2011/12/14 20:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/12/07 17:12:22 | 000,547,880 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/12/07 17:12:22 | 000,482,344 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/12/07 17:12:22 | 000,457,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/12/07 17:12:22 | 000,134,184 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/12/07 17:12:22 | 000,068,648 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/12/07 17:12:22 | 000,030,248 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/12/07 17:12:22 | 000,024,616 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/12/07 17:12:20 | 000,740,392 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/12/07 17:12:20 | 000,392,232 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/12/07 17:12:20 | 000,232,488 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/12/07 17:12:20 | 000,105,512 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/12/07 17:12:20 | 000,101,416 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\Documents and Settings\Kevin\My Documents\*.tmp files -> C:\Documents and Settings\Kevin\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/05 03:50:12 | 000,001,589 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Verizon Internet Security Suite.lnk
[2012/01/05 03:45:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/05 03:44:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/05 03:38:51 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/03 19:45:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/02 14:42:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/02 13:27:31 | 000,435,568 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/02 13:27:31 | 000,068,272 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/02 11:22:03 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/01/02 09:19:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/02 08:41:35 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/01/02 08:41:34 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Spybot - Search & Destroy.lnk
[2012/01/01 09:21:37 | 000,718,908 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/01 09:20:29 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2012/01/01 08:14:54 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/01 06:06:19 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/30 03:26:02 | 000,001,392 | -HS- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\nwm288sf5phs43jw5r741j3olffuk5rl8vljl
[2011/12/30 03:26:02 | 000,001,392 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\nwm288sf5phs43jw5r741j3olffuk5rl8vljl
[2011/12/17 01:54:49 | 000,001,306 | -HS- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\apeppn1h4idd2iho5rqx5t676v5h
[2011/12/17 01:54:49 | 000,001,306 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\apeppn1h4idd2iho5rqx5t676v5h
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/07 17:12:22 | 000,547,880 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/12/07 17:12:22 | 000,482,344 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/12/07 17:12:22 | 000,457,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/12/07 17:12:22 | 000,134,184 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/12/07 17:12:22 | 000,068,648 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/12/07 17:12:22 | 000,030,248 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/12/07 17:12:22 | 000,024,616 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/12/07 17:12:20 | 000,740,392 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/12/07 17:12:20 | 000,392,232 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/12/07 17:12:20 | 000,232,488 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/12/07 17:12:20 | 000,105,512 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/12/07 17:12:20 | 000,101,416 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\Documents and Settings\Kevin\My Documents\*.tmp files -> C:\Documents and Settings\Kevin\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/02 09:19:50 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/02 08:41:35 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/01/02 08:41:34 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Spybot - Search & Destroy.lnk
[2012/01/01 10:51:48 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2012/01/01 10:51:47 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2012/01/01 10:51:47 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2012/01/01 10:51:46 | 000,002,052 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2012/01/01 10:51:46 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2012/01/01 09:21:04 | 000,718,908 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/01 09:20:29 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2011/12/30 03:25:43 | 000,001,392 | -HS- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\nwm288sf5phs43jw5r741j3olffuk5rl8vljl
[2011/12/30 03:25:43 | 000,001,392 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\nwm288sf5phs43jw5r741j3olffuk5rl8vljl
[2011/12/22 04:44:31 | 000,001,589 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Verizon Internet Security Suite.lnk
[2011/12/17 01:54:49 | 000,001,306 | -HS- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\apeppn1h4idd2iho5rqx5t676v5h
[2011/12/17 01:54:49 | 000,001,306 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\apeppn1h4idd2iho5rqx5t676v5h
[2011/06/25 06:39:40 | 000,152,603 | ---- | C] () -- C:\WINDOWS\hppins09.dat
[2011/06/25 06:39:40 | 000,004,144 | ---- | C] () -- C:\WINDOWS\hppmdl09.dat
[2011/06/22 20:41:48 | 001,035,576 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/22 19:52:20 | 000,017,340 | -HS- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\2028ls5r42sbmtq44o1spre0b8xxa1t
[2011/06/22 19:52:20 | 000,017,340 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2028ls5r42sbmtq44o1spre0b8xxa1t
[2011/06/22 15:00:52 | 000,001,926 | -HS- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\w568slnqkb30e8664s56
[2011/06/22 15:00:52 | 000,001,926 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\w568slnqkb30e8664s56
[2011/06/17 17:32:22 | 000,017,560 | -HS- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\526py1f45q3yx26sn
[2011/06/17 17:32:22 | 000,017,560 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\526py1f45q3yx26sn
[2011/06/03 16:59:25 | 000,015,716 | -HS- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\34q37gkmi64pl80qvtj7w66r10y20on1ebds653xcy
[2011/06/03 16:59:25 | 000,015,716 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\34q37gkmi64pl80qvtj7w66r10y20on1ebds653xcy
[2011/05/24 03:28:02 | 000,002,916 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\56E2.960
[2011/05/15 21:27:55 | 000,012,870 | -HS- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\8yo32u74a4
[2011/05/15 21:27:55 | 000,012,870 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8yo32u74a4
[2011/05/15 10:04:47 | 000,016,224 | -HS- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\w6r2f6ci4p63ya75hgb4wc01
[2011/05/15 10:04:47 | 000,016,224 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\w6r2f6ci4p63ya75hgb4wc01
[2011/05/15 05:13:36 | 000,014,168 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t8ep373pu27424b48188bn415sj2fd77e
[2011/05/15 05:13:35 | 000,014,168 | -HS- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\t8ep373pu27424b48188bn415sj2fd77e
[2011/05/14 10:28:28 | 000,014,528 | -HS- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\0k6wg7yi8bi1155w717h311gb6sh301kc1x6rfl
[2011/05/14 10:28:28 | 000,014,528 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0k6wg7yi8bi1155w717h311gb6sh301kc1x6rfl
[2011/05/12 09:48:57 | 000,001,340 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\g8x4u1837i1s
[2011/05/12 09:48:56 | 000,001,340 | -HS- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\g8x4u1837i1s
[2011/03/20 20:04:11 | 000,152,632 | ---- | C] () -- C:\WINDOWS\hppins09.dat.temp
[2011/03/20 20:04:11 | 000,004,144 | ---- | C] () -- C:\WINDOWS\hppmdl09.dat.temp
[2011/02/13 20:08:27 | 000,010,709 | ---- | C] () -- C:\WINDOWS\hpwscr19.dat
[2011/02/13 20:07:21 | 000,176,472 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2011/02/13 20:07:21 | 000,000,997 | ---- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2011/02/07 14:59:54 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/18 08:39:34 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2010/09/18 08:39:34 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2010/09/18 08:39:16 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2010/09/18 08:39:05 | 000,000,268 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/07/31 19:24:55 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/12 17:50:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/13 17:00:25 | 000,084,156 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/16 07:21:54 | 000,000,478 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/05/29 14:36:42 | 000,000,004 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat
[2008/12/28 10:17:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2008/12/21 13:40:26 | 000,000,621 | ---- | C] () -- C:\WINDOWS\System32\hppapr09.dat
[2008/12/21 13:40:14 | 000,000,154 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/12/21 13:39:33 | 000,000,768 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/12/21 13:36:07 | 000,157,043 | ---- | C] () -- C:\WINDOWS\System32\hppins09.dat
[2008/12/03 06:39:44 | 400,042,528 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/12/03 06:39:44 | 006,845,984 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/11/20 20:31:22 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/31 17:39:32 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/10/16 15:55:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/09/26 19:11:56 | 000,192,512 | ---- | C] () -- C:\WINDOWS\off-road-uninst.exe
[2008/09/24 19:15:18 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008/09/08 18:48:24 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\mcs.rma
[2008/09/08 18:48:24 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\7BDA5A
[2008/09/01 16:58:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/29 11:47:09 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/08/29 11:47:08 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/08/29 11:47:08 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/08/29 11:47:08 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2008/08/29 11:47:08 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/08/29 11:47:08 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/08/29 11:47:07 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/08/29 11:47:07 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/08/29 11:47:06 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/08/29 11:47:05 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/08/29 11:23:17 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/08/29 10:17:10 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2008/08/29 08:42:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/29 08:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/29 04:34:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/29 04:33:22 | 000,388,792 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2004/08/12 08:36:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 08:36:06 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 08:28:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 08:26:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 08:26:07 | 000,435,568 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/12 08:26:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 08:26:05 | 000,068,272 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/12 08:24:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/12 08:22:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 08:22:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 08:18:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/12 08:18:32 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Unicode (All) ==========
[2009/06/25 13:45:00 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/06/25 13:45:00 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25DB76AE
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1299CD38
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94A6C632
@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4AC52CAB
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:007DF10C
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7E2DE81
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF2F4B57
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18186C66
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D23FAE12
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CD95DE0
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:589743E1
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AEB42F1
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98E800E7
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FACFF6A
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDC1B76E
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03460648
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C76BA037
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3A1351B
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A752D3DB
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:58D2A680
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:287E7337
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD444B22
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B58DB468
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:898109B4
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73933431
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C6A77F3
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97BC2CAF
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CEFEABF
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CC4EC8D
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2611698
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5216CD26
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3757C473
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29058F8B
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51284D0
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90F98586
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72E546C1
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B803FAA
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55A84CE5
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C6E4889
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8A7F3FF
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:962CAC6E
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DA18708
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CC33C80
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3447AB86
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:290A724C
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D32EC29
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15769D8A
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D30E46DD
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9B1C40F
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F280981
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B85C37B
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A74A9A7
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30A9E86A
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6683E95
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABE30DDB
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FCD73D7
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:686AD3D3
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02C1CB6D
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E60C72DB
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:700CD00E
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50308CED
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B3EC7D1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB6B9259
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB24555F
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AED4FFF5
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E22C00F
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CA9DB58
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27EEEB5C
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E36F5B57
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8908BDEA
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87638BB9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7807E31A
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C08335F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D7E5A8F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:354E094D
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E35A81F4
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1E7CA3C
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AB56A06
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:933604B8
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:912389B7
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75EC4D20
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7334CE5D
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45CAB638
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:436CCEE3
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C47E54BB
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB7A26C6
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A771A24A
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D222DF8
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67F0F865
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5854B349
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45A334DD
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2702A8B3
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75EFCFC2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:385BC52C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:119BAB3D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C19FC3F
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9CAEE170
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94124B85
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E85021E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:417F5F46
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00C31200
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:981884E7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75494C12
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C12E68D
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F9EA006
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9F6664C
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0B05FE5
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8A04BF3F
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C327EC7
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F061FB48
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DC4F775A
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A724744F
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80EFC1E5
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7DF1EF45
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3064D21D
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B210DD3
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE53E4F7
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A08645B5
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7715B65F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38337420
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F82297CD
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B894C266
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52C7848E
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:343BD036
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B1330FD
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90E3641D
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E3698DB
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CAB0377
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54301EF8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4804DAC2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24791EDE
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EEE3BBB
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49CABE45
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23BEBB72
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93CEB973
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91EA783C
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:82C50600
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81405BF2
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CF22001
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C25C9263
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD8705CE
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B295472F
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A696643D
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F405A6B
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA2FBCA1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DD00E73
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8CDA1A5
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8591AF9
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04A2BA27
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F264F2FD
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71973CDF
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:273A8657
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:077CC761
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:997E6AF4
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95B7F1EC
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8669B93
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68F81F4B
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2513875
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BC95BE9
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32F13BFB
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9744B982
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95E5EC48
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:426796C0
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA50D64F
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24E8169B
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0E19514
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:604AF115
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59D05D9A
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AF59965

< End of report >

#5 Ravens

Ravens
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 05 January 2012 - 04:14 AM

OTL Extras logfile created on: 1/5/2012 4:02:47 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Kevin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 77.21% Memory free
3.79 Gb Paging File | 3.49 Gb Available in Paging File | 92.06% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 186.44 Gb Free Space | 83.69% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.22 Gb Free Space | 62.19% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 436.76 Gb Free Space | 93.77% Space Free | Partition Type: NTFS

Computer Name: 779EDD7EF01147F | User Name: Kevin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-861567501-1592454029-839522115-1003\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0 -- ()
"FirewallDisableNotify" = 0 -- ()
"UpdatesDisableNotify" = 0 -- ()
"AntiVirusOverride" = 0 -- ()
"FirewallOverride" = 0 -- ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0 -- ()
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0 -- ()
"DisableNotifications" = 0 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\setup\hppniprint01.exe" = E:\setup\hppniprint01.exe:*:Enabled:hppniprint01.exe
"E:\setup\hppniprint64.exe" = E:\setup\hppniprint64.exe:*:Enabled:hppniprint64.exe
"E:\setup\hppnicifs01.exe" = E:\setup\hppnicifs01.exe:*:Enabled:hppnicifs01.exe
"E:\setup\CustomPrnDnld\hppcstpg.exe" = E:\setup\CustomPrnDnld\hppcstpg.exe:*:Enabled:hppcstpg.exe
"E:\setup\hpbtpg.exe" = E:\setup\hpbtpg.exe:*:Enabled:hpbtpg.exe
"E:\setup\LaunchApp.exe" = E:\setup\LaunchApp.exe:*:Enabled:launchapp.exe
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application.
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater.
"C:\Program Files\Rhapsody\rhapsody.exe" = C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:RealNetworks Rhapsody -- (Rhapsody International Inc.)
"C:\Program Files\Verizon\VSP\ServicepointService.exe" = C:\Program Files\Verizon\VSP\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{011A2240-08DF-45BB-AA4E-1A78637CCF80}" = RPS CRT
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{113AC946-0CEB-49C7-828A-230FF9EB1DBB}" = TurboTax 2010 wmdiper
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1EEDF3E1-C0EA-409B-A772-164EF9AB3BCE}" = Hallmark Card Studio 2
"{223C0721-A6B0-4853-88C0-331029841734}" = HP Color LaserJet CP1510 Series 4.0
"{258749E2-3A46-42B1-9A01-BF977AA06FAC}" = RPS CRT
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 26
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{39940ED0-EAA2-012B-ADF1-000000000000}" = TurboTax 2009 wmdiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5DFC26EF-8316-41D5-BCCD-E562A79EC3B2}" = Vz In Home Agent
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{741849D8-E8D9-49CF-B373-0D7507ED0A56}" = Event Planner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7ADCEEA0-AC82-4360-AD6B-CCF01B66F9DB}" = hppusgCP1510
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110422467}" = Tiks Texas Hold em
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11109097}" = Luxor - Amun Rising
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112868583}" = Chocolatier
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113076263}" = Chroma Crash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114767253}" = The Price is Right
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116623990}" = THE GAME OF LIFE by Hasbro
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9203AC41-0E7B-445A-98E6-AB3072CB4A10}" = HPCarePackProducts
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c405aff6-f3ce-4669-865f-a0a89aa11e70}" = STOPzilla
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AMDAway INF" = AMDAway INF
"Browser Defender_is1" = Browser Defender 3.0
"CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"GamesBar" = GamesBar 2.0.1.12
"Google Updater" = Google Updater
"HitmanPro35" = Hitman Pro 3.5
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"MSC" = Verizon Internet Security Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Printer Spooler Fix Wizard_is1" = Printer Spooler Fix Wizard
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.5.18
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"Security Task Manager" = Security Task Manager 1.8d
"Spyware Doctor" = Spyware Doctor 8.0
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"vol_toolbar" = Verizon Broadband Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-861567501-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/3/2012 7:01:28 PM | Computer Name = 779EDD7EF01147F | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 6112 (0x17e0) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Program Files\Common
Files\Mcafee\SystemCore\mfeapfa.dll by C:\Program Files\PC Tools Security\pctsSvc.exe

4(16)(0) 4(16)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 1/3/2012 7:05:56 PM | Computer Name = 779EDD7EF01147F | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 4352 (0x1100) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Program Files\Common
Files\Mcafee\SystemCore\mfeapfa.dll by C:\Program Files\PC Tools Security\pctsSvc.exe

4(235)(0) 4(235)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 1/3/2012 7:08:04 PM | Computer Name = 779EDD7EF01147F | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 5084 (0x13dc) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Program Files\Common
Files\Mcafee\SystemCore\mfeapfa.dll by C:\Program Files\PC Tools Security\pctsSvc.exe

4(78)(0) 4(78)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 1/3/2012 7:10:03 PM | Computer Name = 779EDD7EF01147F | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 5220 (0x1464) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Program Files\Common
Files\Mcafee\SystemCore\mfeapfa.dll by C:\Program Files\PC Tools Security\pctsSvc.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 1/3/2012 7:11:53 PM | Computer Name = 779EDD7EF01147F | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 5740 (0x166c) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Program Files\Common
Files\Mcafee\SystemCore\mfeapfa.dll by C:\Program Files\PC Tools Security\pctsSvc.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 1/3/2012 7:13:44 PM | Computer Name = 779EDD7EF01147F | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3344 (0xd10) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Program Files\Common
Files\Mcafee\SystemCore\mfeapfa.dll by C:\Program Files\PC Tools Security\pctsSvc.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 1/3/2012 8:45:01 PM | Computer Name = 779EDD7EF01147F | Source = Application Error | ID = 1000
Description = Faulting application pctsSvc.exe, version 7.0.0.147, faulting module
rtl100.bpl, version 11.0.2902.10471, fault address 0x0000ebe5.

Error - 1/3/2012 9:07:14 PM | Computer Name = 779EDD7EF01147F | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2184 (0x888) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Program Files\Mozilla
Firefox\xul.dll by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 1/3/2012 9:12:11 PM | Computer Name = 779EDD7EF01147F | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 356 (0x164) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Program Files\McAfee.com\Agent\mcagent.exe

by C:\Program Files\PC Tools Security\TFEngine\TFService.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 1/3/2012 10:37:50 PM | Computer Name = 779EDD7EF01147F | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2288 (0x8f0) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\WINDOWS\system32\wbem\wbemcore.dll

by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0)
7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

[ Application Events ]
Error - 1/3/2012 7:01:28 PM | Computer Name = 779EDD7EF01147F | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 6112 (0x17e0) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Program Files\Common
Files\Mcafee\SystemCore\mfeapfa.dll by C:\Program Files\PC Tools Security\pctsSvc.exe

4(16)(0) 4(16)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 1/3/2012 7:05:56 PM | Computer Name = 779EDD7EF01147F | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 4352 (0x1100) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Program Files\Common
Files\Mcafee\SystemCore\mfeapfa.dll by C:\Program Files\PC Tools Security\pctsSvc.exe

4(235)(0) 4(235)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 1/3/2012 7:08:04 PM | Computer Name = 779EDD7EF01147F | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 5084 (0x13dc) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Program Files\Common
Files\Mcafee\SystemCore\mfeapfa.dll by C:\Program Files\PC Tools Security\pctsSvc.exe

4(78)(0) 4(78)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 1/3/2012 7:10:03 PM | Computer Name = 779EDD7EF01147F | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 5220 (0x1464) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Program Files\Common
Files\Mcafee\SystemCore\mfeapfa.dll by C:\Program Files\PC Tools Security\pctsSvc.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 1/3/2012 7:11:53 PM | Computer Name = 779EDD7EF01147F | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 5740 (0x166c) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Program Files\Common
Files\Mcafee\SystemCore\mfeapfa.dll by C:\Program Files\PC Tools Security\pctsSvc.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 1/3/2012 7:13:44 PM | Computer Name = 779EDD7EF01147F | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3344 (0xd10) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Program Files\Common
Files\Mcafee\SystemCore\mfeapfa.dll by C:\Program Files\PC Tools Security\pctsSvc.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 1/3/2012 8:45:01 PM | Computer Name = 779EDD7EF01147F | Source = Application Error | ID = 1000
Description = Faulting application pctsSvc.exe, version 7.0.0.147, faulting module
rtl100.bpl, version 11.0.2902.10471, fault address 0x0000ebe5.

Error - 1/3/2012 9:07:14 PM | Computer Name = 779EDD7EF01147F | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2184 (0x888) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Program Files\Mozilla
Firefox\xul.dll by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 1/3/2012 9:12:11 PM | Computer Name = 779EDD7EF01147F | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 356 (0x164) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Program Files\McAfee.com\Agent\mcagent.exe

by C:\Program Files\PC Tools Security\TFEngine\TFService.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 1/3/2012 10:37:50 PM | Computer Name = 779EDD7EF01147F | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2288 (0x8f0) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\WINDOWS\system32\wbem\wbemcore.dll

by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0)
7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:18 PM

Posted 05 January 2012 - 04:20 AM

Hi Ravens!

I'd like to have you run a custom script for OTL, and post the log back for me. Make sure you push the NONE button when you open up OTL again.

OTL Custom Scan

We need to create a new OTL Report
  • Double click on the Posted Image icon on your desktop.
  • Click on the NONE button at the top.
  • In the custom scan box paste the following:
    %WinDir%\$NtUninstallKB*$.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    mrxsmb.sys
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    /md5stop
  • Push the Posted Image button.
  • One report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 Ravens

Ravens
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 05 January 2012 - 05:00 AM

OTL logfile created on: 1/5/2012 4:54:50 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Kevin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 78.27% Memory free
3.79 Gb Paging File | 3.53 Gb Available in Paging File | 93.11% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 186.44 Gb Free Space | 83.69% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.22 Gb Free Space | 62.19% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 436.76 Gb Free Space | 93.77% Space Free | Partition Type: NTFS

Computer Name: 779EDD7EF01147F | User Name: Kevin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Custom Scans ==========


< %WinDir%\$NtUninstallKB*$. >
[2010/08/12 21:34:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2079403$
[2010/08/12 21:36:13 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2115168$
[2010/09/15 22:43:51 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2121546$
[2010/09/15 22:40:31 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2141007$
[2010/09/28 23:16:55 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2158563$
[2010/08/12 21:32:25 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2160329$
[2010/07/14 23:09:21 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2229593$
[2010/09/15 22:44:05 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2259922$
[2010/10/14 22:50:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2279986$
[2010/08/02 22:23:45 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2286198$
[2010/10/14 22:50:29 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2296011$
[2010/12/15 23:22:48 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2296199$
[2010/10/14 22:50:38 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2345886$
[2010/09/15 22:43:56 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2347290$
[2010/10/14 22:43:01 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2360937$
[2010/10/14 22:50:23 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2378111_WM9$
[2010/10/14 22:50:53 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2387149$
[2011/02/09 23:03:05 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2393802$
[2011/04/12 23:21:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2412687$
[2011/01/11 23:25:40 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2419632$
[2010/12/15 23:16:57 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2423089$
[2010/12/15 23:21:59 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2436673$
[2010/12/15 23:22:09 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2440591$
[2010/12/15 23:22:42 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2443105$
[2010/12/15 23:22:03 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2443685$
[2010/12/15 23:21:52 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2467659$
[2011/02/09 23:03:36 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2476687$
[2011/02/09 23:03:30 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2478960$
[2011/02/09 23:07:27 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2478971$
[2011/02/09 23:06:43 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2479628$
[2011/03/09 23:48:09 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2479943$
[2011/03/09 23:45:25 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2481109$
[2011/02/09 23:06:34 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2483185$
[2011/02/09 23:06:49 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2485376$
[2011/04/12 23:23:26 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2485663$
[2011/04/12 23:18:13 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2503658$
[2011/04/12 23:16:52 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2506212$
[2011/04/12 23:22:14 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2506223$
[2011/04/12 23:17:57 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2507618$
[2011/04/12 23:18:23 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2508272$
[2011/04/12 23:17:49 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2508429$
[2011/04/12 23:14:13 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2509553$
[2011/04/12 23:17:08 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2511455$
[2011/03/24 22:21:01 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2524375$
[2008/11/19 21:19:49 | 000,000,000 | -HSD | M] -- C:\WINDOWS\$NtUninstallKB47566$
[2008/09/07 00:04:28 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB873339$
[2008/09/07 00:07:16 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB885835$
[2008/09/07 00:07:09 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB885836$
[2008/09/07 00:00:08 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB886185$
[2008/09/07 00:04:17 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB887472$
[2008/08/29 11:22:31 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
[2008/09/07 00:00:55 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB888302$
[2008/09/07 00:02:33 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB890046$
[2008/09/06 23:58:38 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB890859$
[2008/09/07 00:02:58 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB891781$
[2008/09/07 00:05:55 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB893756$
[2008/09/06 23:59:12 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB894391$
[2008/09/07 00:04:05 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB896358$
[2008/09/07 00:05:12 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB896423$
[2008/09/06 23:59:30 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB896428$
[2008/09/06 12:15:42 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB898461$
[2008/09/07 00:07:49 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB899587$
[2008/09/07 00:06:16 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB899591$
[2008/09/07 00:05:06 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB900485$
[2008/09/07 00:00:43 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB900725$
[2008/09/07 00:06:23 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB901017$
[2008/09/07 00:01:29 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB901214$
[2008/09/07 00:02:42 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB902400$
[2008/11/03 01:07:51 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB904942$
[2008/09/07 00:01:40 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB905414$
[2008/09/06 23:59:43 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB905749$
[2008/09/06 23:59:06 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB908519$
[2008/09/06 23:59:49 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB908531$
[2008/09/07 00:03:42 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB910437$
[2008/09/07 00:05:43 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB911280$
[2008/09/07 00:05:30 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB911562$
[2008/09/07 00:03:35 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB911564$
[2008/09/07 00:06:29 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB911927$
[2008/09/06 23:59:36 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB913580$
[2008/09/07 00:02:06 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB914388$
[2008/09/06 23:58:55 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB914389$
[2008/11/03 01:07:50 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB914440$
[2008/11/02 23:36:02 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB915865$
[2008/09/07 00:00:02 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB916595$
[2008/09/07 00:01:08 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB918118$
[2008/09/07 00:02:53 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB918439$
[2008/09/07 00:00:31 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB920213$
[2008/09/07 00:03:05 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB920670$
[2008/09/06 23:59:01 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB920683$
[2008/09/07 00:06:03 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB920685$
[2008/09/07 00:02:21 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB920872$
[2008/09/07 00:01:17 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB922582$
[2008/09/07 00:01:23 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB923191$
[2008/09/07 00:07:04 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB923414$
[2009/04/15 22:35:45 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB923561$
[2008/09/07 00:05:49 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB923980$
[2008/09/07 00:04:57 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB924270$
[2008/09/07 00:05:17 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB924667$
[2008/09/07 00:03:58 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB925398_WMP64$
[2008/09/07 00:03:19 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB925902$
[2011/06/23 22:14:02 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB926139-v2$
[2008/09/08 18:45:49 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB926239$
[2008/09/07 00:01:02 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB926255$
[2008/09/07 00:02:27 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB926436$
[2008/09/07 00:07:41 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB927779$
[2008/09/07 00:07:35 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB927802$
[2008/09/07 21:38:37 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB927891$
[2008/09/07 00:06:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB928255$
[2008/09/07 00:03:12 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB929123$
[2008/09/08 18:46:15 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB929399$
[2008/09/07 00:02:12 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB930178$
[2008/09/06 23:59:57 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB930916$
[2008/09/07 00:04:51 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB931261$
[2008/09/07 00:06:37 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB931784$
[2008/09/07 00:01:35 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB932168$
[2008/09/07 00:06:10 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB933729$
[2008/09/06 20:50:56 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB935448$
[2008/09/06 23:59:25 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB935839$
[2008/09/07 00:00:26 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB935840$
[2008/09/07 00:05:36 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB936021$
[2008/09/07 00:04:45 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB936782_WMP9$
[2008/09/07 00:06:55 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB937894$
[2008/09/07 00:00:37 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB938127$
[2008/11/19 21:29:26 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB938464$
[2009/03/11 21:08:16 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB938464-v2$
[2008/09/09 21:46:27 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB938464_0$
[2008/09/07 00:05:24 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB938828$
[2008/09/07 00:02:00 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB941569$
[2008/09/07 00:04:23 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB941693$
[2008/09/06 23:59:19 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB943055$
[2008/09/07 00:07:26 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB943460$
[2008/09/07 00:00:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB943485$
[2008/09/06 20:49:29 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB944338-v2$
[2008/09/06 23:58:49 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB944653$
[2008/09/07 00:00:15 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB945553$
[2008/09/07 00:04:11 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB946026$
[2008/11/19 21:30:04 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB946648$
[2008/09/06 20:51:07 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB946648_0$
[2008/09/07 00:00:50 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB948590$
[2008/09/06 20:49:40 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB950749$
[2008/11/19 21:30:42 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB950762$
[2008/09/06 20:50:37 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB950762_0$
[2008/11/19 21:31:21 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB950974$
[2008/09/06 20:50:49 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB950974_0$
[2008/11/19 21:32:01 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB951066$
[2008/09/06 20:50:19 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB951066_0$
[2008/09/06 20:50:30 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB951072-v2$
[2008/11/19 21:32:41 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB951376-v2$
[2008/09/06 20:51:17 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB951376-v2_0$
[2008/11/19 21:33:21 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB951698$
[2008/09/06 20:50:43 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB951698_0$
[2008/11/19 21:34:04 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB951748$
[2008/09/06 20:49:52 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB951748_0$
[2008/11/20 22:21:12 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB951978$
[2009/04/15 22:37:09 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB952004$
[2008/12/11 23:12:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB952069_WM9$
[2008/11/19 21:34:45 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB952287$
[2008/09/06 20:50:25 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB952287_0$
[2008/11/19 21:35:25 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB952954$
[2008/09/06 20:51:12 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB952954_0$
[2008/11/19 21:36:06 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB953838$
[2008/09/06 20:50:05 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB953838_0$
[2008/09/06 20:51:01 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB953839$
[2009/10/14 22:17:04 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB954155_WM9$
[2008/11/19 21:36:50 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB954211$
[2008/10/14 20:26:04 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB954211_0$
[2008/11/20 22:21:05 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB954459$
[2008/12/11 23:12:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB954600$
[2008/11/19 21:37:31 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB955069$
[2008/11/11 22:54:57 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB955069_0$
[2010/01/13 22:47:40 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB955759$
[2008/12/11 23:14:59 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB955839$
[2008/11/19 21:38:13 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB956390$
[2008/10/14 20:24:56 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB956390_0$
[2008/10/14 20:26:12 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB956391$
[2009/04/15 22:37:16 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB956572$
[2009/08/12 21:12:22 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB956744$
[2008/12/11 23:12:14 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB956802$
[2008/11/19 21:38:57 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB956803$
[2008/10/14 20:26:15 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB956803_0$
[2008/11/19 21:39:38 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB956841$
[2008/10/14 20:25:55 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB956841_0$
[2009/09/08 22:53:03 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB956844$
[2008/11/19 21:40:21 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB957095$
[2008/10/14 20:26:07 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB957095_0$
[2008/11/19 21:41:03 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB957097$
[2008/11/11 22:55:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB957097_0$
[2008/12/11 23:14:11 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB958215$
[2008/11/19 21:41:45 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB958644$
[2008/10/23 21:09:17 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB958644_0$
[2009/01/14 22:15:05 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB958687$
[2009/03/11 21:08:09 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB958690$
[2009/10/14 22:19:40 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB958869$
[2009/04/15 22:39:37 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB959426$
[2009/03/11 21:08:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB960225$
[2008/12/18 03:54:17 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB960714$
[2009/02/10 20:22:56 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB960715$
[2009/04/15 22:36:55 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB960803$
[2009/08/12 21:13:11 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB960859$
[2009/08/15 23:48:06 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB961118$
[2009/07/15 22:07:01 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB961371$
[2009/04/15 22:39:31 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB961373$
[2009/06/11 21:38:51 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB961501$
[2009/02/25 02:41:55 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB967715$
[2009/10/12 21:13:33 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB968389$
[2009/06/11 21:36:08 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB968537$
[2009/09/08 22:53:32 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB968816_WM9$
[2009/10/14 22:17:24 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB969059$
[2009/06/11 21:38:48 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB969898$
[2009/11/11 23:10:33 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB969947$
[2009/06/11 21:36:55 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB970238$
[2009/12/08 22:25:23 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB970430$
[2009/08/26 22:01:14 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB970653-v3$
[2011/03/16 21:10:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB971029$
[2010/02/10 23:33:37 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB971468$
[2009/10/14 22:16:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB971486$
[2009/08/12 21:12:26 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB971557$
[2009/07/15 22:09:14 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB971633$
[2009/08/12 21:12:30 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB971657$
[2009/12/08 22:24:05 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB971737$
[2010/01/13 22:47:08 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB972270$
[2009/07/15 22:09:17 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB973346$
[2009/08/12 21:12:06 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB973354$
[2009/08/12 21:12:11 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB973507$
[2009/10/14 22:16:13 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB973525$
[2009/08/12 21:12:01 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB973540_WM9$
[2009/11/25 04:08:56 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB973687$
[2009/08/12 21:10:05 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB973815$
[2009/08/12 21:12:16 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB973869$
[2009/12/08 22:24:17 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB973904$
[2009/10/14 22:17:00 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB974112$
[2009/12/08 22:25:03 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB974318$
[2009/12/08 22:24:11 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB974392$
[2009/10/14 22:16:51 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB974571$
[2009/10/14 22:16:55 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB975025$
[2009/10/14 22:15:40 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB975467$
[2010/09/15 22:44:01 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB975558_WM8$
[2010/02/10 23:30:43 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB975560$
[2010/03/10 23:42:05 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB975561$
[2010/06/09 22:54:57 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB975562$
[2010/02/10 23:30:53 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB975713$
[2009/11/25 04:09:02 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB976098-v2$
[2010/02/10 23:29:51 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB977165$
[2010/04/14 23:15:51 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB977816$
[2010/02/10 23:30:35 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB977914$
[2010/02/10 23:30:57 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB978037$
[2010/02/10 23:30:47 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB978251$
[2010/02/10 23:33:58 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB978262$
[2010/04/14 23:15:55 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB978338$
[2010/05/11 22:29:22 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB978542$
[2010/04/14 13:01:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB978601$
[2010/06/09 22:55:07 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB978695_WM9$
[2010/02/10 23:29:59 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB978706$
[2010/02/24 02:56:40 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB979306$
[2010/04/14 13:01:39 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB979309$
[2010/04/14 23:18:42 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB979402_WM9$
[2010/06/09 22:55:03 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB979482$
[2010/06/09 22:57:58 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB979559$
[2010/04/14 23:18:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB979683$
[2010/10/14 22:49:39 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB979687$
[2010/06/09 22:59:21 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB980195$
[2010/06/09 23:00:40 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB980218$
[2010/04/14 23:18:47 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB980232$
[2010/08/12 21:32:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB980436$
[2010/09/15 22:43:26 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB981322$
[2010/05/26 11:41:15 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB981793$
[2010/08/12 21:35:02 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB981852$
[2010/10/14 22:44:43 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB981957$
[2010/08/12 21:29:53 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB981997$
[2010/10/14 22:50:18 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB982132$
[2010/08/12 21:36:18 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB982214$
[2010/08/12 21:29:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB982665$
[2010/09/15 22:43:47 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB982802$

< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2004/08/12 08:29:28 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/19 21:13:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/11/19 21:13:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/12 08:17:27 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/12 08:19:07 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: MRXSMB.SYS >
[2004/08/12 08:29:28 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mrxsmb.sys
[2008/11/19 21:13:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mrxsmb.sys
[2008/11/19 21:13:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:mrxsmb.sys
[2006/05/05 04:41:45 | 000,453,120 | ---- | M] (Microsoft Corporation) MD5=025AF03CE51645C62F3B6907A7E2BE5E -- C:\WINDOWS\$NtUninstallKB957097_0$\mrxsmb.sys
[2011/02/17 08:18:24 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=0EA4D8ED179B75F8AFA7998BA22285CA -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
[2011/02/17 08:18:24 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=0EA4D8ED179B75F8AFA7998BA22285CA -- C:\WINDOWS\system32\dllcache\mrxsmb.sys
[2011/02/17 08:18:24 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=0EA4D8ED179B75F8AFA7998BA22285CA -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2004/08/12 08:22:33 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- C:\WINDOWS\$NtUninstallKB914389$\mrxsmb.sys
[2009/12/04 13:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) MD5=421F7B922CEC5A5F340E7574A98F7B7C -- C:\WINDOWS\$NtUninstallKB980232$\mrxsmb.sys
[2009/12/04 12:25:56 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=602549D1E8A622E5746991F6C56B21CA -- C:\WINDOWS\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys
[2008/10/24 06:21:09 | 000,455,296 | ---- | M] (Microsoft Corporation) MD5=60AE98742484E7AB80C3C1450E708148 -- C:\WINDOWS\$hf_mig$\KB957097\SP3GDR\mrxsmb.sys
[2008/10/24 06:21:09 | 000,455,296 | ---- | M] (Microsoft Corporation) MD5=60AE98742484E7AB80C3C1450E708148 -- C:\WINDOWS\$NtUninstallKB978251$\mrxsmb.sys
[2008/04/13 14:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\$NtUninstallKB957097$\mrxsmb.sys
[2008/04/13 14:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
[2008/10/24 06:10:42 | 000,453,632 | ---- | M] (Microsoft Corporation) MD5=6F2D483B97B395544E59749C47963C6A -- C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys
[2008/10/24 06:41:11 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
[2006/05/05 05:16:39 | 000,454,400 | ---- | M] (Microsoft Corporation) MD5=7412CE77C6FD823F8889B4DF420C680B -- C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys
[2004/10/27 20:15:16 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=A1BE3CB080DCC0A8270D21E3CA3B7005 -- C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
[2008/10/24 06:25:29 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=D07DA410091143336DAE419A921AAE2B -- C:\WINDOWS\$hf_mig$\KB957097\SP2QFE\mrxsmb.sys
[2010/02/24 06:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
[2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\$NtUninstallKB2511455$\mrxsmb.sys
[2011/02/17 08:19:38 | 000,457,472 | ---- | M] (Microsoft Corporation) MD5=FB7DFD15D760AD339837A470F0E780D3 -- C:\WINDOWS\$hf_mig$\KB2511455\SP3QFE\mrxsmb.sys

< MD5 for: VOLSNAP.SYS >
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/12 08:32:26 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/12 08:33:32 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< End of report >

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:18 PM

Posted 05 January 2012 - 08:21 AM

Hi Ravens,

Thanks for that log file.

Please run this tool:


Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 Ravens

Ravens
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 05 January 2012 - 01:20 PM

ComboFix ran but stuck on "Preparing Report Log Screen" for past 3 hours. Please advise?

#10 Ravens

Ravens
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 05 January 2012 - 08:51 PM

ComboFix ran but stuck on "Preparing Report Log Screen" for past 3 hours. Please advise?



#11 Ravens

Ravens
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 05 January 2012 - 08:53 PM

Computer frrozen mouse moves but unable to select any icons.

#12 Ravens

Ravens
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 06 January 2012 - 12:38 AM

No longer frozen after reboot..seems to be working well...no Combo Fix program after reboot, no log was displayed to send to you..is there another way to produce the log??

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:18 PM

Posted 06 January 2012 - 03:44 AM

Hi!

Sorry about not responding to your earlier posts until now.

Please look for the ComboFix.txt log file in your C:\ drive.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 Ravens

Ravens
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 06 January 2012 - 07:44 AM

ComboFix 12-01-05.01 - Kevin 01/05/2012 9:05:06.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1151 [GMT -5:00]
Running from: C:\Documents and Settings\Kevin\My Documents\Downloads\ComboFix.exe
AV: Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Application Data\apeppn1h4idd2iho5rqx5t676v5h
C:\Documents and Settings\All Users\Application Data\nwm288sf5phs43jw5r741j3olffuk5rl8vljl
C:\Documents and Settings\All Users\Application Data\Tarma Installer
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\All Users\Application Data\TEMP\2702A8B3.TMP
C:\Documents and Settings\All Users\Application Data\TEMP\32F13BFB.TMP
C:\Documents and Settings\All Users\Application Data\TEMP\B58DB468.TMP
C:\Documents and Settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
C:\Documents and Settings\All Users\Application Data\TEMP\E0E19514.TMP
C:\Documents and Settings\Kevin\Application Data\56E2.960
C:\Documents and Settings\Kevin\My Documents\~WRL0209.tmp
C:\Documents and Settings\Kevin\My Documents\~WRL2078.tmp
C:\Documents and Settings\Kevin\My Documents\~WRL2369.tmp
C:\Documents and Settings\Kevin\My Documents\~WRL2440.tmp
C:\Documents and Settings\Kevin\My Documents\~WRL2861.tmp
C:\Documents and Settings\Kevin\My Documents\~WRL3159.tmp
C:\Documents and Settings\Kevin\Templates\apeppn1h4idd2iho5rqx5t676v5h
C:\Documents and Settings\Kevin\Templates\nwm288sf5phs43jw5r741j3olffuk5rl8vljl
C:\Documents and Settings\Kevin\WINDOWS
C:\Program Files\whitesmoketoolbar\whITesmoketoolbarx.dll
C:\WINDOWS\$NtUninstallKB47566$
C:\WINDOWS\$NtUninstallKB47566$\1052804878\@
C:\WINDOWS\$NtUninstallKB47566$\1052804878\bckfg.tmp
C:\WINDOWS\$NtUninstallKB47566$\1052804878\cfg.ini
C:\WINDOWS\$NtUninstallKB47566$\1052804878\Desktop.ini
C:\WINDOWS\$NtUninstallKB47566$\1052804878\keywords
C:\WINDOWS\$NtUninstallKB47566$\1052804878\kwrd.dll
C:\WINDOWS\$NtUninstallKB47566$\1052804878\L\crxtnmgd
C:\WINDOWS\$NtUninstallKB47566$\1052804878\lsflt7.ver
C:\WINDOWS\$NtUninstallKB47566$\1052804878\U\00000001.@
C:\WINDOWS\$NtUninstallKB47566$\1052804878\U\00000002.@
C:\WINDOWS\$NtUninstallKB47566$\1052804878\U\00000004.@
C:\WINDOWS\$NtUninstallKB47566$\1052804878\U\80000000.@
C:\WINDOWS\$NtUninstallKB47566$\1052804878\U\80000004.@
C:\WINDOWS\$NtUninstallKB47566$\1052804878\U\80000032.@
C:\WINDOWS\$NtUninstallKB47566$\495514650
C:\WINDOWS\system32\drivers\etc\hosts.txt
C:\WINDOWS\system32\system
C:\WINDOWS\system32\SZBase5.dll
F:\autorun.inf

Infected copy of C:\WINDOWS\system32\drivers\mrxsmb.sys was found and disinfected
Restored copy from - The cat found it :)

((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))


2012-01-05 13:54:58 . 2011-02-17 13:18:24 455936 -c--a-w- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2012-01-05 13:54:58 . 2011-02-17 13:18:24 455936 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2012-01-02 14:20:03 . 2012-01-02 14:20:03 -------- d-----w- C:\Documents and Settings\Kevin\Application Data\Malwarebytes
2012-01-02 14:19:42 . 2012-01-02 14:19:42 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-01-02 14:19:37 . 2011-12-10 20:24:06 20464 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2012-01-02 14:19:36 . 2012-01-02 14:19:54 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-01-02 13:41:05 . 2012-01-02 14:13:33 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2012-01-02 13:41:05 . 2012-01-02 13:45:00 -------- d-----w- C:\Program Files\Spybot - Search & Destroy
2012-01-02 00:53:21 . 2012-01-02 00:53:21 -------- d-----w- C:\Documents and Settings\Kevin\Application Data\PCTools
2012-01-01 15:52:52 . 2010-12-02 16:33:12 69392 --s---w- C:\WINDOWS\system32\drivers\TfSysMon.sys
2012-01-01 15:52:52 . 2010-12-02 16:33:12 33552 --s---w- C:\WINDOWS\system32\drivers\TfNetMon.sys
2012-01-01 15:52:51 . 2010-12-02 16:33:12 51984 --s---w- C:\WINDOWS\system32\drivers\TfFsMon.sys
2012-01-01 15:51:48 . 2010-12-03 20:34:42 767952 ----a-w- C:\WINDOWS\BDTSupport.dll
2012-01-01 15:51:47 . 2010-12-03 20:34:50 149456 ----a-w- C:\WINDOWS\SGDetectionTool.dll
2012-01-01 15:51:46 . 2010-12-09 15:48:12 1996752 ----a-w- C:\WINDOWS\PCTBDCore.dll
2012-01-01 15:51:46 . 2010-12-03 20:34:48 1533904 ----a-w- C:\WINDOWS\PCTBDRes.dll
2012-01-01 14:21:01 . 2010-07-16 19:59:54 656320 ----a-w- C:\WINDOWS\system32\drivers\pctEFA.sys
2012-01-01 14:21:01 . 2010-07-16 19:59:54 338880 ----a-w- C:\WINDOWS\system32\drivers\pctDS.sys
2012-01-01 14:20:58 . 2010-11-17 15:19:50 249616 ----a-w- C:\WINDOWS\system32\drivers\pctgntdi.sys
2012-01-01 14:20:39 . 2010-11-25 15:43:00 239168 ----a-w- C:\WINDOWS\system32\drivers\PCTCore.sys
2012-01-01 14:20:38 . 2010-11-25 15:53:58 160448 ----a-w- C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2012-01-01 14:20:04 . 2010-11-25 15:42:10 70536 ----a-w- C:\WINDOWS\system32\drivers\pctplsg.sys
2012-01-01 14:19:01 . 2012-01-01 14:24:02 -------- d-----w- C:\Program Files\Common Files\PC Tools
2012-01-01 14:19:00 . 2012-01-05 14:53:31 -------- d-----w- C:\Program Files\PC Tools Security
2012-01-01 14:19:00 . 2012-01-01 15:52:52 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PC Tools
2012-01-01 14:19:00 . 2012-01-01 14:19:00 -------- d-----w- C:\Documents and Settings\Kevin\Application Data\PC Tools
2012-01-01 03:04:05 . 2012-01-01 03:04:05 -------- d-----w- C:\Documents and Settings\Kevin\Local Settings\Application Data\ESET
2011-12-31 16:50:16 . 2011-12-31 16:57:44 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2011-12-31 16:50:07 . 2011-12-31 16:50:13 -------- d-----w- C:\Program Files\Security Task Manager
2011-12-30 19:24:47 . 2011-12-30 19:24:47 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
2011-12-30 13:59:55 . 2011-12-30 13:59:55 -------- d-----w- C:\WINDOWS\system32\wbem\Repository
2011-12-24 14:28:04 . 2011-12-24 14:28:04 -------- d-----w- C:\Documents and Settings\Kevin\Local Settings\Application Data\Help
2011-12-15 01:13:58 . 2011-12-15 01:14:01 -------- d-----w- C:\Program Files\STOPzilla!
2011-12-07 22:12:22 . 2011-12-07 22:12:22 68648 ----a-r- C:\WINDOWS\system32\IS3Hks5.dll
2011-12-07 22:12:22 . 2011-12-07 22:12:22 547880 ----a-r- C:\WINDOWS\system32\SZComp5.dll
2011-12-07 22:12:22 . 2011-12-07 22:12:22 457768 ----a-r- C:\WINDOWS\system32\IS3DBA5.dll
2011-12-07 22:12:22 . 2011-12-07 22:12:22 30248 ----a-r- C:\WINDOWS\system32\IS3XDat5.dll
2011-12-07 22:12:22 . 2011-12-07 22:12:22 24616 ----a-r- C:\WINDOWS\system32\SZIO5.dll
2011-12-07 22:12:22 . 2011-12-07 22:12:22 134184 ----a-r- C:\WINDOWS\system32\IS3HTUI5.dll
2011-12-07 22:12:20 . 2011-12-07 22:12:20 740392 ----a-r- C:\WINDOWS\system32\IS3Base5.dll
2011-12-07 22:12:20 . 2011-12-07 22:12:20 392232 ----a-r- C:\WINDOWS\system32\IS3UI5.dll
2011-12-07 22:12:20 . 2011-12-07 22:12:20 232488 ----a-r- C:\WINDOWS\system32\IS3Win325.dll
2011-12-07 22:12:20 . 2011-12-07 22:12:20 105512 ----a-r- C:\WINDOWS\system32\IS3Inet5.dll
2011-12-07 22:12:20 . 2011-12-07 22:12:20 101416 ----a-r- C:\WINDOWS\system32\IS3Svc5.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-12-30 13:54:28 . 2008-08-29 09:27:42 90112 ----a-w- C:\WINDOWS\DUMP37d8.tmp
2011-12-30 13:52:37 . 2008-08-29 09:27:42 90112 ----a-w- C:\WINDOWS\DUMP3846.tmp
2011-10-15 18:16:16 . 2010-09-23 13:43:04 9608 ----a-w- C:\WINDOWS\system32\drivers\mfeclnk.sys
2011-10-15 18:16:16 . 2010-09-23 13:42:59 89792 ----a-w- C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011-10-15 18:16:16 . 2010-09-23 13:42:59 87656 ----a-w- C:\WINDOWS\system32\drivers\mferkdet.sys
2011-10-15 18:16:16 . 2010-09-23 13:42:59 83856 ----a-w- C:\WINDOWS\system32\drivers\mfendisk.sys
2011-10-15 18:16:16 . 2010-09-23 13:42:59 59456 ----a-w- C:\WINDOWS\system32\drivers\mfebopk.sys
2011-10-15 18:16:16 . 2010-09-23 13:42:59 57600 ----a-w- C:\WINDOWS\system32\drivers\cfwids.sys
2011-10-15 18:16:16 . 2010-09-23 13:42:59 464176 ----a-w- C:\WINDOWS\system32\drivers\mfehidk.sys
2011-10-15 18:16:16 . 2010-09-23 13:42:59 338176 ----a-w- C:\WINDOWS\system32\drivers\mfefirek.sys
2011-10-15 18:16:16 . 2010-09-23 13:42:59 180816 ----a-w- C:\WINDOWS\system32\drivers\mfeavfk.sys
2011-10-15 18:16:16 . 2010-09-23 13:42:59 121256 ----a-w- C:\WINDOWS\system32\drivers\mfeapfk.sys
2011-11-21 04:04:51 . 2011-12-03 12:39:53 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:08:02 . 2010-09-23 13:43:04 24376 ----a-w- C:\Program Files\mozilla firefox\components\Scriptff.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-24 17:29:01 39408]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 21:07:20 2260480]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MP10_EnsureFileVer"="C:\WINDOWS\inf\unregmp2.exe" [2008-04-14 00:12:38 208896]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-06-15 20:33:44 141624]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-04 23:47:00 8466432]
"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2011-11-22 22:18:26 1318816]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 22:58:10 37296]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 04:59:06 937920]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 16:59:52 254696]
"MaxMenuMgr"="C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 03:31:32 185640]
"RTHDCPL"="RTHDCPL.EXE" [2011-02-17 18:02:04 20029032]
"ISTray"="C:\Program Files\PC Tools Security\pctsGui.exe" [2010-12-01 19:49:56 1589208]
"PCTools FGuard"="C:\Program Files\PC Tools Security\BDT\FGuard.exe" [2010-12-03 20:34:46 108496]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 22:50:18 460872]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:18 PM

Posted 06 January 2012 - 08:12 AM

hmm.. It looks like part of the ComboFix log got cut off. Was there any more content after the

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)

in the ComboFix log?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users