Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

temp:winupd on Windows XP


  • This topic is locked This topic is locked
36 replies to this topic

#1 Dont Shoot Me

Dont Shoot Me

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 24 January 2012 - 01:34 AM

I was working on removing the temp:winupd virus from my computer in the Am I Infected? What do I do? forum and I was advised to post a new thread here [original thread]. I was also advised to run DDS and GMER.

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Run by Brett at 22:12:33 on 2012-01-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3068.1038 [GMT -6:00]
.
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: McAfee VirusScan Enterprise *Disabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Immunet Protect *Enabled/Updated* {F1220F1F-7E2E-48CD-846D-B98C6F85CD37}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Immunet Protect\2.0.17\agent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Immunet Protect\2.0.17\iptray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\StarCraft II\Versions\Base19679\SC2.exe
C:\Program Files\Safari\Safari.exe
C:\Documents and Settings\Brett\My Documents\l5zsdjnq.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = local
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} -
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: H - No File
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\program files\bearsharetb\BearShareDx.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\program files\bearshare applications\bearshare\BearShareIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\program files\bearsharetb\BearShareDx.dll
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} -
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [Immunet Protect] "c:\program files\immunet protect\2.0.17\iptray.exe"
mRun: [jswtrayutil] "c:\program files\netgear\wn111v2\jswtrayutil.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252376986546
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{9F8CFEAF-F95E-4349-A725-CDC4C1C1F763} : DhcpNameServer = 10.0.0.1
Filter: text/html - {2882afce-e1d7-42a4-9f1f-4bf6649ffaf3} -
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\brett\application data\mozilla\firefox\profiles\y2cy3grn.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/webResults.html?src=ffb&q=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-2-27 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-2-27 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-2-27 656320]
R1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\drivers\ImmunetProtect.sys [2011-2-27 41424]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\drivers\ImmunetSelfProtect.sys [2011-2-27 31184]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2009-6-8 31848]
R2 ImmunetProtect;Immunet Protect;c:\program files\immunet protect\2.0.17\agent.exe [2011-2-27 756680]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-19 652872]
R2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\microsoft.net\framework\v1.1.4322\netfxupdate.exe [2007-1-15 73728]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-19 20464]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2009-1-14 458752]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-7-19 244368]
S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-8-26 73512]
S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-8-26 34408]
S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-8-26 177864]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S4 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
S4 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-8-26 104000]
S4 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2009-6-8 144704]
S4 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2009-6-8 54608]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-2-27 366840]
S4 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-2-27 1150936]
S4 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]
.
=============== Created Last 30 ================
.
2012-01-21 10:10:28 -------- d-----w- c:\program files\ESET
2012-01-19 19:16:36 -------- d-----w- c:\documents and settings\brett\application data\Malwarebytes
2012-01-19 19:16:26 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-19 19:16:23 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-19 19:16:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-05 18:51:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2012-01-19 22:01:13 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-02-27 17:57:56 44 ---h--w- c:\program files\aebbac29.tmp
.
============= FINISH: 22:13:17.56 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:37 AM

Posted 24 January 2012 - 03:29 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Running aswMBR.exe

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image



NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. aswMBR.exe log.
4. Farbar Service Scanner log.
5. OTL.txt & Extras.txt logs.
6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
Agent ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Dont Shoot Me

Dont Shoot Me
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 24 January 2012 - 05:06 AM

TDSSKiller log:

03:13:49.0859 0744 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
03:13:50.0921 0744 ============================================================
03:13:50.0921 0744 Current date / time: 2012/01/24 03:13:50.0921
03:13:50.0921 0744 SystemInfo:
03:13:50.0921 0744
03:13:50.0921 0744 OS Version: 5.1.2600 ServicePack: 3.0
03:13:50.0921 0744 Product type: Workstation
03:13:50.0921 0744 ComputerName: A
03:13:50.0921 0744 UserName: Brett
03:13:50.0921 0744 Windows directory: C:\WINDOWS
03:13:50.0921 0744 System windows directory: C:\WINDOWS
03:13:50.0921 0744 Processor architecture: Intel x86
03:13:50.0921 0744 Number of processors: 2
03:13:50.0921 0744 Page size: 0x1000
03:13:50.0921 0744 Boot type: Normal boot
03:13:50.0921 0744 ============================================================
03:13:53.0390 0744 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
03:13:53.0468 0744 Initialize success
03:13:59.0781 3752 ============================================================
03:13:59.0781 3752 Scan started
03:13:59.0781 3752 Mode: Manual;
03:13:59.0781 3752 ============================================================
03:14:00.0062 3752 Abiosdsk - ok
03:14:00.0078 3752 abp480n5 - ok
03:14:00.0109 3752 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
03:14:00.0109 3752 ACPI - ok
03:14:00.0125 3752 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
03:14:00.0125 3752 ACPIEC - ok
03:14:00.0140 3752 adpu160m - ok
03:14:00.0187 3752 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
03:14:00.0187 3752 aec - ok
03:14:00.0218 3752 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
03:14:00.0218 3752 AFD - ok
03:14:00.0234 3752 Aha154x - ok
03:14:00.0234 3752 aic78u2 - ok
03:14:00.0234 3752 aic78xx - ok
03:14:00.0250 3752 AliIde - ok
03:14:00.0265 3752 amsint - ok
03:14:00.0281 3752 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
03:14:00.0296 3752 Arp1394 - ok
03:14:00.0296 3752 asc - ok
03:14:00.0296 3752 asc3350p - ok
03:14:00.0312 3752 asc3550 - ok
03:14:00.0343 3752 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
03:14:00.0343 3752 AsyncMac - ok
03:14:00.0390 3752 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
03:14:00.0390 3752 atapi - ok
03:14:00.0406 3752 Atdisk - ok
03:14:00.0437 3752 ati2mtag (05e3f2c18b991eca35f08ba4b2854191) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
03:14:00.0500 3752 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ati2mtag.sys. Real md5: 05e3f2c18b991eca35f08ba4b2854191, Fake md5: 15b2fe76e2eceb98c49ed52311a6f26f
03:14:00.0500 3752 ati2mtag ( ForgedFile.Multi.Generic ) - warning
03:14:00.0500 3752 ati2mtag - detected ForgedFile.Multi.Generic (1)
03:14:00.0546 3752 AtiHdmiService (d9bc8892b9440a2551b8148c57aa039e) C:\WINDOWS\system32\drivers\AtiHdmi.sys
03:14:00.0546 3752 AtiHdmiService - ok
03:14:00.0593 3752 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
03:14:00.0593 3752 atksgt - ok
03:14:00.0640 3752 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
03:14:00.0640 3752 Atmarpc - ok
03:14:00.0671 3752 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
03:14:00.0671 3752 audstub - ok
03:14:00.0687 3752 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
03:14:00.0687 3752 Beep - ok
03:14:00.0718 3752 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
03:14:00.0718 3752 cbidf2k - ok
03:14:00.0718 3752 cd20xrnt - ok
03:14:00.0734 3752 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
03:14:00.0734 3752 Cdaudio - ok
03:14:00.0765 3752 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
03:14:00.0765 3752 Cdfs - ok
03:14:00.0781 3752 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
03:14:00.0781 3752 Cdrom - ok
03:14:00.0796 3752 Changer - ok
03:14:00.0812 3752 CmdIde - ok
03:14:00.0812 3752 Cpqarray - ok
03:14:00.0828 3752 dac2w2k - ok
03:14:00.0828 3752 dac960nt - ok
03:14:00.0843 3752 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
03:14:00.0843 3752 Disk - ok
03:14:00.0875 3752 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
03:14:00.0875 3752 dmboot - ok
03:14:00.0906 3752 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
03:14:00.0906 3752 dmio - ok
03:14:00.0921 3752 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
03:14:00.0921 3752 dmload - ok
03:14:00.0953 3752 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
03:14:00.0968 3752 DMusic - ok
03:14:01.0000 3752 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
03:14:01.0000 3752 DNINDIS5 - ok
03:14:01.0015 3752 dpti2o - ok
03:14:01.0015 3752 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
03:14:01.0015 3752 drmkaud - ok
03:14:01.0062 3752 e1yexpress (aee21a637ede5bd4f89cd90883149104) C:\WINDOWS\system32\DRIVERS\e1y5132.sys
03:14:01.0062 3752 e1yexpress - ok
03:14:01.0093 3752 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
03:14:01.0093 3752 Fastfat - ok
03:14:01.0125 3752 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
03:14:01.0125 3752 Fdc - ok
03:14:01.0156 3752 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
03:14:01.0156 3752 Fips - ok
03:14:01.0171 3752 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
03:14:01.0171 3752 Flpydisk - ok
03:14:01.0203 3752 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
03:14:01.0203 3752 FltMgr - ok
03:14:01.0218 3752 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
03:14:01.0218 3752 Fs_Rec - ok
03:14:01.0234 3752 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
03:14:01.0250 3752 Ftdisk - ok
03:14:01.0281 3752 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
03:14:01.0281 3752 GEARAspiWDM - ok
03:14:01.0312 3752 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
03:14:01.0312 3752 Gpc - ok
03:14:01.0343 3752 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
03:14:01.0343 3752 HDAudBus - ok
03:14:01.0375 3752 HECI (e4a123ad734a3731d29ebd3a01b3e535) C:\WINDOWS\system32\DRIVERS\HECI.sys
03:14:01.0375 3752 HECI - ok
03:14:01.0406 3752 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
03:14:01.0406 3752 HidUsb - ok
03:14:01.0421 3752 hpn - ok
03:14:01.0453 3752 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
03:14:01.0453 3752 HTTP - ok
03:14:01.0468 3752 i2omgmt - ok
03:14:01.0468 3752 i2omp - ok
03:14:01.0500 3752 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sy@
03:14:01.0500 3752 i8042prt - ok
03:14:01.0515 3752 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
03:14:01.0515 3752 Imapi - ok
03:14:01.0578 3752 ImmunetProtectDriver (0452cbd785659bb9e86b6c849bc292f9) C:\WINDOWS\system32\DRIVERS\ImmunetProtect.sys
03:14:01.0578 3752 ImmunetProtectDriver - ok
03:14:01.0578 3752 ImmunetSelfProtectDriver (426737322b000e3d9d7fb5b13f443b27) C:\WINDOWS\system32\DRIVERS\ImmunetSelfProtect.sys
03:14:01.0578 3752 ImmunetSelfProtectDriver - ok
03:14:01.0593 3752 ini910u - ok
03:14:01.0625 3752 IntcAzAudAddService (fc54a68349d29eeec8f373aea9819667) C:\WINDOWS\system32\drivers\RtkHDAud.sys
03:14:01.0703 3752 Suspicious file (Forged): C:\WINDOWS\system32\drivers\RtkHDAud.sys. Real md5: fc54a68349d29eeec8f373aea9819667, Fake md5: 19afbb8427ce65042599555e578170df
03:14:01.0703 3752 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - warning
03:14:01.0703 3752 IntcAzAudAddService - detected ForgedFile.Multi.Generic (1)
03:14:01.0718 3752 IntelIde - ok
03:14:01.0718 3752 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
03:14:01.0734 3752 intelppm - ok
03:14:01.0750 3752 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
03:14:01.0750 3752 Ip6Fw - ok
03:14:01.0781 3752 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
03:14:01.0796 3752 IpFilterDriver - ok
03:14:01.0796 3752 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
03:14:01.0796 3752 IpInIp - ok
03:14:01.0812 3752 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
03:14:01.0812 3752 IpNat - ok
03:14:01.0812 3752 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
03:14:01.0828 3752 IPSec - ok
03:14:01.0859 3752 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
03:14:01.0859 3752 IRENUM - ok
03:14:01.0875 3752 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
03:14:01.0875 3752 isapnp - ok
03:14:01.0890 3752 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
03:14:01.0890 3752 JSWSCIMD - ok
03:14:01.0906 3752 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
03:14:01.0906 3752 Kbdclass - ok
03:14:01.0906 3752 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
03:14:01.0906 3752 kbdhid - ok
03:14:01.0937 3752 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
03:14:01.0937 3752 kmixer - ok
03:14:01.0968 3752 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
03:14:01.0968 3752 KSecDD - ok
03:14:01.0984 3752 lbrtfdc - ok
03:14:02.0000 3752 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
03:14:02.0000 3752 lirsgt - ok
03:14:02.0015 3752 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
03:14:02.0015 3752 MBAMProtector - ok
03:14:02.0062 3752 mfeapfk (11115e2281dd9b885b038abb11dd8a75) C:\WINDOWS\system32\drivers\mfeapfk.sys
03:14:02.0078 3752 mfeapfk - ok
03:14:02.0078 3752 mfeavfk (a14941aea876c395214f918b011a1371) C:\WINDOWS\system32\drivers\mfeavfk.sys
03:14:02.0078 3752 mfeavfk - ok
03:14:02.0093 3752 mfebopk (59b8443b78c46d2ac4767938e778f043) C:\WINDOWS\system32\drivers\mfebopk.sys
03:14:02.0093 3752 mfebopk - ok
03:14:02.0109 3752 mfehidk (116689b95a37efca0acc2ac421795e60) C:\WINDOWS\system32\drivers\mfehidk.sys
03:14:02.0109 3752 mfehidk - ok
03:14:02.0156 3752 mferkdk (6e1e4bb2866260f2949a3b7a0759e3c6) C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
03:14:02.0156 3752 mferkdk - ok
03:14:02.0171 3752 mfetdik (8468969c92d1dd1fa872cc6c936e4d60) C:\WINDOWS\system32\drivers\mfetdik.sys
03:14:02.0171 3752 mfetdik - ok
03:14:02.0203 3752 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
03:14:02.0203 3752 Modem - ok
03:14:02.0234 3752 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
03:14:02.0234 3752 Mouclass - ok
03:14:02.0265 3752 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
03:14:02.0265 3752 mouhid - ok
03:14:02.0281 3752 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
03:14:02.0281 3752 MountMgr - ok
03:14:02.0296 3752 mraid35x - ok
03:14:02.0312 3752 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
03:14:02.0328 3752 MRxDAV - ok
03:14:02.0343 3752 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
03:14:02.0343 3752 MRxSmb - ok
03:14:02.0359 3752 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
03:14:02.0375 3752 Msfs - ok
03:14:02.0390 3752 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
03:14:02.0390 3752 MSKSSRV - ok
03:14:02.0421 3752 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
03:14:02.0421 3752 MSPCLOCK - ok
03:14:02.0437 3752 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
03:14:02.0437 3752 MSPQM - ok
03:14:02.0468 3752 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
03:14:02.0468 3752 mssmbios - ok
03:14:02.0484 3752 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
03:14:02.0500 3752 Mup - ok
03:14:02.0515 3752 NAL (a467e1deb3bb2b57426c8a5993ba933e) C:\WINDOWS\system32\Drivers\iqvw32.sys
03:14:02.0531 3752 NAL - ok
03:14:02.0531 3752 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
03:14:02.0546 3752 NDIS - ok
03:14:02.0562 3752 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
03:14:02.0562 3752 NdisTapi - ok
03:14:02.0578 3752 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
03:14:02.0578 3752 Ndisuio - ok
03:14:02.0593 3752 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
03:14:02.0593 3752 NdisWan - ok
03:14:02.0656 3752 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
03:14:02.0656 3752 NDProxy - ok
03:14:02.0671 3752 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
03:14:02.0671 3752 NetBIOS - ok
03:14:02.0687 3752 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
03:14:02.0687 3752 NetBT - ok
03:14:02.0718 3752 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
03:14:02.0718 3752 NIC1394 - ok
03:14:02.0734 3752 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
03:14:02.0734 3752 Npfs - ok
03:14:02.0750 3752 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
03:14:02.0750 3752 Ntfs - ok
03:14:02.0812 3752 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
03:14:02.0812 3752 Null - ok
03:14:02.0828 3752 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
03:14:02.0828 3752 NwlnkFlt - ok
03:14:02.0828 3752 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
03:14:02.0843 3752 NwlnkFwd - ok
03:14:02.0843 3752 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
03:14:02.0859 3752 ohci1394 - ok
03:14:02.0875 3752 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
03:14:02.0890 3752 Parport - ok
03:14:02.0890 3752 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
03:14:02.0890 3752 PartMgr - ok
03:14:02.0906 3752 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
03:14:02.0906 3752 ParVdm - ok
03:14:02.0921 3752 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
03:14:02.0921 3752 PCI - ok
03:14:02.0937 3752 PCIDump - ok
03:14:02.0953 3752 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
03:14:02.0953 3752 PCIIde - ok
03:14:02.0968 3752 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
03:14:02.0968 3752 Pcmcia - ok
03:14:03.0000 3752 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\WINDOWS\system32\drivers\PCTCore.sys
03:14:03.0000 3752 PCTCore - ok
03:14:03.0015 3752 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
03:14:03.0015 3752 pctDS - ok
03:14:03.0031 3752 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys
03:14:03.0046 3752 pctEFA - ok
03:14:03.0046 3752 PDCOMP - ok
03:14:03.0062 3752 PDFRAME - ok
03:14:03.0062 3752 PDRELI - ok
03:14:03.0062 3752 PDRFRAME - ok
03:14:03.0078 3752 perc2 - ok
03:14:03.0078 3752 perc2hib - ok
03:14:03.0109 3752 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
03:14:03.0125 3752 PptpMiniport - ok
03:14:03.0125 3752 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
03:14:03.0125 3752 PSched - ok
03:14:03.0140 3752 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
03:14:03.0156 3752 Ptilink - ok
03:14:03.0156 3752 ql1080 - ok
03:14:03.0156 3752 Ql10wnt - ok
03:14:03.0171 3752 ql12160 - ok
03:14:03.0171 3752 ql1240 - ok
03:14:03.0187 3752 ql1280 - ok
03:14:03.0203 3752 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
03:14:03.0203 3752 RasAcd - ok
03:14:03.0218 3752 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
03:14:03.0218 3752 Rasl2tp - ok
03:14:03.0234 3752 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
03:14:03.0234 3752 RasPppoe - ok
03:14:03.0234 3752 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
03:14:03.0234 3752 Raspti - ok
03:14:03.0250 3752 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
03:14:03.0250 3752 Rdbss - ok
03:14:03.0265 3752 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
03:14:03.0265 3752 RDPCDD - ok
03:14:03.0296 3752 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
03:14:03.0312 3752 rdpdr - ok
03:14:03.0343 3752 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
03:14:03.0343 3752 RDPWD - ok
03:14:03.0359 3752 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
03:14:03.0359 3752 redbook - ok
03:14:03.0375 3752 rootrepeal - ok
03:14:03.0421 3752 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
03:14:03.0421 3752 Secdrv - ok
03:14:03.0437 3752 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
03:14:03.0437 3752 serenum - ok
03:14:03.0453 3752 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
03:14:03.0453 3752 Serial - ok
03:14:03.0468 3752 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
03:14:03.0468 3752 Sfloppy - ok
03:14:03.0484 3752 Simbad - ok
03:14:03.0500 3752 Sparrow - ok
03:14:03.0515 3752 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
03:14:03.0531 3752 splitter - ok
03:14:03.0546 3752 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
03:14:03.0546 3752 sr - ok
03:14:03.0578 3752 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
03:14:03.0578 3752 Srv - ok
03:14:03.0578 3752 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
03:14:03.0593 3752 swenum - ok
03:14:03.0593 3752 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
03:14:03.0593 3752 swmidi - ok
03:14:03.0609 3752 symc810 - ok
03:14:03.0609 3752 symc8xx - ok
03:14:03.0625 3752 sym_hi - ok
03:14:03.0625 3752 sym_u3 - ok
03:14:03.0671 3752 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
03:14:03.0671 3752 sysaudio - ok
03:14:03.0718 3752 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
03:14:03.0718 3752 Tcpip - ok
03:14:03.0750 3752 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
03:14:03.0750 3752 TDPIPE - ok
03:14:03.0765 3752 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
03:14:03.0765 3752 TDTCP - ok
03:14:03.0812 3752 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
03:14:03.0812 3752 TermDD - ok
03:14:03.0843 3752 tifsfilter (cf115b0e370d3f8fb270681274fdbb6a) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
03:14:03.0843 3752 tifsfilter - ok
03:14:03.0875 3752 timounter (8047d569c1fc863bf70dd495c3390f79) C:\WINDOWS\system32\DRIVERS\timntr.sys
03:14:03.0875 3752 timounter - ok
03:14:03.0875 3752 TosIde - ok
03:14:03.0921 3752 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
03:14:03.0921 3752 Udfs - ok
03:14:03.0921 3752 ultra - ok
03:14:04.0000 3752 UnlockerDriver5 (b2af2ba8a3205a8458b61f638fb431dd) C:\Program Files\Unlocker\UnlockerDriver5.sys
03:14:04.0000 3752 UnlockerDriver5 - ok
03:14:04.0046 3752 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
03:14:04.0046 3752 Update - ok
03:14:04.0078 3752 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
03:14:04.0078 3752 USBAAPL - ok
03:14:04.0125 3752 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
03:14:04.0125 3752 usbccgp - ok
03:14:04.0156 3752 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
03:14:04.0156 3752 usbehci - ok
03:14:04.0171 3752 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
03:14:04.0171 3752 usbhub - ok
03:14:04.0203 3752 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
03:14:04.0203 3752 usbprint - ok
03:14:04.0250 3752 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
03:14:04.0250 3752 usbscan - ok
03:14:04.0281 3752 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
03:14:04.0281 3752 USBSTOR - ok
03:14:04.0312 3752 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
03:14:04.0312 3752 usbuhci - ok
03:14:04.0343 3752 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
03:14:04.0343 3752 VgaSave - ok
03:14:04.0343 3752 ViaIde - ok
03:14:04.0359 3752 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
03:14:04.0359 3752 VolSnap - ok
03:14:04.0375 3752 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
03:14:04.0375 3752 Wanarp - ok
03:14:04.0437 3752 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
03:14:04.0437 3752 Wdf01000 - ok
03:14:04.0437 3752 WDICA - ok
03:14:04.0453 3752 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
03:14:04.0453 3752 wdmaud - ok
03:14:04.0500 3752 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
03:14:04.0500 3752 WinUSB - ok
03:14:04.0562 3752 WN111v2 (966860e5ea3591aa471ec9ced49dc8d2) C:\WINDOWS\system32\DRIVERS\WN111v2.sys
03:14:04.0562 3752 WN111v2 - ok
03:14:04.0593 3752 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
03:14:04.0609 3752 WSIMD - ok
03:14:04.0625 3752 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
03:14:04.0625 3752 WudfPf - ok
03:14:04.0640 3752 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
03:14:04.0640 3752 WudfRd - ok
03:14:04.0703 3752 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
03:14:04.0703 3752 zumbus - ok
03:14:04.0734 3752 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
03:14:04.0875 3752 \Device\Harddisk0\DR0 - ok
03:14:04.0875 3752 Boot (0x1200) (0b9bb5f63de410d211f59e0053c51180) \Device\Harddisk0\DR0\Partition0
03:14:04.0875 3752 \Device\Harddisk0\DR0\Partition0 - ok
03:14:04.0875 3752 ============================================================
03:14:04.0875 3752 Scan finished
03:14:04.0875 3752 ============================================================
03:14:04.0890 0452 Detected object count: 2
03:14:04.0890 0452 Actual detected object count: 2
03:14:23.0468 0452 ati2mtag ( ForgedFile.Multi.Generic ) - skipped by user
03:14:23.0468 0452 ati2mtag ( ForgedFile.Multi.Generic ) - User select action: Skip
03:14:23.0468 0452 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - skipped by user
03:14:23.0468 0452 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - User select action: Skip
03:14:57.0031 2448 ============================================================
03:14:57.0031 2448 Scan started
03:14:57.0031 2448 Mode: Manual; SigCheck; TDLFS;
03:14:57.0031 2448 ============================================================
03:14:57.0296 2448 Abiosdsk - ok
03:14:57.0312 2448 abp480n5 - ok
03:14:57.0359 2448 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
03:14:58.0515 2448 ACPI - ok
03:14:58.0656 2448 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
03:14:58.0984 2448 ACPIEC - ok
03:14:59.0093 2448 adpu160m - ok
03:14:59.0187 2448 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
03:14:59.0390 2448 aec - ok
03:14:59.0625 2448 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
03:14:59.0718 2448 AFD - ok
03:14:59.0968 2448 Aha154x - ok
03:14:59.0984 2448 aic78u2 - ok
03:15:00.0109 2448 aic78xx - ok
03:15:00.0234 2448 AliIde - ok
03:15:00.0296 2448 amsint - ok
03:15:00.0343 2448 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
03:15:00.0453 2448 Arp1394 - ok
03:15:00.0515 2448 asc - ok
03:15:00.0562 2448 asc3350p - ok
03:15:00.0578 2448 asc3550 - ok
03:15:00.0609 2448 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
03:15:00.0843 2448 AsyncMac - ok
03:15:00.0937 2448 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
03:15:01.0062 2448 atapi - ok
03:15:01.0187 2448 Atdisk - ok
03:15:01.0453 2448 ati2mtag (05e3f2c18b991eca35f08ba4b2854191) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
03:15:01.0468 2448 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ati2mtag.sys. Real md5: 05e3f2c18b991eca35f08ba4b2854191, Fake md5: 15b2fe76e2eceb98c49ed52311a6f26f
03:15:01.0484 2448 ati2mtag ( ForgedFile.Multi.Generic ) - warning
03:15:01.0484 2448 ati2mtag - detected ForgedFile.Multi.Generic (1)
03:15:01.0671 2448 AtiHdmiService (d9bc8892b9440a2551b8148c57aa039e) C:\WINDOWS\system32\drivers\AtiHdmi.sys
03:15:01.0781 2448 AtiHdmiService - ok
03:15:01.0906 2448 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
03:15:01.0953 2448 atksgt - ok
03:15:02.0046 2448 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
03:15:02.0328 2448 Atmarpc - ok
03:15:02.0609 2448 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
03:15:02.0875 2448 audstub - ok
03:15:02.0984 2448 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
03:15:03.0140 2448 Beep - ok
03:15:03.0203 2448 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
03:15:03.0437 2448 cbidf2k - ok
03:15:03.0531 2448 cd20xrnt - ok
03:15:03.0546 2448 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
03:15:03.0656 2448 Cdaudio - ok
03:15:03.0765 2448 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
03:15:04.0328 2448 Cdfs - ok
03:15:04.0562 2448 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
03:15:04.0625 2448 Cdrom - ok
03:15:04.0703 2448 Changer - ok
03:15:04.0812 2448 CmdIde - ok
03:15:04.0906 2448 Cpqarray - ok
03:15:05.0078 2448 dac2w2k - ok
03:15:05.0125 2448 dac960nt - ok
03:15:05.0156 2448 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
03:15:05.0265 2448 Disk - ok
03:15:05.0406 2448 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
03:15:05.0656 2448 dmboot - ok
03:15:05.0734 2448 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
03:15:05.0875 2448 dmio - ok
03:15:06.0000 2448 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
03:15:06.0140 2448 dmload - ok
03:15:06.0328 2448 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
03:15:06.0562 2448 DMusic - ok
03:15:06.0703 2448 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
03:15:06.0765 2448 DNINDIS5 ( UnsignedFile.Multi.Generic ) - warning
03:15:06.0765 2448 DNINDIS5 - detected UnsignedFile.Multi.Generic (1)
03:15:06.0796 2448 dpti2o - ok
03:15:06.0843 2448 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
03:15:07.0093 2448 drmkaud - ok
03:15:07.0562 2448 e1yexpress (aee21a637ede5bd4f89cd90883149104) C:\WINDOWS\system32\DRIVERS\e1y5132.sys
03:15:07.0593 2448 e1yexpress - ok
03:15:07.0718 2448 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
03:15:07.0859 2448 Fastfat - ok
03:15:08.0218 2448 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
03:15:08.0671 2448 Fdc - ok
03:15:08.0796 2448 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
03:15:08.0937 2448 Fips - ok
03:15:09.0000 2448 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
03:15:09.0375 2448 Flpydisk - ok
03:15:09.0578 2448 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
03:15:09.0843 2448 FltMgr - ok
03:15:09.0968 2448 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
03:15:10.0109 2448 Fs_Rec - ok
03:15:10.0312 2448 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
03:15:10.0484 2448 Ftdisk - ok
03:15:10.0640 2448 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
03:15:10.0671 2448 GEARAspiWDM - ok
03:15:10.0890 2448 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
03:15:11.0015 2448 Gpc - ok
03:15:11.0281 2448 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
03:15:11.0453 2448 HDAudBus - ok
03:15:11.0578 2448 HECI (e4a123ad734a3731d29ebd3a01b3e535) C:\WINDOWS\system32\DRIVERS\HECI.sys
03:15:11.0765 2448 HECI - ok
03:15:11.0921 2448 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
03:15:12.0203 2448 HidUsb - ok
03:15:12.0328 2448 hpn - ok
03:15:12.0515 2448 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
03:15:12.0906 2448 HTTP - ok
03:15:12.0984 2448 i2omgmt - ok
03:15:13.0062 2448 i2omp - ok
03:15:13.0140 2448 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sy@
03:15:13.0312 2448 i8042prt - ok
03:15:13.0687 2448 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
03:15:13.0828 2448 Imapi - ok
03:15:13.0921 2448 ImmunetProtectDriver (0452cbd785659bb9e86b6c849bc292f9) C:\WINDOWS\system32\DRIVERS\ImmunetProtect.sys
03:15:13.0953 2448 ImmunetProtectDriver - ok
03:15:14.0015 2448 ImmunetSelfProtectDriver (426737322b000e3d9d7fb5b13f443b27) C:\WINDOWS\system32\DRIVERS\ImmunetSelfProtect.sys
03:15:14.0078 2448 ImmunetSelfProtectDriver - ok
03:15:14.0187 2448 ini910u - ok
03:15:14.0343 2448 IntcAzAudAddService (fc54a68349d29eeec8f373aea9819667) C:\WINDOWS\system32\drivers\RtkHDAud.sys
03:15:14.0375 2448 Suspicious file (Forged): C:\WINDOWS\system32\drivers\RtkHDAud.sys. Real md5: fc54a68349d29eeec8f373aea9819667, Fake md5: 19afbb8427ce65042599555e578170df
03:15:14.0390 2448 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - warning
03:15:14.0390 2448 IntcAzAudAddService - detected ForgedFile.Multi.Generic (1)
03:15:14.0484 2448 IntelIde - ok
03:15:14.0531 2448 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
03:15:14.0750 2448 intelppm - ok
03:15:14.0843 2448 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
03:15:14.0984 2448 Ip6Fw - ok
03:15:15.0171 2448 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
03:15:15.0296 2448 IpFilterDriver - ok
03:15:15.0375 2448 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
03:15:15.0859 2448 IpInIp - ok
03:15:15.0937 2448 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
03:15:16.0156 2448 IpNat - ok
03:15:16.0312 2448 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
03:15:16.0437 2448 IPSec - ok
03:15:16.0593 2448 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
03:15:16.0750 2448 IRENUM - ok
03:15:16.0765 2448 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
03:15:16.0984 2448 isapnp - ok
03:15:17.0093 2448 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
03:15:17.0296 2448 JSWSCIMD - ok
03:15:17.0468 2448 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
03:15:17.0828 2448 Kbdclass - ok
03:15:17.0953 2448 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
03:15:18.0046 2448 kbdhid - ok
03:15:18.0218 2448 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
03:15:18.0375 2448 kmixer - ok
03:15:18.0578 2448 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
03:15:18.0703 2448 KSecDD - ok
03:15:18.0781 2448 lbrtfdc - ok
03:15:18.0968 2448 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
03:15:19.0203 2448 lirsgt - ok
03:15:19.0265 2448 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
03:15:19.0296 2448 MBAMProtector - ok
03:15:19.0359 2448 mfeapfk (11115e2281dd9b885b038abb11dd8a75) C:\WINDOWS\system32\drivers\mfeapfk.sys
03:15:19.0484 2448 mfeapfk - ok
03:15:19.0703 2448 mfeavfk (a14941aea876c395214f918b011a1371) C:\WINDOWS\system32\drivers\mfeavfk.sys
03:15:20.0015 2448 mfeavfk - ok
03:15:20.0062 2448 mfebopk (59b8443b78c46d2ac4767938e778f043) C:\WINDOWS\system32\drivers\mfebopk.sys
03:15:20.0093 2448 mfebopk - ok
03:15:20.0140 2448 mfehidk (116689b95a37efca0acc2ac421795e60) C:\WINDOWS\system32\drivers\mfehidk.sys
03:15:20.0515 2448 mfehidk - ok
03:15:20.0609 2448 mferkdk (6e1e4bb2866260f2949a3b7a0759e3c6) C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
03:15:20.0640 2448 mferkdk - ok
03:15:20.0718 2448 mfetdik (8468969c92d1dd1fa872cc6c936e4d60) C:\WINDOWS\system32\drivers\mfetdik.sys
03:15:20.0750 2448 mfetdik - ok
03:15:20.0921 2448 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
03:15:21.0390 2448 Modem - ok
03:15:21.0546 2448 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
03:15:21.0765 2448 Mouclass - ok
03:15:21.0859 2448 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
03:15:22.0125 2448 mouhid - ok
03:15:22.0187 2448 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
03:15:22.0328 2448 MountMgr - ok
03:15:22.0437 2448 mraid35x - ok
03:15:22.0546 2448 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
03:15:22.0843 2448 MRxDAV - ok
03:15:22.0984 2448 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
03:15:23.0031 2448 MRxSmb - ok
03:15:23.0156 2448 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
03:15:23.0343 2448 Msfs - ok
03:15:23.0734 2448 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
03:15:23.0968 2448 MSKSSRV - ok
03:15:24.0062 2448 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
03:15:24.0265 2448 MSPCLOCK - ok
03:15:24.0687 2448 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
03:15:24.0828 2448 MSPQM - ok
03:15:24.0953 2448 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
03:15:25.0250 2448 mssmbios - ok
03:15:25.0328 2448 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
03:15:25.0453 2448 Mup - ok
03:15:25.0578 2448 NAL (a467e1deb3bb2b57426c8a5993ba933e) C:\WINDOWS\system32\Drivers\iqvw32.sys
03:15:25.0625 2448 NAL - ok
03:15:25.0921 2448 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
03:15:26.0234 2448 NDIS - ok
03:15:26.0546 2448 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
03:15:26.0750 2448 NdisTapi - ok
03:15:27.0000 2448 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
03:15:27.0140 2448 Ndisuio - ok
03:15:27.0343 2448 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
03:15:27.0515 2448 NdisWan - ok
03:15:27.0687 2448 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
03:15:28.0062 2448 NDProxy - ok
03:15:28.0250 2448 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
03:15:28.0390 2448 NetBIOS - ok
03:15:28.0609 2448 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
03:15:28.0875 2448 NetBT - ok
03:15:28.0984 2448 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
03:15:29.0125 2448 NIC1394 - ok
03:15:29.0234 2448 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
03:15:29.0593 2448 Npfs - ok
03:15:29.0703 2448 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
03:15:29.0890 2448 Ntfs - ok
03:15:30.0125 2448 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
03:15:30.0250 2448 Null - ok
03:15:30.0343 2448 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
03:15:30.0484 2448 NwlnkFlt - ok
03:15:30.0593 2448 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
03:15:30.0734 2448 NwlnkFwd - ok
03:15:30.0906 2448 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
03:15:31.0078 2448 ohci1394 - ok
03:15:31.0171 2448 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
03:15:31.0312 2448 Parport - ok
03:15:31.0468 2448 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
03:15:31.0734 2448 PartMgr - ok
03:15:31.0828 2448 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
03:15:32.0078 2448 ParVdm - ok
03:15:32.0156 2448 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
03:15:32.0390 2448 PCI - ok
03:15:32.0484 2448 PCIDump - ok
03:15:32.0546 2448 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
03:15:32.0718 2448 PCIIde - ok
03:15:32.0828 2448 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
03:15:33.0031 2448 Pcmcia - ok
03:15:33.0093 2448 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\WINDOWS\system32\drivers\PCTCore.sys
03:15:33.0125 2448 PCTCore - ok
03:15:33.0281 2448 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
03:15:33.0343 2448 pctDS - ok
03:15:33.0953 2448 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys
03:15:34.0062 2448 pctEFA - ok
03:15:34.0203 2448 PDCOMP - ok
03:15:34.0296 2448 PDFRAME - ok
03:15:34.0390 2448 PDRELI - ok
03:15:34.0468 2448 PDRFRAME - ok
03:15:34.0500 2448 perc2 - ok
03:15:34.0515 2448 perc2hib - ok
03:15:34.0578 2448 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
03:15:34.0734 2448 PptpMiniport - ok
03:15:34.0843 2448 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
03:15:35.0015 2448 PSched - ok
03:15:35.0187 2448 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
03:15:35.0328 2448 Ptilink - ok
03:15:35.0500 2448 ql1080 - ok
03:15:35.0640 2448 Ql10wnt - ok
03:15:35.0703 2448 ql12160 - ok
03:15:35.0875 2448 ql1240 - ok
03:15:35.0921 2448 ql1280 - ok
03:15:35.0968 2448 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
03:15:36.0062 2448 RasAcd - ok
03:15:36.0187 2448 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
03:15:36.0296 2448 Rasl2tp - ok
03:15:36.0468 2448 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
03:15:36.0593 2448 RasPppoe - ok
03:15:36.0671 2448 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
03:15:36.0812 2448 Raspti - ok
03:15:36.0890 2448 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
03:15:37.0234 2448 Rdbss - ok
03:15:37.0390 2448 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
03:15:37.0609 2448 RDPCDD - ok
03:15:37.0796 2448 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
03:15:38.0046 2448 rdpdr - ok
03:15:38.0140 2448 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
03:15:38.0250 2448 RDPWD - ok
03:15:38.0375 2448 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
03:15:38.0500 2448 redbook - ok
03:15:38.0609 2448 rootrepeal - ok
03:15:38.0859 2448 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
03:15:39.0296 2448 Secdrv - ok
03:15:39.0375 2448 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
03:15:39.0515 2448 serenum - ok
03:15:39.0625 2448 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
03:15:39.0953 2448 Serial - ok
03:15:40.0093 2448 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
03:15:40.0234 2448 Sfloppy - ok
03:15:40.0328 2448 Simbad - ok
03:15:40.0640 2448 Sparrow - ok
03:15:40.0812 2448 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
03:15:40.0953 2448 splitter - ok
03:15:41.0031 2448 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
03:15:41.0203 2448 sr - ok
03:15:41.0343 2448 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
03:15:41.0406 2448 Srv - ok
03:15:41.0578 2448 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
03:15:41.0765 2448 swenum - ok
03:15:41.0968 2448 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
03:15:42.0093 2448 swmidi - ok
03:15:42.0156 2448 symc810 - ok
03:15:42.0203 2448 symc8xx - ok
03:15:42.0359 2448 sym_hi - ok
03:15:42.0593 2448 sym_u3 - ok
03:15:42.0640 2448 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
03:15:42.0765 2448 sysaudio - ok
03:15:42.0890 2448 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
03:15:43.0125 2448 Tcpip - ok
03:15:43.0218 2448 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
03:15:43.0359 2448 TDPIPE - ok
03:15:43.0609 2448 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
03:15:43.0718 2448 TDTCP - ok
03:15:43.0796 2448 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
03:15:44.0406 2448 TermDD - ok
03:15:44.0515 2448 tifsfilter (cf115b0e370d3f8fb270681274fdbb6a) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
03:15:44.0546 2448 tifsfilter - ok
03:15:44.0703 2448 timounter (8047d569c1fc863bf70dd495c3390f79) C:\WINDOWS\system32\DRIVERS\timntr.sys
03:15:44.0796 2448 timounter - ok
03:15:44.0937 2448 TosIde - ok
03:15:45.0046 2448 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
03:15:45.0203 2448 Udfs - ok
03:15:45.0265 2448 ultra - ok
03:15:45.0406 2448 UnlockerDriver5 (b2af2ba8a3205a8458b61f638fb431dd) C:\Program Files\Unlocker\UnlockerDriver5.sys
03:15:45.0484 2448 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
03:15:45.0484 2448 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
03:15:45.0718 2448 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
03:15:46.0187 2448 Update - ok
03:15:46.0406 2448 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
03:15:46.0750 2448 USBAAPL - ok
03:15:46.0937 2448 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
03:15:47.0093 2448 usbccgp - ok
03:15:47.0296 2448 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
03:15:47.0437 2448 usbehci - ok
03:15:47.0562 2448 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
03:15:47.0921 2448 usbhub - ok
03:15:47.0968 2448 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
03:15:48.0109 2448 usbprint - ok
03:15:48.0250 2448 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
03:15:48.0546 2448 usbscan - ok
03:15:48.0671 2448 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
03:15:48.0828 2448 USBSTOR - ok
03:15:48.0906 2448 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
03:15:49.0343 2448 usbuhci - ok
03:15:49.0593 2448 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
03:15:49.0718 2448 VgaSave - ok
03:15:49.0796 2448 ViaIde - ok
03:15:49.0828 2448 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
03:15:49.0953 2448 VolSnap - ok
03:15:50.0125 2448 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
03:15:50.0328 2448 Wanarp - ok
03:15:50.0515 2448 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
03:15:50.0671 2448 Wdf01000 - ok
03:15:50.0734 2448 WDICA - ok
03:15:50.0890 2448 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
03:15:51.0078 2448 wdmaud - ok
03:15:51.0203 2448 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
03:15:51.0234 2448 WinUSB - ok
03:15:51.0421 2448 WN111v2 (966860e5ea3591aa471ec9ced49dc8d2) C:\WINDOWS\system32\DRIVERS\WN111v2.sys
03:15:51.0718 2448 WN111v2 - ok
03:15:52.0031 2448 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
03:15:52.0359 2448 WSIMD ( UnsignedFile.Multi.Generic ) - warning
03:15:52.0359 2448 WSIMD - detected UnsignedFile.Multi.Generic (1)
03:15:52.0546 2448 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
03:15:52.0843 2448 WudfPf - ok
03:15:52.0953 2448 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
03:15:53.0015 2448 WudfRd - ok
03:15:53.0265 2448 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
03:15:53.0750 2448 zumbus - ok
03:15:53.0781 2448 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
03:15:54.0234 2448 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
03:15:54.0234 2448 \Device\Harddisk0\DR0 - detected TDSS File System (1)
03:15:54.0234 2448 Boot (0x1200) (0b9bb5f63de410d211f59e0053c51180) \Device\Harddisk0\DR0\Partition0
03:15:54.0234 2448 \Device\Harddisk0\DR0\Partition0 - ok
03:15:54.0234 2448 ============================================================
03:15:54.0234 2448 Scan finished
03:15:54.0234 2448 ============================================================
03:15:54.0343 3060 Detected object count: 6
03:15:54.0343 3060 Actual detected object count: 6
03:16:05.0562 3060 ati2mtag ( ForgedFile.Multi.Generic ) - skipped by user
03:16:05.0578 3060 ati2mtag ( ForgedFile.Multi.Generic ) - User select action: Skip
03:16:05.0578 3060 DNINDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
03:16:05.0578 3060 DNINDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:16:05.0578 3060 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - skipped by user
03:16:05.0578 3060 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - User select action: Skip
03:16:05.0578 3060 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
03:16:05.0578 3060 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:16:05.0578 3060 WSIMD ( UnsignedFile.Multi.Generic ) - skipped by user
03:16:05.0578 3060 WSIMD ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:16:05.0578 3060 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
03:16:05.0578 3060 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
03:18:13.0484 2188 Deinitialize success


aswMBR log:

aswMBR version 0.9.9.1509 Copyright© 2011 AVAST Software
Run date: 2012-01-24 03:18:58
-----------------------------
03:18:58.578 OS Version: Windows 5.1.2600 Service Pack 3
03:18:58.578 Number of processors: 2 586 0x170A
03:18:58.578 ComputerName: A UserName:
03:18:59.687 Initialize success
03:21:11.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
03:21:11.156 Disk 0 Vendor: ST3500410AS CC34 Size: 476940MB BusType: 3
03:21:11.203 Disk 0 MBR read successfully
03:21:11.203 Disk 0 MBR scan
03:21:11.203 Disk 0 Windows XP default MBR code
03:21:11.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
03:21:11.250 Disk 0 scanning sectors +976752000
03:21:11.359 Disk 0 scanning C:\WINDOWS\system32\drivers
03:21:30.500 Service scanning
03:21:31.546 Modules scanning
03:21:52.765 Disk 0 trace - called modules:
03:21:52.796 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys atapi.sys hal.dll pciide.sys
03:21:52.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa82ab8]
03:21:52.796 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> [0x8aa33d58]
03:21:52.796 5 PCTCore.sys[b9ead099] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x8aa3db00]
03:21:52.796 Scan finished successfully
03:22:32.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Brett\Desktop\MBR.dat"
03:22:32.968 The log file has been saved successfully to "C:\Documents and Settings\Brett\Desktop\aswMBR.txt"


FSS log:

Farbar Service Scanner Version: 18-01-2012 01
Ran by Brett (administrator) on 24-01-2012 at 03:41:34
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) JSWSCIMD(10) mfetdik(8) NetBT(5) PSched(7) Tcpip(3) WSIMD(9)
0x0A0000000400000001000000020000000300000008000000050000000600000007000000090000000A000000
IpSec Tag value is correct.

**** End of log ****



OTL.txt log:


OTL logfile created on: 1/24/2012 3:41:55 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Brett\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 76.95% Memory free
4.84 Gb Paging File | 4.08 Gb Available in Paging File | 84.31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 327.08 Gb Free Space | 70.23% Space Free | Partition Type: NTFS

Computer Name: A | User Name: Brett | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/24 03:26:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brett\My Documents\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/02/27 20:54:22 | 002,615,624 | ---- | M] (Immunet) -- C:\Program Files\Immunet Protect\2.0.17\iptray.exe
PRC - [2011/02/27 20:54:21 | 000,756,680 | ---- | M] (Immunet Corporation) -- C:\Program Files\Immunet Protect\2.0.17\agent.exe
PRC - [2010/11/03 19:11:24 | 002,388,264 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2009/06/08 19:50:00 | 000,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/03/04 09:46:24 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2004/02/18 11:55:28 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/04 07:06:43 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3c272cad7afb127e2a2bdb8a5a808512\System.Runtime.Remoting.ni.dll
MOD - [2012/01/04 07:06:42 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
MOD - [2011/10/13 06:28:28 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/13 06:28:01 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/13 06:11:39 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 06:11:34 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/13 06:11:23 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/13 06:09:07 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 06:08:34 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/02/27 20:54:29 | 000,031,560 | ---- | M] () -- C:\Program Files\Immunet Protect\2.0.17\dti.dll
MOD - [2011/02/27 20:54:26 | 000,331,592 | ---- | M] () -- C:\Program Files\Immunet Protect\2.0.17\dhr.dll
MOD - [2011/02/27 20:54:26 | 000,300,872 | ---- | M] () -- C:\Program Files\Immunet Protect\2.0.17\dsp.dll
MOD - [2011/02/27 20:54:25 | 000,102,216 | ---- | M] () -- C:\Program Files\Immunet Protect\2.0.17\drs.dll
MOD - [2011/02/27 20:54:25 | 000,055,624 | ---- | M] () -- C:\Program Files\Immunet Protect\2.0.17\det.dll
MOD - [2011/02/27 20:54:24 | 000,281,416 | ---- | M] () -- C:\Program Files\Immunet Protect\2.0.17\dsl.dll
MOD - [2011/02/27 20:54:23 | 000,265,544 | ---- | M] () -- C:\Program Files\Immunet Protect\2.0.17\dqr.dll
MOD - [2011/02/27 20:54:23 | 000,029,000 | ---- | M] () -- C:\Program Files\Immunet Protect\2.0.17\dut.dll
MOD - [2011/02/27 20:54:23 | 000,021,832 | ---- | M] () -- C:\Program Files\Immunet Protect\2.0.17\dxm.dll
MOD - [2011/02/27 20:54:22 | 000,183,624 | ---- | M] () -- C:\Program Files\Immunet Protect\2.0.17\dcf.dll
MOD - [2010/11/03 16:52:00 | 000,324,896 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libtidy.dll
MOD - [2010/03/15 15:57:00 | 001,241,376 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/07/19 02:52:58 | 001,691,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3257.27012__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009/07/19 02:52:58 | 000,692,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3257.27061__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2009/07/19 02:52:58 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3257.27076__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2009/07/19 02:52:58 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3257.27115__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.dll
MOD - [2009/07/19 02:52:58 | 000,278,528 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3257.26996__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:58 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009/07/19 02:52:58 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3257.27071__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:58 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3257.27050__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:58 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009/07/19 02:52:58 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3257.27037__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3257.27003__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:58 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2009/07/19 02:52:58 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2009/07/19 02:52:58 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3257.27112__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2009/07/19 02:52:58 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2009/07/19 02:52:57 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3257.27039__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:57 | 000,671,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3257.27107__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:57 | 000,466,944 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3257.27092__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009/07/19 02:52:57 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3257.27065__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009/07/19 02:52:57 | 000,344,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3257.27056__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:57 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3257.27093__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:57 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3257.27012__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3257.27056__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009/07/19 02:52:57 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3257.27106__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:57 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3257.27003__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:57 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3257.27055__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:57 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3257.27012__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:56 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3257.27072__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:56 | 000,716,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3257.27004__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:56 | 000,675,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3257.27051__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:56 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3257.27014__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:56 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3257.27033__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:56 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:56 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:56 | 000,122,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3257.27048__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:56 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:56 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3257.27037__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:56 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3257.27017__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:56 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:56 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3257.27047__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:56 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3257.27049__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:56 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009/07/19 02:52:56 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009/07/19 02:52:56 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009/07/19 02:52:56 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009/07/19 02:52:56 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3218.28685__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009/07/19 02:52:56 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009/07/19 02:52:56 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009/07/19 02:52:55 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009/07/19 02:52:55 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009/07/19 02:52:55 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3218.28705__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2009/07/19 02:52:55 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009/07/19 02:52:55 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009/07/19 02:52:55 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009/07/19 02:52:55 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009/07/19 02:52:55 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009/07/19 02:52:55 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009/07/19 02:52:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009/07/19 02:52:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2009/07/19 02:52:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009/07/19 02:52:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009/07/19 02:52:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009/07/19 02:52:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2009/07/19 02:52:55 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009/07/19 02:52:55 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll
MOD - [2009/07/19 02:52:55 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009/07/19 02:52:55 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009/07/19 02:52:55 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009/07/19 02:52:55 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009/07/19 02:52:55 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009/07/19 02:52:55 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3257.27101__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009/07/19 02:52:54 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3218.28685__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3218.28686__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009/07/19 02:52:54 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2009/07/19 02:52:54 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2009/07/19 02:52:54 | 000,011,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3257.27109__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2009/07/19 02:52:54 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009/07/19 02:52:53 | 001,073,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3257.27000__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009/07/19 02:52:53 | 000,532,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3257.27080__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009/07/19 02:52:53 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009/07/19 02:52:53 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3257.27085__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009/07/19 02:52:53 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3257.26994__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009/07/19 02:52:53 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009/07/19 02:52:53 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3257.27084__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009/07/19 02:52:53 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3257.26992__90ba9c70f846762e\APM.Server.dll
MOD - [2009/07/19 02:52:53 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3257.26995__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009/07/19 02:52:53 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009/07/19 02:52:53 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3257.26993__90ba9c70f846762e\AEM.Server.dll
MOD - [2009/07/19 02:52:53 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009/07/19 02:52:53 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009/07/19 02:52:53 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009/07/19 02:52:53 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009/07/19 02:52:53 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3257.27085__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/07/19 02:52:53 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009/07/19 02:52:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009/07/19 02:52:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009/07/19 02:52:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3218.28695__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009/07/19 02:52:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008/10/30 13:39:12 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2006/01/16 08:06:16 | 000,557,056 | ---- | M] () -- C:\Program Files\Kristanix\Right Click Image Converter\extRCIC.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (AcrSch2Svc)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/02/27 20:54:29 | 000,326,224 | ---- | M] (Immunet) [On_Demand | Stopped] -- C:\Program Files\Immunet Protect\tetra\scan.dll -- (scan)
SRV - [2011/02/27 20:54:21 | 000,756,680 | ---- | M] (Immunet Corporation) [Auto | Running] -- C:\Program Files\Immunet Protect\2.0.17\agent.exe -- (ImmunetProtect)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/11/11 13:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 13:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 13:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/11/11 13:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/06/08 19:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2009/06/08 19:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2008/06/27 15:24:34 | 000,467,028 | ---- | M] (Atheros) [Disabled | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/02/27 10:54:52 | 000,360,547 | ---- | M] (Atheros Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2008/01/29 11:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2006/11/17 12:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/02/27 20:54:31 | 000,041,424 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetProtect.sys -- (ImmunetProtectDriver)
DRV - [2011/02/27 20:54:31 | 000,031,184 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys -- (ImmunetSelfProtectDriver)
DRV - [2010/11/25 10:43:00 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2009/07/25 21:52:12 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/07/25 21:52:11 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/07/19 02:45:54 | 000,442,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/07/19 02:45:54 | 000,043,424 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/06/08 19:50:00 | 000,177,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/06/08 19:50:00 | 000,073,512 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/06/08 19:50:00 | 000,065,000 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/06/08 19:50:00 | 000,052,168 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/06/08 19:50:00 | 000,034,408 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/06/08 19:50:00 | 000,031,848 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2009/01/14 01:23:00 | 000,458,752 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WN111v2.sys -- (WN111v2)
DRV - [2008/12/01 16:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/10/31 12:52:16 | 000,093,184 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/10/01 15:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/07/03 02:55:36 | 000,244,368 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/07/03 02:53:44 | 000,040,832 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/07/03 02:53:33 | 004,800,000 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/14 06:00:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sy@ -- (i8042prt)
DRV - [2008/02/20 20:19:56 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2007/12/14 03:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2003/07/24 11:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1993962763-1336601894-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-1993962763-1336601894-1801674531-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\S-1-5-21-1993962763-1336601894-1801674531-1004\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-1993962763-1336601894-1801674531-1004\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\InprocServer32 File not found
IE - HKU\S-1-5-21-1993962763-1336601894-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1993962763-1336601894-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search"
FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..keyword.URL: "http://search.bearshare.com/webResults.html?src=ffb&q="
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/19 00:27:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/19 00:28:20 | 000,000,000 | ---D | M]

[2009/08/28 17:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Extensions
[2009/08/28 17:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/06/05 11:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\y2cy3grn.default\extensions
[2009/09/15 21:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\y2cy3grn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/27 16:41:05 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\y2cy3grn.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/10/06 21:05:17 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\y2cy3grn.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2009/09/15 21:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\y2cy3grn.default\extensions\staged-xpis
[2010/06/05 11:15:49 | 000,000,000 | ---D | M] (LimeWire Toolbar) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\y2cy3grn.default\extensions\toolbar@ask.com
[2009/09/27 16:40:40 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\y2cy3grn.default\searchplugins\AIM Search.xml
[2010/03/28 11:08:00 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\y2cy3grn.default\searchplugins\askcom.xml
[2009/07/17 17:02:48 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\y2cy3grn.default\searchplugins\BearShareWebSearch.xml
[2011/02/07 02:27:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/17 17:02:48 | 000,002,476 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml

Hosts file not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll ()
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare\BearShareIEHelper.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll ()
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-1993962763-1336601894-1801674531-1004\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [Immunet Protect] C:\Program Files\Immunet Protect\2.0.17\iptray.exe (Immunet)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-20..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1993962763-1336601894-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1993962763-1336601894-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O9 - Extra Button: Skype add-on - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252376986546 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F8CFEAF-F95E-4349-A725-CDC4C1C1F763}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/18 22:45:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4bee2a70-b2e8-11de-8367-001cc09308fb}\Shell - "" = AutoRun
O33 - MountPoints2\{4bee2a70-b2e8-11de-8367-001cc09308fb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4bee2a70-b2e8-11de-8367-001cc09308fb}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{b597568f-c1f4-11de-8381-001cc09308fb}\Shell - "" = AutoRun
O33 - MountPoints2\{b597568f-c1f4-11de-8381-001cc09308fb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b597568f-c1f4-11de-8381-001cc09308fb}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{be2cd115-1a5a-11e1-8508-9591a4fa8242}\Shell - "" = AutoRun
O33 - MountPoints2\{be2cd115-1a5a-11e1-8508-9591a4fa8242}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{be2cd115-1a5a-11e1-8508-9591a4fa8242}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/24 03:26:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brett\My Documents\OTL.exe
[2012/01/24 03:18:33 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Brett\My Documents\aswMBR.exe
[2012/01/24 03:13:34 | 002,054,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brett\My Documents\tdsskiller.exe
[2012/01/23 22:12:24 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Brett\My Documents\dds-1.scr
[2012/01/23 21:50:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Brett\Start Menu\Programs\Administrative Tools
[2012/01/23 21:49:17 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Brett\My Documents\dds.scr
[2012/01/23 05:19:52 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Brett\My Documents\ATF-Cleaner.exe
[2012/01/22 17:23:19 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brett\My Documents\TFC.exe
[2012/01/21 04:10:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/19 15:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brett\My Documents\tdsskiller
[2012/01/19 13:41:21 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Brett\Desktop\RootRepeal.exe
[2012/01/19 13:16:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brett\Application Data\Malwarebytes
[2012/01/19 13:16:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/19 13:16:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/19 13:16:23 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/19 13:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/19 13:12:36 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brett\My Documents\mbam-setup.exe
[2012/01/19 04:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/01/19 04:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/01/18 21:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/01/18 21:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/01/18 21:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/01/05 12:59:30 | 038,291,312 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Brett\My Documents\SafariSetup.exe
[2012/01/05 12:51:40 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\Documents and Settings\Brett\*.tmp files -> C:\Documents and Settings\Brett\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/24 03:26:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brett\My Documents\OTL.exe
[2012/01/24 03:24:40 | 000,334,429 | ---- | M] () -- C:\Documents and Settings\Brett\My Documents\FSS.exe
[2012/01/24 03:22:32 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Brett\Desktop\MBR.dat
[2012/01/24 03:18:49 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Brett\My Documents\aswMBR.exe
[2012/01/24 03:13:46 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brett\My Documents\tdsskiller.exe
[2012/01/24 03:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/01/24 03:00:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/23 23:39:33 | 000,009,466 | ---- | M] () -- C:\Documents and Settings\Brett\My Documents\flashPollResultsState.html
[2012/01/23 22:12:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Brett\My Documents\dds-1.scr
[2012/01/23 21:58:24 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Brett\My Documents\l5zsdjnq.exe
[2012/01/23 21:49:21 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Brett\My Documents\dds.scr
[2012/01/23 16:23:16 | 000,396,263 | ---- | M] () -- C:\Documents and Settings\Brett\My Documents\MiniToolBox.exe
[2012/01/23 16:21:42 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012/01/23 16:21:40 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/23 16:21:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/23 16:21:16 | 000,069,112 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012/01/23 11:04:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/01/23 05:19:54 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Brett\My Documents\ATF-Cleaner.exe
[2012/01/22 17:26:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/22 17:23:22 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brett\My Documents\TFC.exe
[2012/01/19 15:47:32 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Brett\Desktop\y8uh29ds.exe
[2012/01/19 15:43:01 | 002,035,725 | ---- | M] () -- C:\Documents and Settings\Brett\My Documents\tdsskiller.zip
[2012/01/19 13:41:26 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Brett\Desktop\RootRepeal.exe
[2012/01/19 13:18:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/19 13:13:25 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brett\My Documents\mbam-setup.exe
[2012/01/19 05:02:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/19 03:57:07 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2012/01/17 07:43:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/11 07:04:27 | 000,651,750 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/11 07:04:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/05 13:06:23 | 038,291,312 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Brett\My Documents\SafariSetup.exe
[2012/01/05 12:51:40 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/01/04 07:03:01 | 000,444,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/04 07:03:01 | 000,072,544 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\Documents and Settings\Brett\*.tmp files -> C:\Documents and Settings\Brett\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/24 03:24:38 | 000,334,429 | ---- | C] () -- C:\Documents and Settings\Brett\My Documents\FSS.exe
[2012/01/24 03:22:32 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Brett\Desktop\MBR.dat
[2012/01/23 23:39:29 | 000,009,466 | ---- | C] () -- C:\Documents and Settings\Brett\My Documents\flashPollResultsState.html
[2012/01/23 21:58:22 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Brett\My Documents\l5zsdjnq.exe
[2012/01/23 16:23:13 | 000,396,263 | ---- | C] () -- C:\Documents and Settings\Brett\My Documents\MiniToolBox.exe
[2012/01/19 15:47:16 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Brett\Desktop\y8uh29ds.exe
[2012/01/19 15:42:48 | 002,035,725 | ---- | C] () -- C:\Documents and Settings\Brett\My Documents\tdsskiller.zip
[2012/01/19 13:18:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/05/07 11:33:19 | 000,001,078 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cfg
[2011/04/30 13:45:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/30 12:46:20 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2011/01/23 21:40:55 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Brett\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/13 07:02:45 | 000,000,195 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/30 12:32:05 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/19 21:24:06 | 000,077,575 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2009/09/17 18:24:25 | 000,027,056 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/14 16:47:32 | 000,010,563 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2009/08/26 12:58:24 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/08/26 12:40:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/25 21:52:12 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/07/25 21:52:11 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/07/19 02:54:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/07/19 02:50:57 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/07/19 02:50:10 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/07/19 02:50:04 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/07/19 02:50:03 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/07/19 02:50:03 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/07/19 02:50:03 | 000,180,720 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/07/19 02:34:58 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/07/18 22:51:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/18 22:43:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/18 22:39:53 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\CabTool.exe
[2009/07/18 17:33:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/18 17:31:20 | 000,144,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/21 11:40:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/10/21 11:40:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/06/27 15:18:04 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2008/06/19 14:39:47 | 000,008,636 | ---- | C] () -- C:\WINDOWS\modifyPE.exe
[2008/06/19 14:39:45 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2008/06/19 14:39:45 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\cabarc.exe
[2008/04/14 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 06:00:00 | 000,444,794 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 06:00:00 | 000,072,544 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 06:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2008/04/14 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 06:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/04/18 15:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 15:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/03/03 01:50:56 | 000,004,460 | ---- | C] () -- C:\WINDOWS\hpfmdl_s04_main.dat
[2004/02/11 12:39:07 | 000,000,316 | ---- | C] () -- C:\WINDOWS\hpfins_s04_main.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6DD5F62

< End of report >



OTL Extras.txt log:


OTL Extras logfile created on: 1/24/2012 3:26:50 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Brett\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 77.07% Memory free
4.84 Gb Paging File | 4.12 Gb Available in Paging File | 85.16% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 327.08 Gb Free Space | 70.23% Space Free | Partition Type: NTFS

Computer Name: A | User Name: Brett | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1993962763-1336601894-1801674531-1004\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"7000:TCP" = 7000:TCP:*:Disabled:Hi
"6000:TCP" = 6000:TCP:*:Disabled:hi
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Stardock\Impulse\ImpulseMini.exe" = C:\Program Files\Stardock\Impulse\ImpulseMini.exe:*:Enabled:Impulse -- (Stardock)
"C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe" = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe:*:Enabled:Impulse Tray Application -- (Stardock Corporation)
"C:\Program Files\Electronic Arts\The Sims 3\Game\Bin\Sims3Launcher.exe" = C:\Program Files\Electronic Arts\The Sims 3\Game\Bin\Sims3Launcher.exe:*:Enabled:The Sims™ 3 -- (EA.com)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe" = C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- (Ironclad Games)
"C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\StarCraft II\Versions\Base17326\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base17326\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\Safari\Safari.exe" = C:\Program Files\Safari\Safari.exe:*:Enabled:Safari -- (Apple Inc.)
"C:\Program Files\Steam\New Folder\Steam.exe" = C:\Program Files\Steam\New Folder\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\New Folder\SteamApps\common\empire total war\Empire.exe" = C:\Program Files\Steam\New Folder\SteamApps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- (The Creative Assembly Ltd)
"C:\Program Files\Steam\New Folder\SteamApps\common\napoleon total war\Napoleon.exe" = C:\Program Files\Steam\New Folder\SteamApps\common\napoleon total war\Napoleon.exe:*:Enabled:Napoleon: Total War -- (The Creative Assembly Ltd)
"C:\Program Files\Steam\New Folder\SteamApps\common\total war shogun 2\Shogun2.exe" = C:\Program Files\Steam\New Folder\SteamApps\common\total war shogun 2\Shogun2.exe:*:Enabled:Total War: SHOGUN 2 -- (The Creative Assembly Ltd)
"C:\Program Files\StarCraft II\Versions\Base18092\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base18092\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Program Files\StarCraft II\Versions\Base18574\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base18574\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\StarCraft II\Versions\Base19132\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base19132\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Disabled:BearShare -- (MusicLab, LLC)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Disabled:eMule
"C:\Program Files\StarCraft II\Versions\Base19679\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base19679\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{0323C306-8B8C-BB5F-E644-5BFE9A42A7BF}" = Catalyst Control Center Localization Hungarian
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054CCA19-DADE-A3C9-171A-8735E23CA6FA}" = Catalyst Control Center Localization Italian
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{08B21B7E-DC6F-69F0-780F-FE7918726A34}" = Catalyst Control Center Localization Korean
"{106E35DE-FFF3-033A-0D1B-288A231BDE64}" = Catalyst Control Center Localization Russian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{193DDD97-B56A-511D-0CD6-78D5F421D5BD}" = Catalyst Control Center HydraVision Full
"{19CA0312-BD69-A0DE-D242-BD806E9D627A}" = CCC Help Dutch
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.2
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1A8F390D-E05E-A124-3FB7-89E3E49F81E2}" = CCC Help Polish
"{1B4FC4DB-4ACD-77A1-BA99-C820E5CB68BC}" = CCC Help Chinese Standard
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel® Network Connections 13.0.44.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{2BE013D0-4CF4-AA57-05E1-19F9FACCF622}" = CCC Help English
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{2ED57AFF-081D-3B60-0C76-E51F68A9F0D8}" = Catalyst Control Center Localization Polish
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{336D9EAB-B952-6023-C94C-8DE52AD75E7D}" = Catalyst Control Center Localization German
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{36753DE9-4B0F-1C39-D2C6-D9E9A1814FC3}" = CCC Help Hungarian
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3F3733A5-8322-454D-A638-3B74E1C83752}" = Gadget Installer
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{4891561F-8CE7-1162-5967-E741306F7616}" = CCC Help Italian
"{4AE31F12-E34D-83C1-BA1A-D65AF3BBB95F}" = Catalyst Control Center Localization Spanish
"{4C8E4664-A6A1-4847-61D0-D4FA02C42BB0}" = Skins
"{4CACC1AC-7EDF-4E73-0019-A446CE2CA02B}" = Catalyst Control Center Localization Chinese Standard
"{4F28C8B9-E1A5-7BC1-915A-29913E129042}" = Catalyst Control Center Localization Japanese
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B2B2E4-A1D5-1097-C223-6A4E81554458}" = Catalyst Control Center Localization Danish
"{5BE36E29-4207-2D14-1413-DF103390CC19}" = CCC Help French
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5D2B8C32-D051-0DB0-D8BD-5CA32E13723B}" = CCC Help Swedish
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5E85647B-DAF4-E174-9954-210D18B123E6}" = Catalyst Control Center Localization Thai
"{63CA4C0D-7C03-69FE-AE5D-96319AD6AA08}" = CCC Help Norwegian
"{667B8F35-6242-50D3-D69E-69D3BE5445D5}" = Catalyst Control Center Localization Finnish
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A6818AD-60CE-9346-60BB-0717876E40F4}" = ccc-core-preinstall
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6DAC0917-50F5-7F70-9776-4215DA7E2D1B}" = CCC Help German
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{76E3C633-BC8E-E33D-8774-4A3DF581C8FE}" = CCC Help Portuguese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{788F45B5-816D-2294-33DD-BF080093D54D}" = Catalyst Control Center Graphics Previews Common
"{79A636B4-3FA8-1E2F-A85D-6B6A4A0DA43D}" = CCC Help Russian
"{7A14BF33-11BF-033B-02CC-732A30C09314}" = Catalyst Control Center Localization Greek
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7C7575F4-351D-8F62-5693-61D6E0171F85}" = CCC Help Korean
"{82D1C246-2D78-5311-8D3F-8214B94EEFA4}" = CCC Help Turkish
"{85B4D6CC-ADF6-A78F-1463-F70C2E274849}" = CCC Help Finnish
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A183127-7EDB-B2DD-7D87-70FBFA3A33C1}" = Catalyst Control Center Localization Portuguese
"{8B35E3B4-0E9B-ED12-F102-EB8160DD1F46}" = Catalyst Control Center Localization Swedish
"{8FD6CA17-DB2B-9411-CEF5-B899DCBAB685}" = CCC Help Danish
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-008A-0409-0000-0000000FF1CE}" = Microsoft Office 2007 Recent Documents Gadget
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90D73DED-670E-BE24-C645-C4D546A1F2C3}" = CCC Help Spanish
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9210C991-FE28-2B30-3E27-0F921AB5B9EC}" = Catalyst Control Center Localization Chinese Traditional
"{926D18B2-11B5-7210-621A-5231DC005705}" = CCC Help Czech
"{92881120-6DA5-44A3-8BAB-2429A01D022E}" = YouTube Downloader Toolbar v4.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0CCE51-B328-D4F7-C4A4-65723AF20574}" = Catalyst Control Center Core Implementation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A13C84F5-B2FC-823B-ADB2-6F5B2A6EE9DE}" = ccc-utility
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{B1591C79-1C35-4E09-AA15-F7D6923AFB96}" = HP Deskjet 3840
"{B70E4F29-F9C9-4D32-80F3-6E24ED1DBCDF}" = Catalyst Control Center Localization Norwegian
"{B81023A5-71ED-46EB-BE3B-9F974D1155F1}" = HP Software Update
"{B9C149DB-E4F6-573A-DF3B-B9E392F1BA64}" = CCC Help Thai
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BDC209E0-8D38-F913-5246-4376FC4C3EF5}" = Catalyst Control Center Localization French
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C73B3D3A-2FDC-EE8F-F0E5-0269A85014D3}" = Catalyst Control Center Graphics Light
"{C8C08FE3-05DC-7A8B-C23B-9276FFE21183}" = Catalyst Control Center Localization Dutch
"{C9B26742-06BE-3B75-B1DE-7B91B5956A04}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30304
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D00A7B31-C764-94AF-7915-87676458CC66}" = Catalyst Control Center Localization Turkish
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D4B95A0D-CF13-633F-09A6-15D78B24F3AE}" = CCC Help Chinese Traditional
"{D88C3E7C-1DA6-4AD7-97FC-75BC8705B266}" = runtime
"{D9509DDD-74B4-A7CB-3669-7358BEE3C1AC}" = ccc-core-static
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E46B244B-9BF2-EA75-2D4C-7BD0BA12860A}" = CCC Help Japanese
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}" = Styler
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EA5C28E2-3048-5BC5-67C4-E0BB33C60FDA}" = Catalyst Control Center Localization Czech
"{ECA89BA0-1C9B-237D-F59E-EC62534831A5}" = Catalyst Control Center Graphics Full New
"{ECB29C3B-4D64-17C0-430D-DEB933D76834}" = CCC Help Greek
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff
"{ED862528-0058-F09F-F4B3-3E3276A3F3C7}" = Catalyst Control Center Graphics Full Existing
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F4D50DC5-48FB-48E9-9F02-43296E477450}" = Intel® Platform Administration Technology
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BearShare" = BearShare
"bearsharetb" = MediaBar
"CCleaner" = CCleaner (remove only)
"EADM" = EA Download Manager
"ESET Online Scanner" = ESET Online Scanner v3
"Google Updater" = Google Updater
"HECI" = Intel® Management Engine Interface
"HP Deskjet 3840 Series_Driver" = HP Deskjet 3840 Series
"IconPackager" = IconPackager
"ie8" = Windows Internet Explorer 8
"Immunet Protect" = Immunet Protect
"Impulse" = Impulse
"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"Kristanix Right Click Image Converter" = Right Click Image Converter
"LClock" = LClock
"LimeWire" = LimeWire 5.5.9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0)" = Mozilla Firefox (3.0)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PingPlotter Standard" = PingPlotter Standard 3.30.4s
"R for Windows 2.10.0_is1" = R for Windows 2.10.0
"Resource Hacker 3.4.0" = Resource Hacker 3.4.0
"Sins of a Solar Empire" = Sins of a Solar Empire
"Skype_is1" = Skype 3.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spyware Doctor" = Spyware Doctor with AntiVirus 8.0
"STANDARDR" = Microsoft Office Standard 2007
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 34030" = Napoleon: Total War
"Steam App 34330" = Total War: SHOGUN 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"ToolBand.SkypeIEToolbarToolbar" = Skype add-on for IE
"Unlocker" = Unlocker 1.8.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WildTangent wildgames Master Uninstall" = WildGames
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Sidebar" = Windows Sidebar
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1993962763-1336601894-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/15/2012 10:15:26 PM | Computer Name = A | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/16/2012 2:44:42 AM | Computer Name = A | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/18/2012 5:34:11 AM | Computer Name = A | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/18/2012 5:20:35 PM | Computer Name = A | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/18/2012 11:17:49 PM | Computer Name = A | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/19/2012 12:41:47 AM | Computer Name = A | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 1/19/2012 12:48:43 AM | Computer Name = A | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 1/20/2012 11:50:36 PM | Computer Name = A | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0153af66.

Error - 1/23/2012 7:21:32 AM | Computer Name = A | Source = Application Hang | ID = 1002
Description = Hanging application ATF-Cleaner.exe, version 3.0.0.2, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/24/2012 12:47:28 AM | Computer Name = A | Source = Application Error | ID = 1000
Description = Faulting application safari.exe, version 5.33.19.4, faulting module
msvcr80.dll, version 8.0.50727.6195, fault address 0x000173d0.

[ OSession Events ]
Error - 9/23/2009 2:00:52 AM | Computer Name = BRETT-E976A2DC3 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6684
seconds with 60 seconds of active time. This session ended with a crash.

Error - 11/30/2009 4:48:31 AM | Computer Name = BRETT-E976A2DC3 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4846
seconds with 960 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/22/2012 7:00:00 AM | Computer Name = A | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 1/22/2012 12:00:00 PM | Computer Name = A | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 1/22/2012 5:00:00 PM | Computer Name = A | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 1/22/2012 10:00:00 PM | Computer Name = A | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 1/23/2012 3:00:00 AM | Computer Name = A | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 1/23/2012 8:00:00 AM | Computer Name = A | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 1/23/2012 1:00:00 PM | Computer Name = A | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 1/23/2012 6:00:00 PM | Computer Name = A | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 1/23/2012 11:00:00 PM | Computer Name = A | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 1/24/2012 4:00:00 AM | Computer Name = A | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}


< End of report >


Comments/Questions:

The person I was working with earlier told me to run TFC by OT (Temp File Cleaner). When I would run the program it would display that it was "Stopping all running processes..." then stop. I know it would start to close out of programs because I would receive error messages stating that some of my programs terminated unexpectedly, but nothing would happen after that. It would just sit at "Stopping all running processes..." indefinitely (I let it run for 3 hours). I had to manually power off my system in order to use it because I could not close out of the program nor open any other. The computer did not freeze, as I could move the TFC window around my screen, but I could not do anything else.

Also, I am using Safari as my browser. Not sure if this means anything but from everything I had notices it seems the scans only check Internet Explorer and Firefox.

How my computer is currently running:

I currently am not having any problems with my computer. It actually would seem like it is clean. Before I received help from this website I had a scvhost.exe process that would steadily increase in memory usage (800,000k+) until it froze my computer. I also was getting re-directed to random websites (most notably when using google) and was having difficulty powering off and on my system (sitting at blue screens).

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:37 AM

Posted 25 January 2012 - 01:51 AM

Hi Dont Shoot Me!

Your logs don't look all to bad, but I'd like to have you run a more powerful tool to ensure that nothing is hiding from us.

The person I was working with earlier told me to run TFC by OT (Temp File Cleaner). When I would run the program it would display that it was "Stopping all running processes..." then stop. I know it would start to close out of programs because I would receive error messages stating that some of my programs terminated unexpectedly, but nothing would happen after that. It would just sit at "Stopping all running processes..." indefinitely (I let it run for 3 hours). I had to manually power off my system in order to use it because I could not close out of the program nor open any other. The computer did not freeze, as I could move the TFC window around my screen, but I could not do anything else.

Okay. Thanks for that information. It sounds like MalwareBytes' Anti-Malware Pro is preventing TFC from running successfully. In order for TFC to run properly, you will first need to disable MBAM.




Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Dont Shoot Me

Dont Shoot Me
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 25 January 2012 - 06:25 AM

Ok well I didn't know ComboFix ran automatically upon opening it, so I had opened it before I had closed my anti-virus programs. I closed out of them while it was running but I still received an error message after it finished saying that it could not locate some executable file that started with a n, ie. n-----.exe. I wasn't thinking at the time and just closed out of the window. Anyways you said not to re-run it so what should I do now?

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:37 AM

Posted 25 January 2012 - 08:18 AM

Hi!

Please disable your Anti-Virus program, and then proceed with re-running ComboFix again.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 Dont Shoot Me

Dont Shoot Me
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 25 January 2012 - 05:55 PM

Ok I ran it again with my anti-virus disabled from the start and I got the same error message. It says "Windows cannot find 'NIRCMD'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search". This pops up twice, then a type of blue CMD window opens and says 'NIRCMD' is not recognizable as an external or internal command" and so on. Here is a screenshot of what I am encountering.

Posted Image

Okay things just got weird. I kept hitting the "Ok" button for the error message, and after a few times the blue CMD program said it was "Attempting to create a New System Restore point".

Posted Image

After it said that a window popped up with two slider bars (the one on top red and the one on bottom blue) which moved so fast I never had an opportunity to read what they said or take a screenshot of them. After this I checked my task manager to see if the process was still running, and I found these three processes which I had never seen before.

Posted Image

The error message popped up again, and I tried hitting it a few more times to see if I could replicate the previous results and get a screenshot, but instead another blue CMD window opened called "Autoscan" which claimed to be "Scanning for infected files". I was in uncharted waters at this point so I took a screenshot and closed out of the program.

Posted Image

#8 Dont Shoot Me

Dont Shoot Me
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 25 January 2012 - 06:02 PM

After I made this post I checked the ComboFix tutorial on this website and realized that Autoscan was actually part of ComboFix. I also realized that the window that popped up and had two progress meters on it was this part of Combofix:

Posted Image

Still do you have any idea what that error message is being caused from? Should I just run ComboFix again?

Edited by Dont Shoot Me, 25 January 2012 - 06:03 PM.


#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:37 AM

Posted 26 January 2012 - 02:08 AM

Hi!

It seems like that ComboFix may have encountered an issue with not being able to extract/find a file during the preparation of the ComboFix scan.

It's possible that your Anti-Virus program has removed some of the files that are part of ComboFix.

Can you please ensure that you're anti-virus program is disabled, and then download a new copy of ComboFix and try to run the new copy and see if you have better luck with it than?

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 Dont Shoot Me

Dont Shoot Me
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 26 January 2012 - 02:31 AM

Ok I turned off my anti-virus, downloaded ComboFix again and let it run, and still ran into the same problems. This time I let it get to the stage where AutoScan started and I just let it run, and then this happened:

Posted Image

Does ComboFix close out of any processes that you are running? Because as I stated earlier I had problems with TFC when it tried to close out of some of my running processes. Maybe the two are related?

#11 Dont Shoot Me

Dont Shoot Me
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 26 January 2012 - 02:58 AM

Well I have tracked down the source of my freezing problem. I checked my task manager to see what processes were running, and I noticed that mbamservice.exe was running still after I had closed out of Malwarebytes Anti-Malware. I figured that process might be what was messing up ComboFix, so I ended it which caused my computer to essentially freeze. I could still move my mouse around, but I could not open any programs or close out of any programs, the same thing that happened to me when I ran TFC and it attempted to close out of Malwarebytes. I had to manually reboot my system again to regain functionality. I am going to disable Malwarebytes from running at startup and try again.

#12 Dont Shoot Me

Dont Shoot Me
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 26 January 2012 - 03:13 AM

Well I disabled all of my anti-virus from running on start up, searched for every ComboFix file and deleted them from my computer, re-downloaded ComboFix yet again, and I still am getting the same error message.

Two things I have noticed though, I am running into a bunch of process that are running under .3xe instead of .exe, which I have never seen before. Examples are grep.3xe or CF29980.3XE. The other thing is that my wireless connection is getting disabled while Autoscan is running.

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:37 AM

Posted 26 January 2012 - 03:25 AM

Hi!

Okay, thanks for that information.

Two things I have noticed though, I am running into a bunch of process that are running under .3xe instead of .exe, which I have never seen before. Examples are grep.3xe or CF29980.3XE. The other thing is that my wireless connection is getting disabled while Autoscan is running.

Those files are related to ComboFix. When ComboFix runs its scan part of what it will do is disable you from the internet while it's running through it's scan.

Out of curiosity, could you try to run ComboFix in Safe Mode with Networking, and see if it will run for you there? I'm thinking that you're not going to be able to run ComboFix in Safe Mode, but I'd like to have you try running it there anyways.

Can you confirm that you disabled McAfee completely? I ask because McAfee has a tendency to be a bit of a pain when it comes to trying to run ComboFix.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 Dont Shoot Me

Dont Shoot Me
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 26 January 2012 - 05:40 AM

Ok you caught me, I had a McAfee process running that I hadn't notice. I closed out of it and I stopped receiving this error message:

Posted Image

So I disabled that McAfee process, and after that stuff started getting interesting. I booted up ComboFix and it ran fine until it got to the AutoScan stage. It told me that ZeroAccess had infected my system:

Posted Image

And shortly afterwards I started receiving the error message that you see on the bottom of this screenshot:

Posted Image

After I would click "Don't Send" I would immediately receive the error message again, so I started clicking "Don't Send" over and over again (Within a second of closing out of the error message another one would pop up). I noticed that during the short span of time these error messages would be closed that AutoScan was actually running, and that when the error messages popped back up it would stop. So I started clicking "Don't Send" on the error messages as fast as possible. Slowly but surely AutoScan went through the scan of my system and eventually got to the point where it said it was producing a log. By this time the error message popups were becoming more sporadic, and I didn't receive one for a while once AutoScan said it was producing a log. When one finally did come up and I clicked on it AutoScan closed out. I immediately opened task manager to see if its pev.3XE process had been terminated (it had) but I also was able to catch a process titled CatchMe.tmp using a good chunk of my memory (it disappeared shortly after I opened task manager). Anyways after all this I re-enabled my anti-virus and rebooted.

Once I rebooted I figured the AutoScan logs would be saved somewhere, so I searched my computer for any .txt files and sorted them by recently created. Sure enough I found quite a few ComboFix logs that were created at the correct time, along with some that seem to be produced from the ZeroAccess rootkit.


ComboFix logs:


ComboFix.txt

ComboFix 12-01-23.02 - Brett 01/26/2012 3:59:33.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3068.2210 [GMT -6:00]
Running from: C:\Documents and Settings\Brett\My Documents\ComboFix.exe
AV: Immunet Protect *Disabled/Updated* {F1220F1F-7E2E-48CD-846D-B98C6F85CD37}
AV: McAfee VirusScan Enterprise *Disabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

/wow section - STAGE 3

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

/wow section - STAGE 4

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
Could Not Find C:\ComboFix\tempAA

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
Could Not Find C:\ComboFix\tempAA

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

/wow section - STAGE 27

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
FINDSTR: Cannot read file list from temp0400

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read temp0800: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read temp0900: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read temp1500: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read temp1505: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
FINDSTR: Cannot open temp2000

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read temp2201: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read temp2201: No such file or directory
SED: can't read temp2201: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read temp2400: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
grep: temp2401: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

/wow section - STAGE 48

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read WrgNameDLL00: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read VList02: No such file or directory
SED: can't read VList02: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read temp3100: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read OriO4Files.dat: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
Could Not Find C:\ComboFix\OriO400

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read temp3300: No such file or directory
FINDSTR: Cannot open temp3300
SED: can't read temp3300: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read temp3300: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read temp3300: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
Could Not Find C:\ComboFix\temp4700

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drivers\aec.sys . . . is infected!!

C:\WINDOWS\system32\hid.dll . . . is infected!!

C:\WINDOWS\system32\midimap.dll . . . is infected!!

C:\WINDOWS\system32\dsound.dll . . . is infected!!

C:\WINDOWS\system32\rasauto.dll . . . is infected!!

C:\WINDOWS\system32\qmgr.dll . . . is infected!!

C:\WINDOWS\system32\netlogon.dll . . . is infected!!

C:\WINDOWS\system32\scecli.dll . . . is infected!!

C:\WINDOWS\system32\srsvc.dll . . . is infected!!

C:\WINDOWS\system32\comres.dll . . . is infected!!

C:\WINDOWS\system32\lpk.dll . . . is infected!!



The "This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information." Error would happen when the pev.3XE error message popped up.


mbr.txt

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3500410AS rev.CC34 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


pend.txt

.:\\\(0!\|0\\0\)
C:\\WINDOWS\\system32\\\(\\\|0!\|0\\0\)
C:\\WINDOWS\\system32\\config\\\(\\\|0!\|0\\0\)
C:\\WINDOWS\\system32\\csrss.exe\\\(0!\|0\\0\)
C:\\WINDOWS\\system32\\Drivers\\\(\\\|0!\|0\\0\)
C:\\WINDOWS\\system32\\hal.dll\\\(0!\|0\\0\)
C:\\WINDOWS\\system32\\lsass.exe\\\(0!\|0\\0\)
C:\\WINDOWS\\system32\\ntdll.dll\\\(0!\|0\\0\)
C:\\WINDOWS\\system32\\services.exe\\\(0!\|0\\0\)
C:\\WINDOWS\\system32\\smss.exe\\\(0!\|0\\0\)
C:\\WINDOWS\\system32\\svchost.exe\\\(0!\|0\\0\)
C:\\WINDOWS\\system32\\userinit.exe\\\(0!\|0\\0\)
C:\\WINDOWS\\system32\\wbem\\\(\\\|0!\|0\\0\)
C:\\WINDOWS\\system32\\winlogon.exe\\\(0!\|0\\0\)
C:\\boot.ini\\\(0!\|0\\0\)
C:\\ntdetect.com\\\(0!\|0\\0\)
C:\\ntldr\\\(0!\|0\\0\)
C:\\WINDOWS\\\(\\\|0!\|0\\0\)
C:\\WINDOWS\\explorer.exe\\\(0!\|0\\0\)



OsId.txt

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3068.2210 [GMT -6:00]


version.txt

12-01-23.02 4388468 M 11-05-29.09




Resident.txt

AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: McAfee VirusScan Enterprise *Disabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Immunet Protect *Disabled/Updated* {F1220F1F-7E2E-48CD-846D-B98C6F85CD37}


All of these logs were produced between the time AutoScan started and the time it ended.

Now onto the suspicious logs (these were created very shortly after the last ComboFix logs were created).

WGAErrLog.txt (this is located in C:\WINDOWS\temp):

D446F964-542-80004005_D446F964-441-80004005_D446F964-542-80004005_D446F964-441-80004005_D446F964-542-80004005_D446F964-441-80004005_D446F964-542-80004005_D446F964-441-80004005_D446F964-542-80004005_D446F964-441-80004005_D446F964-542-80004005_D446F964-441-



dberr.txt:

(I decided to attach this one because it is incredibly long.)

Well thats all the information I got. Please tell me something good will come out of this. I feel like I just got in a fistfight with my computer.

Attached Files


Edited by Dont Shoot Me, 26 January 2012 - 05:43 AM.


#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:37 AM

Posted 26 January 2012 - 08:27 AM

HI!

That's definitely interesting. I'd like download a new copy of ComboFix and save it to your C:\ drive. I'd like for you to name it svchost.exe and see if you have better luck running it. You may need to try running it from Safe Mode.

Lets see if that lets us run ComboFix successfully.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users