Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed Vista Antivirus 2012, still having issues


  • This topic is locked This topic is locked
35 replies to this topic

#1 saidinlr

saidinlr

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 15 January 2012 - 12:29 AM

*******DDS LOG******

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Luis at 20:17:44 on 2012-01-14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1355 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Google\Update\Install\{F50EA8BC-B72D-4987-AFC4-48EF3825CAA4}\GoogleToolbarInstaller_updater_signed.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: TenchisTV Toolbar: {ece24dcf-8548-4655-b392-47a388721482} - c:\program files\tenchistv\prxtbTen0.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
mURLSearchHooks: TenchisTV Toolbar: {ece24dcf-8548-4655-b392-47a388721482} - c:\program files\tenchistv\prxtbTen0.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
mURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
mURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120109163957.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
BHO: TenchisTV Toolbar: {ece24dcf-8548-4655-b392-47a388721482} - c:\program files\tenchistv\prxtbTen0.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: TenchisTV Toolbar: {ece24dcf-8548-4655-b392-47a388721482} - c:\program files\tenchistv\prxtbTen0.dll
TB: ShopAtHome Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\users\luis\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Registry Repair Wizard Scheduler] "c:\program files\smartpctools\registry repair wizard\RCHelper.exe" /startup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AgentMonitor] c:\program files\vtech\downloadmanager\system\AgentMonitor.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: applicationentry.com\www
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - hxxp://w4s.work4sure.com/c/ge/w4sgeen9.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{36AC859A-BC71-4B65-98FD-88CB0B7E1C03} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{94AF4B5C-5A56-4F84-9412-C10C5A5E064A} : DhcpNameServer = 76.85.229.110 76.85.229.111
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\luis\appdata\roaming\mozilla\firefox\profiles\lfjek4sw.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\users\luis\appdata\roaming\mozilla\firefox\profiles\lfjek4sw.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\luis\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\luis\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\luis\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\luis\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ShopAtHome Intelligent Shopping Toolbar: toolbar@shopathome.com - %profile%\extensions\toolbar@shopathome.com
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-18 387480]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-10-18 64584]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-18 165032]
R1 MOBK755Filter;MOBK755Filter;c:\windows\system32\drivers\MOBK755.sys [2012-1-5 54776]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-11 21504]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-10-18 171168]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-18 141792]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-18 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-10-18 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-18 314088]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-3-12 72448]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-3-12 43904]
R3 slim;Sony Lucid Integrated Mpeg encoder;c:\windows\system32\drivers\slim.sys [2007-3-12 699520]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-3-13 30976]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-4-23 812544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-18 56064]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-25 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\sony\image converter 3\ICScsiSV.exe [2007-3-23 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\sony\image converter 3\IcVzMonLauncher.exe [2007-3-23 67760]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-18 84488]
S3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\drivers\mr97310c.sys [2009-6-15 107904]
S3 USBAVCap;AVerMedia USB TV Tuner Device;c:\windows\system32\drivers\USBAVCap.sys [2007-3-12 774528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 GuffinsService;Guffins Service;c:\progra~1\guffins\bar\1.bin\u4barsvc.exe --> c:\progra~1\guffins\bar\1.bin\u4barsvc.exe [?]
S4 gupdate1ca6bb8d06dc610;Google Update Service (gupdate1ca6bb8d06dc610);c:\program files\google\update\GoogleUpdate.exe [2009-11-22 133104]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-22 133104]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-9-17 94880]
S4 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-10-18 271480]
S4 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-10-18 271480]
S4 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-10-18 271480]
S4 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-10-18 188136]
S4 MOBK755backup;McAfee Online Backup Service;c:\program files\mcafee online backup\MOBK755backup.exe [2010-9-20 206136]
S4 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-3-23 745472]
S4 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-3-23 397312]
S4 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-3-23 1089536]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-01-12 05:47:29 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-11 23:34:33 -------- d-----w- c:\users\luis\appdata\roaming\SmartPCTools
2012-01-11 23:34:26 -------- d-----w- c:\program files\SmartPCTools
2012-01-09 23:35:48 -------- d--h--w- c:\users\luis\appdata\local\{87B342F6-2F62-4362-A83B-9CA3EB0B6436}
2012-01-09 23:35:24 -------- d--h--w- c:\users\luis\appdata\local\{44BCD215-7CD0-42F6-B945-B14397752F7A}
2012-01-09 06:01:48 -------- d--h--w- c:\program files\MalwarebytesAntiMalware
2012-01-08 20:46:39 -------- d--h--w- c:\users\luis\appdata\local\{69843773-AD6D-4BD0-AF42-6FDE201B2E7F}
2012-01-08 20:46:11 -------- d--h--w- c:\users\luis\appdata\local\{90EF295D-B368-401C-B66F-FFFC94A06651}
2012-01-06 02:13:43 -------- d--h--w- c:\program files\McAfeeMOBK
2012-01-06 02:13:27 54776 ---ha-w- c:\windows\system32\drivers\MOBK755.sys
2012-01-06 02:13:25 -------- d--h--w- c:\program files\McAfee Online Backup
2012-01-04 23:19:34 -------- d--h--w- c:\users\luis\appdata\local\{4DE9B60D-0780-45FD-949E-B46613050637}
2012-01-04 23:19:21 -------- d--h--w- c:\users\luis\appdata\local\{73305650-F436-4008-9A54-AFA75157F169}
2012-01-04 23:16:08 -------- d--h--w- c:\windows\en
2012-01-04 23:06:27 18328 ---ha-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll
2012-01-04 23:01:45 15712 ---ha-w- c:\program files\common files\windows live\.cache\d49aee381cccb3402\MeshBetaRemover.exe
2012-01-04 22:39:31 -------- d--h--w- c:\users\luis\appdata\local\{2B397630-732E-4C27-AFDF-196371F384E5}
2012-01-04 22:39:02 -------- d--h--w- c:\users\luis\appdata\local\{6B3648A3-5074-472F-95D7-4CBC0F1B60F0}
2011-12-28 13:12:26 -------- d--h--w- c:\users\luis\appdata\local\{05B77780-2531-462D-9DC4-773914D066CD}
2011-12-28 13:12:11 -------- d--h--w- c:\users\luis\appdata\local\{503FFF02-CFF9-475A-8607-F49CB1EE1C53}
2011-12-25 07:26:39 -------- d--h--w- c:\users\luis\appdata\local\cache
2011-12-25 07:25:14 -------- d--h--w- c:\programdata\VTech
2011-12-25 07:25:14 -------- d--h--w- c:\program files\VTech
2011-12-24 21:27:21 -------- d--h--w- c:\users\luis\appdata\local\{896B14DE-EA5B-4D90-B81B-26F861EE2483}
2011-12-24 21:27:03 -------- d--h--w- c:\users\luis\appdata\local\{2942F17C-7D70-4744-8906-0A0A29D7B8EA}
2011-12-23 22:21:35 -------- d--h--w- c:\users\luis\appdata\local\{45267DE4-BAF5-4DE9-911B-FDD4A40D5347}
2011-12-18 20:18:17 -------- d--h--w- c:\users\luis\appdata\local\{139152BA-D734-41BC-AB32-DFB2DD90DD4F}
2011-12-17 14:35:11 -------- d--h--w- c:\users\luis\appdata\local\{5D39B312-D583-4710-B5C1-87F7E2AE89DA}
2011-12-17 14:34:46 -------- d--h--w- c:\users\luis\appdata\local\{2B7CD452-4D23-422A-BEF4-138BFCB928E3}
.
==================== Find3M ====================
.
2012-01-11 03:44:48 64584 ---ha-w- c:\windows\system32\drivers\mfenlfk.sys
2011-12-06 00:10:44 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
.
============= FINISH: 20:18:56.28 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 AM

Posted 19 January 2012 - 02:44 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 saidinlr

saidinlr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 19 January 2012 - 10:57 PM

I downloaded Combofix but I can't run in because it says I have mcafee scan running. I can't disable mfevtps.exe no matter what I do. If I try directly it says access denied. I disabled it on msconfig services & start up but it runs anyway on startup. I even tried opening a command prompt sc stop "mfevtp" for the service and the result was access denied again. All the other Mcafee stuff is desabled but this one stays on. I made sure I turned off realtime scan to no avail. Any thoughts? Should I uninstall Mcafee or will not make a difference? Thanks.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 AM

Posted 19 January 2012 - 11:24 PM

Hello


turn off what you can and go ahead and run it anyway


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 saidinlr

saidinlr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 20 January 2012 - 01:29 PM

How long does it take to run. I left it on over night and it still wasn't finished.

Upon startind Combofix this is what happened.

First it notified me that antispyware was running so proceed at own risk. Does that twice.

then a popup appears saying "Windows cannot find 'NIRKMD'
If I hit ok or close it shows up again for a total of 3 times.

The blue combofix screen reads system cannot find 'NIRKMD'

So, after the 3 times

The blue screen reads:
Scanning for infected files...
This typically doesn't take more than 10 mintues
However, scan times for badly infected machines may easily double.

stayed like this overnight

I restarted in the morning

this morning after restarting I was not able to connect to the internet. Says connection is fine...full bars to wireless but the window won't even bring up google.

Tried to run combofix again and same thing happened.

This time it said "Recycle Bin on C:\ is corrupted. Do you want to empty?" I clicked yes and got the following

"Access Denied
You need permission to perform this action
S-1-5-21-1741290659-858044500-3998602421-1005
Date created 01/20/2012 8:02 am."

What now?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 AM

Posted 20 January 2012 - 02:28 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 saidinlr

saidinlr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 20 January 2012 - 09:01 PM

nothing infected, nothing suspicious, no reboot required

19:57:28.0728 0600 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
19:57:29.0149 0600 ============================================================
19:57:29.0149 0600 Current date / time: 2012/01/20 19:57:29.0149
19:57:29.0149 0600 SystemInfo:
19:57:29.0149 0600
19:57:29.0149 0600 OS Version: 6.0.6002 ServicePack: 2.0
19:57:29.0149 0600 Product type: Workstation
19:57:29.0149 0600 ComputerName: SAIDIN
19:57:29.0149 0600 UserName: Luis
19:57:29.0149 0600 Windows directory: C:\Windows
19:57:29.0149 0600 System windows directory: C:\Windows
19:57:29.0149 0600 Processor architecture: Intel x86
19:57:29.0149 0600 Number of processors: 2
19:57:29.0149 0600 Page size: 0x1000
19:57:29.0149 0600 Boot type: Normal boot
19:57:29.0149 0600 ============================================================
19:57:30.0022 0600 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:57:30.0054 0600 Initialize success
19:57:31.0676 2396 ============================================================
19:57:31.0676 2396 Scan started
19:57:31.0676 2396 Mode: Manual;
19:57:31.0676 2396 ============================================================
19:57:32.0784 2396 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:57:32.0784 2396 ACPI - ok
19:57:32.0862 2396 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
19:57:33.0205 2396 adp94xx - ok
19:57:33.0267 2396 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
19:57:33.0283 2396 adpahci - ok
19:57:33.0330 2396 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
19:57:33.0330 2396 adpu160m - ok
19:57:33.0408 2396 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
19:57:33.0423 2396 adpu320 - ok
19:57:33.0501 2396 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:57:33.0689 2396 AFD - ok
19:57:33.0736 2396 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
19:57:33.0751 2396 agp440 - ok
19:57:33.0845 2396 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:57:33.0907 2396 aic78xx - ok
19:57:34.0110 2396 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
19:57:34.0110 2396 aliide - ok
19:57:34.0157 2396 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
19:57:34.0172 2396 amdagp - ok
19:57:34.0219 2396 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
19:57:34.0219 2396 amdide - ok
19:57:34.0266 2396 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
19:57:34.0282 2396 AmdK7 - ok
19:57:34.0313 2396 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
19:57:34.0328 2396 AmdK8 - ok
19:57:34.0422 2396 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
19:57:34.0422 2396 arc - ok
19:57:34.0469 2396 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
19:57:34.0469 2396 arcsas - ok
19:57:34.0547 2396 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:57:34.0547 2396 AsyncMac - ok
19:57:34.0594 2396 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:57:34.0594 2396 atapi - ok
19:57:34.0687 2396 athr (7fa516fc81dd5931f389b56279a27a3e) C:\Windows\system32\DRIVERS\athr.sys
19:57:34.0874 2396 athr - ok
19:57:34.0937 2396 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:57:34.0937 2396 Beep - ok
19:57:34.0952 2396 blbdrive - ok
19:57:35.0093 2396 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:57:35.0093 2396 bowser - ok
19:57:35.0124 2396 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:57:35.0140 2396 BrFiltLo - ok
19:57:35.0186 2396 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:57:35.0186 2396 BrFiltUp - ok
19:57:35.0233 2396 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:57:35.0249 2396 Brserid - ok
19:57:35.0296 2396 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:57:35.0311 2396 BrSerWdm - ok
19:57:35.0342 2396 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:57:35.0358 2396 BrUsbMdm - ok
19:57:35.0374 2396 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:57:35.0389 2396 BrUsbSer - ok
19:57:35.0436 2396 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:57:35.0452 2396 BTHMODEM - ok
19:57:35.0623 2396 catchme - ok
19:57:35.0748 2396 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:57:35.0748 2396 cdfs - ok
19:57:35.0810 2396 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\Windows\system32\drivers\Cdr4_xp.sys
19:57:35.0810 2396 Cdr4_xp - ok
19:57:35.0842 2396 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\Windows\system32\drivers\Cdralw2k.sys
19:57:35.0857 2396 Cdralw2k - ok
19:57:35.0904 2396 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:57:35.0920 2396 cdrom - ok
19:57:35.0982 2396 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\Windows\system32\drivers\cfwids.sys
19:57:36.0060 2396 cfwids - ok
19:57:36.0107 2396 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
19:57:36.0122 2396 circlass - ok
19:57:36.0185 2396 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:57:36.0185 2396 CLFS - ok
19:57:36.0294 2396 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
19:57:36.0294 2396 cmdide - ok
19:57:36.0325 2396 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
19:57:36.0341 2396 Compbatt - ok
19:57:36.0356 2396 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
19:57:36.0356 2396 crcdisk - ok
19:57:36.0388 2396 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
19:57:36.0403 2396 Crusoe - ok
19:57:36.0840 2396 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:57:36.0887 2396 DfsC - ok
19:57:36.0949 2396 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:57:36.0949 2396 disk - ok
19:57:36.0996 2396 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
19:57:37.0059 2396 DMICall - ok
19:57:37.0199 2396 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
19:57:37.0215 2396 Dot4 - ok
19:57:37.0371 2396 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:57:37.0371 2396 Dot4Print - ok
19:57:37.0433 2396 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
19:57:37.0449 2396 dot4usb - ok
19:57:37.0495 2396 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:57:37.0511 2396 drmkaud - ok
19:57:37.0589 2396 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:57:37.0620 2396 DXGKrnl - ok
19:57:37.0651 2396 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:57:37.0667 2396 E1G60 - ok
19:57:37.0714 2396 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:57:37.0714 2396 Ecache - ok
19:57:37.0823 2396 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
19:57:37.0839 2396 elxstor - ok
19:57:37.0901 2396 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:57:37.0917 2396 exfat - ok
19:57:37.0963 2396 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:57:37.0979 2396 fastfat - ok
19:57:38.0010 2396 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
19:57:38.0010 2396 fdc - ok
19:57:38.0182 2396 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:57:38.0182 2396 FileInfo - ok
19:57:38.0244 2396 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:57:38.0260 2396 Filetrace - ok
19:57:38.0291 2396 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
19:57:38.0307 2396 flpydisk - ok
19:57:38.0400 2396 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:57:38.0400 2396 FltMgr - ok
19:57:38.0463 2396 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
19:57:38.0603 2396 fssfltr - ok
19:57:38.0697 2396 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:57:38.0697 2396 Fs_Rec - ok
19:57:38.0759 2396 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
19:57:38.0759 2396 gagp30kx - ok
19:57:38.0821 2396 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:57:38.0884 2396 GEARAspiWDM - ok
19:57:39.0040 2396 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:57:39.0055 2396 HdAudAddService - ok
19:57:39.0133 2396 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:57:39.0149 2396 HDAudBus - ok
19:57:39.0196 2396 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:57:39.0196 2396 HidBth - ok
19:57:39.0274 2396 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
19:57:39.0274 2396 HidIr - ok
19:57:39.0336 2396 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:57:39.0352 2396 HidUsb - ok
19:57:39.0383 2396 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
19:57:39.0399 2396 HpCISSs - ok
19:57:39.0492 2396 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:57:39.0508 2396 HSFHWAZL - ok
19:57:39.0555 2396 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:57:39.0757 2396 HSF_DPV - ok
19:57:39.0914 2396 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
19:57:40.0054 2396 HSXHWAZL - ok
19:57:40.0101 2396 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:57:40.0132 2396 HTTP - ok
19:57:40.0163 2396 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
19:57:40.0179 2396 i2omp - ok
19:57:40.0210 2396 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:57:40.0226 2396 i8042prt - ok
19:57:40.0241 2396 ialm - ok
19:57:40.0272 2396 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
19:57:40.0288 2396 iaStorV - ok
19:57:40.0397 2396 igfx - ok
19:57:40.0460 2396 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:57:40.0460 2396 iirsp - ok
19:57:40.0538 2396 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:57:40.0538 2396 intelide - ok
19:57:40.0600 2396 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:57:40.0600 2396 intelppm - ok
19:57:40.0678 2396 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:57:40.0694 2396 IpFilterDriver - ok
19:57:40.0709 2396 IpInIp - ok
19:57:40.0818 2396 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
19:57:40.0818 2396 IPMIDRV - ok
19:57:40.0896 2396 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:57:40.0896 2396 IPNAT - ok
19:57:40.0974 2396 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:57:40.0990 2396 IRENUM - ok
19:57:41.0037 2396 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
19:57:41.0052 2396 isapnp - ok
19:57:41.0130 2396 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:57:41.0130 2396 iScsiPrt - ok
19:57:41.0177 2396 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:57:41.0177 2396 iteatapi - ok
19:57:41.0224 2396 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:57:41.0240 2396 iteraid - ok
19:57:41.0318 2396 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:57:41.0318 2396 kbdclass - ok
19:57:41.0349 2396 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:57:41.0364 2396 kbdhid - ok
19:57:41.0427 2396 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
19:57:41.0442 2396 KSecDD - ok
19:57:41.0552 2396 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:57:41.0567 2396 lltdio - ok
19:57:41.0786 2396 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
19:57:41.0801 2396 LSI_FC - ok
19:57:41.0864 2396 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
19:57:41.0864 2396 LSI_SAS - ok
19:57:41.0926 2396 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
19:57:41.0942 2396 LSI_SCSI - ok
19:57:42.0004 2396 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:57:42.0020 2396 luafv - ok
19:57:42.0176 2396 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:57:42.0191 2396 mdmxsdk - ok
19:57:42.0238 2396 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
19:57:42.0254 2396 megasas - ok
19:57:42.0300 2396 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\Windows\system32\drivers\mfeapfk.sys
19:57:42.0300 2396 mfeapfk - ok
19:57:42.0456 2396 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\Windows\system32\drivers\mfeavfk.sys
19:57:42.0534 2396 mfeavfk - ok
19:57:42.0628 2396 mfeavfk01 - ok
19:57:42.0753 2396 mfebopk (a528b15e330edb83ea649be318d841d5) C:\Windows\system32\drivers\mfebopk.sys
19:57:42.0753 2396 mfebopk - ok
19:57:42.0815 2396 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\Windows\system32\drivers\mfefirek.sys
19:57:42.0893 2396 mfefirek - ok
19:57:42.0956 2396 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\Windows\system32\drivers\mfehidk.sys
19:57:42.0956 2396 mfehidk - ok
19:57:43.0003 2396 mfenlfk (3a1aa28066785449da570462e0532d0c) C:\Windows\system32\DRIVERS\mfenlfk.sys
19:57:43.0096 2396 mfenlfk - ok
19:57:43.0424 2396 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\Windows\system32\drivers\mferkdet.sys
19:57:43.0502 2396 mferkdet - ok
19:57:43.0580 2396 mfewfpk (b2baac6bbedda3e26e82db13fa0e5bee) C:\Windows\system32\drivers\mfewfpk.sys
19:57:43.0658 2396 mfewfpk - ok
19:57:43.0814 2396 MOBK755Filter (720f2e1759526ec6d6d95cb284cf62d9) C:\Windows\system32\DRIVERS\MOBK755.sys
19:57:43.0814 2396 MOBK755Filter - ok
19:57:43.0876 2396 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:57:43.0892 2396 Modem - ok
19:57:43.0954 2396 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:57:43.0954 2396 monitor - ok
19:57:43.0985 2396 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:57:44.0001 2396 mouclass - ok
19:57:44.0079 2396 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:57:44.0095 2396 mouhid - ok
19:57:44.0157 2396 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:57:44.0157 2396 MountMgr - ok
19:57:44.0219 2396 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
19:57:44.0235 2396 mpio - ok
19:57:44.0313 2396 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:57:44.0313 2396 mpsdrv - ok
19:57:44.0391 2396 mr97310c (721a2b4d1a23d078db95702d47e7ac6d) C:\Windows\system32\DRIVERS\mr97310c.sys
19:57:44.0531 2396 mr97310c - ok
19:57:45.0015 2396 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:57:45.0077 2396 Mraid35x - ok
19:57:45.0389 2396 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
19:57:45.0499 2396 MREMP50 - ok
19:57:45.0592 2396 MREMPR5 - ok
19:57:45.0592 2396 MRENDIS5 - ok
19:57:45.0623 2396 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
19:57:45.0686 2396 MRESP50 - ok
19:57:45.0826 2396 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:57:45.0842 2396 MRxDAV - ok
19:57:45.0967 2396 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:57:45.0967 2396 mrxsmb - ok
19:57:46.0029 2396 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:57:46.0029 2396 mrxsmb10 - ok
19:57:46.0045 2396 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:57:46.0060 2396 mrxsmb20 - ok
19:57:46.0092 2396 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
19:57:46.0092 2396 msahci - ok
19:57:46.0138 2396 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
19:57:46.0154 2396 msdsm - ok
19:57:46.0279 2396 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:57:46.0279 2396 Msfs - ok
19:57:46.0310 2396 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:57:46.0310 2396 msisadrv - ok
19:57:46.0404 2396 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:57:46.0419 2396 MSKSSRV - ok
19:57:46.0450 2396 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:57:46.0450 2396 MSPCLOCK - ok
19:57:46.0466 2396 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:57:46.0482 2396 MSPQM - ok
19:57:46.0544 2396 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:57:46.0560 2396 MsRPC - ok
19:57:46.0700 2396 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:57:46.0700 2396 mssmbios - ok
19:57:46.0825 2396 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:57:46.0825 2396 MSTEE - ok
19:57:46.0872 2396 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:57:46.0887 2396 Mup - ok
19:57:46.0950 2396 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:57:46.0950 2396 NativeWifiP - ok
19:57:47.0074 2396 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:57:47.0090 2396 NDIS - ok
19:57:47.0137 2396 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:57:47.0137 2396 NdisTapi - ok
19:57:47.0184 2396 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:57:47.0199 2396 Ndisuio - ok
19:57:47.0246 2396 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:57:47.0262 2396 NdisWan - ok
19:57:47.0308 2396 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:57:47.0324 2396 NDProxy - ok
19:57:47.0371 2396 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:57:47.0386 2396 NetBIOS - ok
19:57:47.0464 2396 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:57:47.0480 2396 netbt - ok
19:57:47.0636 2396 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:57:47.0652 2396 nfrd960 - ok
19:57:47.0730 2396 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:57:47.0730 2396 Npfs - ok
19:57:47.0792 2396 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:57:47.0808 2396 nsiproxy - ok
19:57:47.0886 2396 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:57:47.0917 2396 Ntfs - ok
19:57:47.0979 2396 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:57:47.0995 2396 ntrigdigi - ok
19:57:48.0166 2396 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:57:48.0166 2396 Null - ok
19:57:48.0510 2396 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:57:49.0087 2396 nvlddmkm - ok
19:57:49.0196 2396 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
19:57:49.0212 2396 nvraid - ok
19:57:49.0274 2396 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
19:57:49.0290 2396 nvstor - ok
19:57:49.0368 2396 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
19:57:49.0368 2396 nv_agp - ok
19:57:49.0415 2396 NwlnkFlt - ok
19:57:49.0524 2396 NwlnkFwd - ok
19:57:49.0555 2396 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:57:49.0555 2396 ohci1394 - ok
19:57:49.0633 2396 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:57:49.0649 2396 Parport - ok
19:57:49.0711 2396 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:57:49.0711 2396 partmgr - ok
19:57:49.0836 2396 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:57:49.0851 2396 Parvdm - ok
19:57:49.0883 2396 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:57:49.0883 2396 pci - ok
19:57:49.0929 2396 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\DRIVERS\pciide.sys
19:57:49.0929 2396 pciide - ok
19:57:49.0976 2396 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
19:57:49.0976 2396 pcmcia - ok
19:57:50.0039 2396 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:57:50.0101 2396 PEAUTH - ok
19:57:50.0195 2396 pgfilter (2cf226173b467ab48f89d77e89936951) C:\Program Files\PeerGuardian2\pgfilter.sys
19:57:50.0273 2396 pgfilter - ok
19:57:50.0460 2396 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:57:50.0475 2396 PptpMiniport - ok
19:57:50.0522 2396 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
19:57:50.0538 2396 Processor - ok
19:57:50.0616 2396 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:57:50.0616 2396 PSched - ok
19:57:50.0725 2396 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
19:57:50.0725 2396 PxHelp20 - ok
19:57:50.0803 2396 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
19:57:50.0850 2396 ql2300 - ok
19:57:50.0928 2396 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:57:50.0943 2396 ql40xx - ok
19:57:51.0021 2396 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:57:51.0021 2396 QWAVEdrv - ok
19:57:51.0053 2396 R5U870FLx86 (5276cc54b23a8a2ec699d724a1c2735d) C:\Windows\system32\Drivers\R5U870FLx86.sys
19:57:51.0193 2396 R5U870FLx86 - ok
19:57:51.0723 2396 R5U870FUx86 (359e944e0b179529c851795a911eed8c) C:\Windows\system32\Drivers\R5U870FUx86.sys
19:57:51.0864 2396 R5U870FUx86 - ok
19:57:52.0223 2396 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:57:52.0254 2396 RasAcd - ok
19:57:52.0457 2396 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:57:52.0472 2396 Rasl2tp - ok
19:57:52.0925 2396 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:57:52.0925 2396 RasPppoe - ok
19:57:52.0987 2396 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:57:53.0003 2396 RasSstp - ok
19:57:53.0065 2396 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:57:53.0081 2396 rdbss - ok
19:57:53.0159 2396 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:57:53.0159 2396 RDPCDD - ok
19:57:53.0221 2396 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
19:57:53.0237 2396 rdpdr - ok
19:57:53.0268 2396 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:57:53.0284 2396 RDPENCDD - ok
19:57:53.0362 2396 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:57:53.0362 2396 RDPWD - ok
19:57:53.0549 2396 RimUsb - ok
19:57:53.0627 2396 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
19:57:53.0767 2396 RimVSerPort - ok
19:57:54.0064 2396 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
19:57:54.0064 2396 ROOTMODEM - ok
19:57:54.0142 2396 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:57:54.0157 2396 rspndr - ok
19:57:54.0266 2396 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:57:54.0282 2396 sbp2port - ok
19:57:54.0407 2396 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:57:54.0422 2396 secdrv - ok
19:57:54.0454 2396 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:57:54.0454 2396 Serenum - ok
19:57:54.0500 2396 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:57:54.0500 2396 Serial - ok
19:57:54.0594 2396 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:57:54.0610 2396 sermouse - ok
19:57:54.0734 2396 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
19:57:54.0734 2396 sffdisk - ok
19:57:54.0781 2396 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
19:57:54.0797 2396 sffp_mmc - ok
19:57:54.0828 2396 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
19:57:54.0828 2396 sffp_sd - ok
19:57:54.0906 2396 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
19:57:54.0906 2396 sfloppy - ok
19:57:55.0031 2396 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
19:57:55.0046 2396 sisagp - ok
19:57:55.0078 2396 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
19:57:55.0078 2396 SiSRaid2 - ok
19:57:55.0124 2396 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
19:57:55.0124 2396 SiSRaid4 - ok
19:57:55.0187 2396 slim (256281b8d91455ece034b3cbd4536b12) C:\Windows\system32\drivers\slim.sys
19:57:55.0358 2396 slim - ok
19:57:55.0561 2396 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:57:55.0577 2396 Smb - ok
19:57:55.0873 2396 SNC (db31d8989b3450569c29780e7fa98c48) C:\Windows\system32\Drivers\SonyNC.sys
19:57:56.0014 2396 SNC - ok
19:57:56.0045 2396 SonyImgF (bcda64bc74578cf82544538b4be646bf) C:\Windows\system32\DRIVERS\SonyImgF.sys
19:57:56.0248 2396 SonyImgF - ok
19:57:56.0404 2396 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:57:56.0404 2396 spldr - ok
19:57:56.0560 2396 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:57:56.0575 2396 srv - ok
19:57:56.0622 2396 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:57:56.0638 2396 srv2 - ok
19:57:56.0669 2396 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:57:56.0669 2396 srvnet - ok
19:57:56.0731 2396 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
19:57:56.0809 2396 sscdbus - ok
19:57:56.0887 2396 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
19:57:57.0012 2396 sscdmdfl - ok
19:57:57.0137 2396 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
19:57:57.0199 2396 sscdmdm - ok
19:57:57.0293 2396 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
19:57:57.0355 2396 sscdserd - ok
19:57:57.0465 2396 sstC23A (eef78728fde03686f335d3cc258520d4) C:\Windows\system32\drivers\sstC23A.sys
19:57:57.0543 2396 sstC23A - ok
19:57:57.0667 2396 STHDA (6c7e2b9e0919149357e2d5057fe58146) C:\Windows\system32\drivers\stwrt.sys
19:57:57.0761 2396 STHDA - ok
19:57:57.0839 2396 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:57:57.0855 2396 swenum - ok
19:57:57.0901 2396 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:57:57.0917 2396 Symc8xx - ok
19:57:58.0011 2396 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:57:58.0026 2396 Sym_hi - ok
19:57:58.0057 2396 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:57:58.0073 2396 Sym_u3 - ok
19:57:58.0229 2396 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
19:57:58.0354 2396 Tcpip - ok
19:57:58.0447 2396 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
19:57:58.0447 2396 Tcpip6 - ok
19:57:58.0666 2396 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:57:58.0744 2396 tcpipreg - ok
19:57:59.0009 2396 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:57:59.0087 2396 TDPIPE - ok
19:57:59.0306 2396 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:57:59.0384 2396 TDTCP - ok
19:57:59.0508 2396 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:57:59.0524 2396 tdx - ok
19:57:59.0789 2396 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:57:59.0867 2396 TermDD - ok
19:58:00.0959 2396 ti21sony (909cd987b54a8179c9aee874d754721a) C:\Windows\system32\drivers\ti21sony.sys
19:58:01.0240 2396 ti21sony - ok
19:58:02.0192 2396 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:58:02.0192 2396 tssecsrv - ok
19:58:02.0239 2396 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:58:02.0254 2396 tunmp - ok
19:58:02.0270 2396 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
19:58:02.0285 2396 tunnel - ok
19:58:03.0346 2396 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
19:58:03.0409 2396 uagp35 - ok
19:58:04.0267 2396 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:58:04.0345 2396 udfs - ok
19:58:04.0594 2396 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
19:58:04.0610 2396 uliagpkx - ok
19:58:04.0641 2396 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
19:58:04.0657 2396 uliahci - ok
19:58:04.0703 2396 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:58:04.0750 2396 UlSata - ok
19:58:04.0891 2396 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:58:04.0938 2396 ulsata2 - ok
19:58:05.0296 2396 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:58:05.0296 2396 umbus - ok
19:58:06.0045 2396 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
19:58:06.0232 2396 USBAAPL - ok
19:58:07.0340 2396 USBAVCap (5deb97f34a15952af1b61147c0fa1f96) C:\Windows\system32\drivers\USBAVCap.sys
19:58:07.0621 2396 USBAVCap - ok
19:58:08.0167 2396 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:58:08.0183 2396 usbccgp - ok
19:58:08.0261 2396 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
19:58:08.0261 2396 usbcir - ok
19:58:08.0307 2396 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:58:08.0370 2396 usbehci - ok
19:58:08.0401 2396 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:58:08.0417 2396 usbhub - ok
19:58:08.0526 2396 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:58:08.0541 2396 usbohci - ok
19:58:08.0619 2396 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:58:08.0635 2396 usbprint - ok
19:58:08.0713 2396 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:58:08.0713 2396 usbscan - ok
19:58:08.0791 2396 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:58:08.0791 2396 USBSTOR - ok
19:58:08.0885 2396 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:58:08.0885 2396 usbuhci - ok
19:58:09.0009 2396 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:58:09.0025 2396 usbvideo - ok
19:58:09.0072 2396 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
19:58:09.0087 2396 usb_rndisx - ok
19:58:09.0321 2396 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
19:58:09.0337 2396 vga - ok
19:58:09.0415 2396 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:58:09.0431 2396 VgaSave - ok
19:58:09.0462 2396 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
19:58:09.0477 2396 viaagp - ok
19:58:09.0493 2396 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
19:58:09.0509 2396 ViaC7 - ok
19:58:09.0587 2396 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
19:58:09.0602 2396 viaide - ok
19:58:09.0696 2396 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:58:09.0696 2396 volmgr - ok
19:58:09.0789 2396 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:58:09.0789 2396 volmgrx - ok
19:58:09.0867 2396 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:58:09.0867 2396 volsnap - ok
19:58:09.0914 2396 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
19:58:09.0930 2396 vsmraid - ok
19:58:09.0992 2396 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:58:09.0992 2396 WacomPen - ok
19:58:10.0039 2396 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:58:10.0055 2396 Wanarp - ok
19:58:10.0070 2396 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:58:10.0070 2396 Wanarpv6 - ok
19:58:10.0211 2396 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
19:58:10.0226 2396 Wd - ok
19:58:10.0289 2396 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:58:10.0304 2396 Wdf01000 - ok
19:58:10.0429 2396 WimFltr (c8d53a13e867d5a7eafb19400016560f) C:\Windows\system32\DRIVERS\wimfltr.sys
19:58:10.0601 2396 WimFltr - ok
19:58:10.0647 2396 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:58:10.0881 2396 winachsf - ok
19:58:11.0240 2396 WINUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
19:58:11.0256 2396 WINUSB - ok
19:58:11.0771 2396 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
19:58:11.0802 2396 WmiAcpi - ok
19:58:12.0083 2396 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:58:12.0098 2396 WpdUsb - ok
19:58:12.0192 2396 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:58:12.0192 2396 ws2ifsl - ok
19:58:12.0332 2396 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:58:12.0348 2396 WUDFRd - ok
19:58:12.0395 2396 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
19:58:12.0473 2396 XAudio - ok
19:58:12.0769 2396 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
19:58:12.0800 2396 yukonwlh - ok
19:58:12.0832 2396 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:58:12.0972 2396 \Device\Harddisk0\DR0 - ok
19:58:12.0972 2396 Boot (0x1200) (df01f450195fee53cbc499e621edacf2) \Device\Harddisk0\DR0\Partition0
19:58:12.0972 2396 \Device\Harddisk0\DR0\Partition0 - ok
19:58:12.0972 2396 ============================================================
19:58:12.0972 2396 Scan finished
19:58:12.0972 2396 ============================================================
19:58:13.0003 3944 Detected object count: 0
19:58:13.0003 3944 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 AM

Posted 20 January 2012 - 09:21 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 saidinlr

saidinlr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 20 January 2012 - 10:10 PM

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-20 21:09:00
-----------------------------
21:09:00.653 OS Version: Windows 6.0.6002 Service Pack 2
21:09:00.653 Number of processors: 2 586 0xE0C
21:09:00.668 ComputerName: SAIDIN UserName: Luis
21:09:02.883 Initialize success
21:09:24.825 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
21:09:24.840 Disk 0 Vendor: ST3250820AS 3.AAD Size: 238475MB BusType: 3
21:09:24.840 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000071
21:09:24.840 Disk 1 Vendor: ( Size: 238475MB BusType: 0
21:09:24.840 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000072
21:09:24.856 Disk 2 Vendor: ( Size: 238475MB BusType: 0
21:09:24.918 Disk 0 MBR read successfully
21:09:24.918 Disk 0 MBR scan
21:09:24.918 Disk 0 Windows VISTA default MBR code
21:09:24.934 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 7097 MB offset 2048
21:09:24.950 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 231376 MB offset 14536704
21:09:24.965 Disk 0 scanning sectors +488395120
21:09:25.121 Disk 0 scanning C:\Windows\system32\drivers
21:09:36.978 Service scanning
21:09:38.725 Modules scanning
21:09:47.851 Disk 0 trace - called modules:
21:09:47.914 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
21:09:47.929 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e266b8]
21:09:47.945 3 CLASSPNP.SYS[8a80f8b3] -> nt!IofCallDriver -> [0x84d7fdf0]
21:09:47.945 5 acpi.sys[806936bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x84d89030]
21:09:47.960 Scan finished successfully
21:09:59.162 Disk 0 MBR has been saved successfully to "C:\Users\Luis\Desktop\MBR.dat"
21:09:59.177 The log file has been saved successfully to "C:\Users\Luis\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 AM

Posted 20 January 2012 - 10:17 PM

Hello

OK what issues do you still have at this time?

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 saidinlr

saidinlr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 20 January 2012 - 10:37 PM

Will post results in a minute. The issue is that I can't see any of my files or programs. I'm confident the Vista Antivirus 2012 virus is gone but I think it jacked up my registry and that's why it seems that everything is gone. I search for a program under the start - search and it will run but that's the only way.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 AM

Posted 20 January 2012 - 10:47 PM

run this and see if it helps - http://download.bleepingcomputer.com/grinler/unhide.exe
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 saidinlr

saidinlr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 20 January 2012 - 10:52 PM

OTL logfile created on: 1/20/2012 9:42:17 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Luis\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 65.86% Memory free
12.70 Gb Paging File | 11.52 Gb Available in Paging File | 90.66% Paging File free
Paging file location(s): c:\pagefile.sys 10000 10000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.95 Gb Total Space | 59.83 Gb Free Space | 26.48% Space Free | Partition Type: NTFS

Computer Name: SAIDIN | User Name: Luis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Luis\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\Install\{D02C657A-3424-4290-B80C-69B7E1C23491}\GoogleToolbarInstaller_updater_signed.exe (Google Inc.)
PRC - C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe ()
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\Luis\AppData\Local\Temp\26b674f0aaf64653b34837ae2ae12b88\http.dll ()
MOD - C:\Users\Luis\AppData\Local\Temp\26b674f0aaf64653b34837ae2ae12b88\filesys.dll ()
MOD - C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe ()
MOD - C:\Program Files\VTech\DownloadManager\System\DACommCenter.dll ()
MOD - C:\Program Files\VTech\DownloadManager\System\QtGui4.dll ()
MOD - C:\Program Files\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll ()
MOD - C:\Program Files\VTech\DownloadManager\System\QtCore4.dll ()
MOD - C:\Program Files\VTech\DownloadManager\System\QtWebKit4.dll ()
MOD - C:\Program Files\VTech\DownloadManager\System\phonon4.dll ()
MOD - C:\Program Files\VTech\DownloadManager\System\QtXmlPatterns4.dll ()
MOD - C:\Program Files\VTech\DownloadManager\System\QtNetwork4.dll ()
MOD - C:\Program Files\VTech\DownloadManager\System\QtXml4.dll ()


========== Win32 Services (SafeList) ==========

SRV - (GuffinsService) -- File not found
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MOBK755backup) -- C:\Program Files\McAfee Online Backup\MOBK755backup.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (ICScsiSV) -- C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe (Sony Corporation)
SRV - (IcVzMonLauncher) -- C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe (Sony Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Program Files\Sony\Image Converter 3\IcVzMon.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)


========== Driver Services (SafeList) ==========

DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MOBK755Filter) -- C:\Windows\System32\drivers\MOBK755.sys (Mozy, Inc.)
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (mr97310c) -- C:\Windows\System32\drivers\mr97310c.sys (Mars Semiconductor Corp.)
DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys ()
DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)
DRV - (SonyImgF) -- C:\Windows\System32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh)
DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh)
DRV - (Cdralw2k) -- C:\Windows\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\Windows\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation)
DRV - (slim) -- C:\Windows\System32\drivers\slim.sys (Sony Corporation)
DRV - (USBAVCap) -- C:\Windows\System32\drivers\USBAVCap.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\sscdserd.sys (MCCI)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ece24dcf-8548-4655-b392-47a388721482} - C:\Program Files\TenchisTV\prxtbTen0.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:43902

IE - HKU\S-1-5-18\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-18\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:43902



IE - HKU\S-1-5-21-1741290659-858044500-3998602421-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-1741290659-858044500-3998602421-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-21-1741290659-858044500-3998602421-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1741290659-858044500-3998602421-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1741290659-858044500-3998602421-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1741290659-858044500-3998602421-1005\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1741290659-858044500-3998602421-1005\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1741290659-858044500-3998602421-1005\..\URLSearchHook: {ece24dcf-8548-4655-b392-47a388721482} - C:\Program Files\TenchisTV\prxtbTen0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1741290659-858044500-3998602421-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1741290659-858044500-3998602421-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: toolbar@shopathome.com:5.0.3.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Guffins.com/Plugin: C:\Program Files\Guffins\bar\1.bin\NPu4Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Luis\AppData\Roaming\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Luis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Luis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Luis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Luis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Luis\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\u4ffxtbr@Guffins.com: C:\Program Files\Guffins\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/10 08:00:34 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/09 16:39:58 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/15 20:21:14 | 000,000,000 | -H-D | M]

[2010/01/24 13:16:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Luis\AppData\Roaming\Mozilla\Extensions
[2010/01/24 13:16:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Luis\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/24 19:48:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\lfjek4sw.default\extensions
[2010/04/30 12:58:19 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\lfjek4sw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/23 13:31:44 | 000,000,000 | -H-D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\lfjek4sw.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/01/23 13:31:44 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\lfjek4sw.default\extensions\engine@conduit.com
[2010/01/16 10:55:21 | 000,000,000 | -H-D | M] (ShopAtHome Intelligent Shopping Toolbar) -- C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\lfjek4sw.default\extensions\toolbar@shopathome.com
[2010/11/25 22:12:11 | 000,000,000 | -H-D | M] (vShare) -- C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\lfjek4sw.default\extensions\vshare@toolbar
[2011/04/24 19:58:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/23 19:21:13 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/11/10 08:00:34 | 000,000,000 | -H-D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/04/14 14:01:38 | 000,024,376 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2009/12/27 19:40:57 | 000,393,216 | -H-- | M] (Invenda Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2009/11/19 16:16:28 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/02/02 20:40:24 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/12/06 19:37:55 | 000,002,024 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: E-centives Coupon Activator Netscape Plugin v. 4.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Luis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Luis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Luis\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: SiteAdvisor = C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: Gmail = C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120109163957.dll (McAfee, Inc.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O2 - BHO: (TenchisTV Toolbar) - {ece24dcf-8548-4655-b392-47a388721482} - C:\Program Files\TenchisTV\prxtbTen0.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3 - HKLM\..\Toolbar: (TenchisTV Toolbar) - {ece24dcf-8548-4655-b392-47a388721482} - C:\Program Files\TenchisTV\prxtbTen0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1741290659-858044500-3998602421-1005\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-1741290659-858044500-3998602421-1005\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1741290659-858044500-3998602421-1005\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1741290659-858044500-3998602421-1005\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3 - HKU\S-1-5-21-1741290659-858044500-3998602421-1005\..\Toolbar\WebBrowser: (TenchisTV Toolbar) - {ECE24DCF-8548-4655-B392-47A388721482} - C:\Program Files\TenchisTV\prxtbTen0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AgentMonitor] C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-1741290659-858044500-3998602421-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1741290659-858044500-3998602421-1005\..Trusted Domains: applicationentry.com ([www] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://supportcenter.rr.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} http://w4s.work4sure.com/c/ge/w4sgeen9.exe (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab (Bejeweled Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} http://chat.yahoo.com/cab/yuplapp.cab (Yahoo! Webcam Upload Wrapper)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36AC859A-BC71-4B65-98FD-88CB0B7E1C03}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94AF4B5C-5A56-4F84-9412-C10C5A5E064A}: DhcpNameServer = 76.85.229.110 76.85.229.111
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Luis\Pictures\RinconesMO.jpg
O24 - Desktop BackupWallPaper: C:\Users\Luis\Pictures\RinconesMO.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3df471e7-b987-11e0-acad-0013a9f60fe0}\Shell - "" = AutoRun
O33 - MountPoints2\{3df471e7-b987-11e0-acad-0013a9f60fe0}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SsiEfr.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/20 21:39:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Luis\Desktop\OTL.exe
[2012/01/20 21:08:25 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Luis\Desktop\aswMBR.exe
[2012/01/20 20:02:21 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/01/20 19:57:15 | 002,054,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Luis\Desktop\tdsskiller.exe
[2012/01/19 22:42:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/19 22:42:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/19 22:42:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/19 22:40:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/19 18:19:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/19 17:44:57 | 004,388,721 | R--- | C] (Swearware) -- C:\Users\Luis\Desktop\ComboFix.exe
[2012/01/14 20:17:32 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Luis\Desktop\dds.scr
[2012/01/11 23:47:29 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/11 17:34:33 | 000,000,000 | ---D | C] -- C:\Users\Luis\AppData\Roaming\SmartPCTools
[2012/01/11 17:34:26 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPCTools
[2012/01/11 17:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Repair Wizard
[2012/01/09 17:35:48 | 000,000,000 | -H-D | C] -- C:\Users\Luis\AppData\Local\{87B342F6-2F62-4362-A83B-9CA3EB0B6436}
[2012/01/09 17:35:24 | 000,000,000 | -H-D | C] -- C:\Users\Luis\AppData\Local\{44BCD215-7CD0-42F6-B945-B14397752F7A}
[2012/01/09 17:33:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/01/09 00:01:48 | 000,000,000 | -H-D | C] -- C:\Program Files\MalwarebytesAntiMalware
[2012/01/08 15:21:08 | 000,000,000 | -H-D | C] -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/08 14:46:39 | 000,000,000 | -H-D | C] -- C:\Users\Luis\AppData\Local\{69843773-AD6D-4BD0-AF42-6FDE201B2E7F}
[2012/01/08 14:46:11 | 000,000,000 | -H-D | C] -- C:\Users\Luis\AppData\Local\{90EF295D-B368-401C-B66F-FFFC94A06651}
[2012/01/05 20:13:43 | 000,000,000 | -H-D | C] -- C:\Program Files\McAfeeMOBK
[2012/01/05 20:13:28 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Online Backup
[2012/01/05 20:13:27 | 000,054,776 | -H-- | C] (Mozy, Inc.) -- C:\Windows\System32\drivers\MOBK755.sys
[2012/01/05 20:13:25 | 000,000,000 | -H-D | C] -- C:\Program Files\McAfee Online Backup
[2012/01/04 17:19:34 | 000,000,000 | -H-D | C] -- C:\Users\Luis\AppData\Local\{4DE9B60D-0780-45FD-949E-B46613050637}
[2012/01/04 17:19:21 | 000,000,000 | -H-D | C] -- C:\Users\Luis\AppData\Local\{73305650-F436-4008-9A54-AFA75157F169}
[2012/01/04 17:16:08 | 000,000,000 | -H-D | C] -- C:\Windows\en
[2012/01/04 16:39:31 | 000,000,000 | -H-D | C] -- C:\Users\Luis\AppData\Local\{2B397630-732E-4C27-AFDF-196371F384E5}
[2012/01/04 16:39:02 | 000,000,000 | -H-D | C] -- C:\Users\Luis\AppData\Local\{6B3648A3-5074-472F-95D7-4CBC0F1B60F0}
[2011/12/28 07:12:26 | 000,000,000 | -H-D | C] -- C:\Users\Luis\AppData\Local\{05B77780-2531-462D-9DC4-773914D066CD}
[2011/12/28 07:12:11 | 000,000,000 | -H-D | C] -- C:\Users\Luis\AppData\Local\{503FFF02-CFF9-475A-8607-F49CB1EE1C53}
[2011/12/25 01:26:39 | 000,000,000 | -H-D | C] -- C:\Users\Luis\AppData\Local\cache
[2011/12/25 01:26:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTech
[2011/12/25 01:25:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\VTech
[2011/12/25 01:25:14 | 000,000,000 | -H-D | C] -- C:\Program Files\VTech
[2011/12/24 15:27:21 | 000,000,000 | -H-D | C] -- C:\Users\Luis\AppData\Local\{896B14DE-EA5B-4D90-B81B-26F861EE2483}
[2011/12/24 15:27:03 | 000,000,000 | -H-D | C] -- C:\Users\Luis\AppData\Local\{2942F17C-7D70-4744-8906-0A0A29D7B8EA}
[2011/12/23 16:21:35 | 000,000,000 | -H-D | C] -- C:\Users\Luis\AppData\Local\{45267DE4-BAF5-4DE9-911B-FDD4A40D5347}
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/20 21:41:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Luis\Desktop\OTL.exe
[2012/01/20 21:40:01 | 000,000,904 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1741290659-858044500-3998602421-1005UA.job
[2012/01/20 21:34:03 | 000,000,886 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/20 21:09:59 | 000,000,512 | ---- | M] () -- C:\Users\Luis\Desktop\MBR.dat
[2012/01/20 21:09:00 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Luis\Desktop\aswMBR.exe
[2012/01/20 20:28:35 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/20 20:28:35 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/20 19:57:16 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Luis\Desktop\tdsskiller.exe
[2012/01/20 11:40:04 | 000,000,852 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1741290659-858044500-3998602421-1005Core.job
[2012/01/20 00:19:04 | 000,000,882 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/19 22:41:08 | 004,388,721 | R--- | M] (Swearware) -- C:\Users\Luis\Desktop\ComboFix.exe
[2012/01/19 22:28:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/19 22:28:24 | 3219,316,736 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/19 22:24:31 | 000,001,356 | ---- | M] () -- C:\Users\Luis\AppData\Local\d3d9caps.dat
[2012/01/19 21:12:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/01/15 20:21:14 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/15 03:27:00 | 000,000,354 | -H-- | M] () -- C:\Windows\tasks\Driver Robot.job
[2012/01/14 20:29:41 | 000,302,592 | ---- | M] () -- C:\Users\Luis\Desktop\rhz8x5z3.exe
[2012/01/14 20:28:55 | 000,021,943 | ---- | M] () -- C:\Users\Luis\Desktop\gmer.htm
[2012/01/14 20:26:45 | 000,006,467 | ---- | M] () -- C:\Users\Luis\Desktop\Attach.rar
[2012/01/14 20:17:33 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Luis\Desktop\dds.scr
[2012/01/14 20:15:16 | 000,000,000 | ---- | M] () -- C:\Users\Luis\defogger_reenable
[2012/01/14 20:14:26 | 000,050,477 | ---- | M] () -- C:\Users\Luis\Desktop\Defogger.exe
[2012/01/11 23:14:49 | 000,073,216 | -H-- | M] () -- C:\Users\Luis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/11 17:34:28 | 000,000,951 | ---- | M] () -- C:\Users\Luis\Desktop\Registry Repair Wizard 2011.lnk
[2012/01/10 21:44:48 | 000,064,584 | -H-- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2012/01/10 21:01:21 | 317,925,219 | -H-- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/10 18:12:15 | 000,005,874 | -HS- | M] () -- C:\ProgramData\x6368wn08b71x8435ee60qqyhdf0g6jsnl03dq85jb2mg
[2012/01/10 17:23:46 | 000,003,762 | -HS- | M] () -- C:\ProgramData\4yioh35pi1jm5oxuy26qd754668s5u1151cx86ui60d55
[2012/01/10 15:28:13 | 000,005,866 | -HS- | M] () -- C:\Users\Luis\AppData\Local\5lrmp68qn8pd2wfyy33fb062742a1p0156wp47ye54y11
[2012/01/10 15:28:13 | 000,005,866 | -HS- | M] () -- C:\ProgramData\5lrmp68qn8pd2wfyy33fb062742a1p0156wp47ye54y11
[2012/01/10 02:40:36 | 000,003,968 | -HS- | M] () -- C:\ProgramData\l3467ti87i30p6520oh45wxwuwv0v8eduk46yw67ag0gv
[2012/01/09 05:47:11 | 000,003,026 | -HS- | M] () -- C:\ProgramData\26ckdt20p303tb1mc3dbj50t0e1i33216uat0541i3ej65
[2012/01/08 15:41:04 | 000,000,629 | -H-- | M] () -- C:\Users\Luis\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/08 15:21:08 | 000,000,605 | -H-- | M] () -- C:\Users\Luis\Desktop\System Check.lnk
[2012/01/08 14:18:43 | 000,009,422 | -HS- | M] () -- C:\ProgramData\647w8y7f5547
[2012/01/08 14:18:42 | 000,009,422 | -HS- | M] () -- C:\Users\Luis\AppData\Local\647w8y7f5547
[2012/01/08 13:11:05 | 000,009,310 | -HS- | M] () -- C:\ProgramData\3491670260
[2012/01/07 18:02:46 | 000,000,017 | -H-- | M] () -- C:\Windows\System32\package.lst
[2012/01/07 03:30:29 | 000,002,934 | -H-- | M] () -- C:\Windows\MOBK755.blk
[2012/01/07 03:30:29 | 000,001,818 | -H-- | M] () -- C:\Windows\MOBK755.flt
[2011/12/31 01:55:47 | 000,087,637 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011/12/31 01:55:46 | 000,087,637 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011/12/27 21:37:22 | 000,000,579 | -H-- | M] () -- C:\Users\Luis\AppData\Local\cookies.ini
[2011/12/27 20:22:11 | 000,663,138 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/27 20:22:11 | 000,127,014 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/25 01:26:02 | 000,001,006 | -H-- | M] () -- C:\Users\Luis\Desktop\Learning Lodge Navigator.lnk
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/20 21:09:59 | 000,000,512 | ---- | C] () -- C:\Users\Luis\Desktop\MBR.dat
[2012/01/19 22:42:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/19 22:42:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/19 22:42:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/19 22:42:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/19 22:42:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/19 22:28:24 | 3219,316,736 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/15 20:21:14 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/15 20:21:14 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/14 20:29:39 | 000,302,592 | ---- | C] () -- C:\Users\Luis\Desktop\rhz8x5z3.exe
[2012/01/14 20:28:54 | 000,021,943 | ---- | C] () -- C:\Users\Luis\Desktop\gmer.htm
[2012/01/14 20:26:45 | 000,006,467 | ---- | C] () -- C:\Users\Luis\Desktop\Attach.rar
[2012/01/14 20:15:16 | 000,000,000 | ---- | C] () -- C:\Users\Luis\defogger_reenable
[2012/01/14 20:14:26 | 000,050,477 | ---- | C] () -- C:\Users\Luis\Desktop\Defogger.exe
[2012/01/11 17:34:28 | 000,000,951 | ---- | C] () -- C:\Users\Luis\Desktop\Registry Repair Wizard 2011.lnk
[2012/01/10 18:11:10 | 000,005,874 | -HS- | C] () -- C:\ProgramData\x6368wn08b71x8435ee60qqyhdf0g6jsnl03dq85jb2mg
[2012/01/10 17:22:44 | 000,003,762 | -HS- | C] () -- C:\ProgramData\4yioh35pi1jm5oxuy26qd754668s5u1151cx86ui60d55
[2012/01/10 15:27:14 | 000,005,866 | -HS- | C] () -- C:\Users\Luis\AppData\Local\5lrmp68qn8pd2wfyy33fb062742a1p0156wp47ye54y11
[2012/01/10 15:25:52 | 000,005,866 | -HS- | C] () -- C:\ProgramData\5lrmp68qn8pd2wfyy33fb062742a1p0156wp47ye54y11
[2012/01/10 02:39:44 | 000,003,968 | -HS- | C] () -- C:\ProgramData\l3467ti87i30p6520oh45wxwuwv0v8eduk46yw67ag0gv
[2012/01/09 05:46:12 | 000,003,026 | -HS- | C] () -- C:\ProgramData\26ckdt20p303tb1mc3dbj50t0e1i33216uat0541i3ej65
[2012/01/08 15:41:04 | 000,000,629 | -H-- | C] () -- C:\Users\Luis\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/08 15:21:08 | 000,000,605 | -H-- | C] () -- C:\Users\Luis\Desktop\System Check.lnk
[2012/01/08 13:11:05 | 000,009,422 | -HS- | C] () -- C:\Users\Luis\AppData\Local\647w8y7f5547
[2012/01/08 13:11:05 | 000,009,310 | -HS- | C] () -- C:\ProgramData\3491670260
[2012/01/08 12:57:50 | 000,009,422 | -HS- | C] () -- C:\ProgramData\647w8y7f5547
[2011/12/25 01:26:49 | 000,000,579 | -H-- | C] () -- C:\Users\Luis\AppData\Local\cookies.ini
[2011/12/25 01:26:02 | 000,001,006 | -H-- | C] () -- C:\Users\Luis\Desktop\Learning Lodge Navigator.lnk
[2011/06/22 15:52:13 | 000,085,504 | -H-- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/04/17 13:29:13 | 000,011,680 | -HS- | C] () -- C:\Users\Luis\AppData\Local\f8772mw7g33g3lwtxyp0v8j2j1s27802s75cw2h36dlal
[2011/04/17 13:29:13 | 000,011,680 | -HS- | C] () -- C:\ProgramData\f8772mw7g33g3lwtxyp0v8j2j1s27802s75cw2h36dlal
[2010/12/04 08:17:43 | 000,001,157 | -H-- | C] () -- C:\ProgramData\4234763123.dat
[2010/11/19 20:47:37 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/08/09 19:34:39 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/04/02 09:04:09 | 000,815,104 | -H-- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/04/02 09:04:09 | 000,180,224 | -H-- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/03/31 08:02:53 | 000,023,086 | -H-- | C] () -- C:\Windows\hpqins15.dat
[2010/03/26 14:24:21 | 000,139,862 | -H-- | C] () -- C:\Windows\hpoins15.dat
[2010/03/20 23:17:53 | 000,000,256 | -H-- | C] () -- C:\Windows\System32\pool.bin
[2010/03/05 15:01:34 | 001,503,232 | -H-- | C] () -- C:\Windows\System32\ptj.exe
[2010/03/05 15:01:33 | 004,369,408 | -H-- | C] () -- C:\Windows\System32\pdftk.exe
[2010/03/05 15:01:32 | 000,235,008 | -H-- | C] () -- C:\Windows\System32\office.exe
[2009/12/02 17:32:25 | 000,087,637 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2009/12/02 17:32:25 | 000,087,637 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2009/12/02 15:24:28 | 000,012,978 | -H-- | C] () -- C:\Users\Luis\AppData\Roaming\nvModes.001
[2009/12/02 15:23:35 | 000,012,978 | -H-- | C] () -- C:\Users\Luis\AppData\Roaming\nvModes.dat
[2009/09/23 16:45:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/23 16:45:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/10 22:26:02 | 000,000,000 | -H-- | C] () -- C:\Users\Luis\AppData\Roaming\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/06 06:18:42 | 000,001,356 | ---- | C] () -- C:\Users\Luis\AppData\Local\d3d9caps.dat
[2008/09/17 02:03:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/20 00:47:00 | 000,000,092 | -H-- | C] () -- C:\Users\Luis\AppData\Local\fusioncache.dat
[2008/06/22 14:29:22 | 000,073,216 | -H-- | C] () -- C:\Users\Luis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/20 14:05:59 | 000,001,039 | -H-- | C] () -- C:\Windows\hpomdl15.dat
[2007/03/23 21:49:28 | 000,019,968 | -H-- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2007/03/23 21:37:44 | 000,532,480 | -H-- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2007/03/23 21:30:33 | 001,132,112 | -H-- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2007/03/13 12:56:48 | 000,000,000 | -H-- | C] () -- C:\Windows\VAIOUpdt.INI
[2007/03/13 11:30:48 | 000,000,031 | -H-- | C] () -- C:\Windows\System32\elcric.dat
[2007/03/12 20:22:43 | 000,204,800 | -H-- | C] () -- C:\Windows\System32\igfxCoIn_v1151.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,384,800 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,663,138 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,127,014 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat
[2001/10/12 09:58:20 | 000,028,672 | -H-- | C] () -- C:\Windows\System32\mr310exd.dll
[2001/10/12 09:57:18 | 000,036,864 | -H-- | C] () -- C:\Windows\System32\mr310exv.dll
[2000/12/07 09:13:58 | 000,015,164 | -H-- | C] () -- C:\Windows\mr310twc.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1CA73D29

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 AM

Posted 20 January 2012 - 10:55 PM

did you run the unhide program?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 saidinlr

saidinlr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 20 January 2012 - 10:59 PM

just saw it. running it now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users