TechSpot

FBI computer locked. $200 moneypak virus

Solved
By Sprinter
Aug 30, 2012
  1. I had my screen pop up with a notice saying my illegal activities had caused the FBI to lock my computer and that I had 72 hours to pay $200 via moneypak or I would be arrested. I realized this was a scam. I tried to close the exe via task manager but I could not even access task manager. I restarted and attempted to run malwarebytes free scan program that I have and the message locked me out again. I unplugged my wireless receiver and restarted again. this time I was able to run a scan but nothing was found. I think plugged in my receiver and boom message locked me out again. How can I get rid/fix this?

    Thanks for your time
    -Sprinter
     
  2. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==========================================

    Start with this guide and let me know how it went: http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware
     
  3. Sprinter

    Sprinter TS Rookie Topic Starter Posts: 59

    I was reading through the rules post and started with the 3 scans in the top thread before I read this reply. the malwarebtyes log and the gmer log I was able to get but the dds one never ran despite me trying to open the file more than once. here are the 2 logs and now im going to try to fix it from the link you suggested. sorry for the inconvience.

    Thanks again,
    -Sprinter
     
  4. Sprinter

    Sprinter TS Rookie Topic Starter Posts: 59

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org
    Database version: 4994
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13
    8/30/2012 9:46:38 PM
    mbam-log-2012-08-30 (21-46-38).txt
    Scan type: Quick scan
    Objects scanned: 211737
    Time elapsed: 22 minute(s), 44 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)


    Gmer log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-08-30 22:03:21
    Windows 5.1.2600 Service Pack 3
    Running: 0ymugb9y.exe

    ---- Services - GMER 1.0.15 ----
    Service C:\WINDOWS\System32\Drivers\39081e7f9367d87f.sys (*** hidden *** ) [BOOT] 39081e7f9367d87f <-- ROOTKIT !!!
    ---- EOF - GMER 1.0.15 ----
     
  5. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Let me know...
     
  6. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Let's skip DDS for now.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  7. Sprinter

    Sprinter TS Rookie Topic Starter Posts: 59

    I have nearly completed your instruction to follow the steps at bleepingcomputer.com(the link you gave me). it is scaning my system and has so far found 4 items that I will be quaratining. but how do I know my computer is actually clean? would you like me to download and run the TDSSKiller after I am done?

    thanks for your time,
    -Sprinter
     
  8. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Yes.
     
  9. Sprinter

    Sprinter TS Rookie Topic Starter Posts: 59

    Just completed the scan from bleepingcomputer.com(the link you gave me). it detected 81 items which I believe I took care of following their instructions on the site. Question, how did malwarebytes not find even one of these 81 items? :/
    Also it said to reboot my computer in normal mode after completing all the steps in safe mode. rebooted, plugged in my wireless receiver to get online to download the TDSSKiller and pop, up came the FBI screen locking me out again. I restarted in safe mode and im going to try plugging it back in and downloading TDSSKiller and running it. Thoughts?

    Thanks,
    -Sprinter
     
  10. Sprinter

    Sprinter TS Rookie Topic Starter Posts: 59

    Here is the TDSSKiller log


    03:45:20.0734 0140 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
    03:45:21.0031 0140 ============================================================
    03:45:21.0031 0140 Current date / time: 2012/08/31 03:45:21.0031
    03:45:21.0031 0140 SystemInfo:
    03:45:21.0031 0140
    03:45:21.0031 0140 OS Version: 5.1.2600 ServicePack: 3.0
    03:45:21.0031 0140 Product type: Workstation
    03:45:21.0031 0140 ComputerName: TINKER
    03:45:21.0031 0140 UserName: atinker
    03:45:21.0031 0140 Windows directory: C:\WINDOWS
    03:45:21.0031 0140 System windows directory: C:\WINDOWS
    03:45:21.0031 0140 Processor architecture: Intel x86
    03:45:21.0031 0140 Number of processors: 2
    03:45:21.0031 0140 Page size: 0x1000
    03:45:21.0031 0140 Boot type: Safe boot with network
    03:45:21.0031 0140 ============================================================
    03:45:28.0343 0140 !crdlk
    03:45:28.0343 0140 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
    03:45:28.0359 0140 ============================================================
    03:45:28.0359 0140 \Device\Harddisk0\DR0:
    03:45:28.0359 0140 MBR partitions:
    03:45:28.0359 0140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x8B966D7
    03:45:28.0359 0140 ============================================================
    03:45:28.0437 0140 C: <-> \Device\Harddisk0\DR0\Partition1
    03:45:28.0453 0140 ============================================================
    03:45:28.0453 0140 Initialize success
    03:45:28.0453 0140 ============================================================
    03:45:36.0906 1780 ============================================================
    03:45:36.0906 1780 Scan started
    03:45:36.0906 1780 Mode: Manual;
    03:45:36.0906 1780 ============================================================
    03:45:37.0750 1780 ================ Scan system memory ========================
    03:45:37.0750 1780 System memory - ok
    03:45:37.0750 1780 ================ Scan services =============================
    03:45:37.0859 1780 Suspicious service (NoAccess): 39081e7f9367d87f
    03:45:38.0046 1780 [ 7B01DACDBB1F8AEC54F61CBD50DFD5B8 ] 39081e7f9367d87f C:\WINDOWS\System32\Drivers\39081e7f9367d87f.sys
    03:45:38.0046 1780 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\39081e7f9367d87f.sys. md5: 7B01DACDBB1F8AEC54F61CBD50DFD5B8
    03:45:38.0828 1780 39081e7f9367d87f ( Rootkit.Win32.Necurs.gen ) - infected
    03:45:38.0828 1780 39081e7f9367d87f - detected Rootkit.Win32.Necurs.gen (0)
    03:45:39.0156 1780 [ F7EABCA8375EA2DC6F35C4BCA4757515 ] A2DDA C:\Documents and Settings\atinker\Desktop\EmsisoftEmergencyKit\Run\a2ddax86.sys
    03:45:39.0156 1780 A2DDA - ok
    03:45:39.0171 1780 Abiosdsk - ok
    03:45:39.0312 1780 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    03:45:39.0312 1780 abp480n5 - ok
    03:45:39.0390 1780 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    03:45:39.0390 1780 ACPI - ok
    03:45:39.0453 1780 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    03:45:39.0468 1780 ACPIEC - ok
    03:45:39.0515 1780 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    03:45:39.0515 1780 adpu160m - ok
    03:45:39.0578 1780 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    03:45:39.0578 1780 aec - ok
    03:45:39.0656 1780 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    03:45:39.0656 1780 AFD - ok
    03:45:39.0718 1780 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
    03:45:39.0718 1780 agp440 - ok
    03:45:39.0734 1780 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    03:45:39.0734 1780 agpCPQ - ok
    03:45:39.0796 1780 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
    03:45:39.0796 1780 Aha154x - ok
    03:45:39.0843 1780 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    03:45:39.0843 1780 aic78u2 - ok
    03:45:39.0875 1780 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    03:45:39.0890 1780 aic78xx - ok
    03:45:39.0953 1780 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    03:45:39.0953 1780 Alerter - ok
    03:45:40.0000 1780 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    03:45:40.0000 1780 ALG - ok
    03:45:40.0046 1780 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
    03:45:40.0046 1780 AliIde - ok
    03:45:40.0093 1780 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
    03:45:40.0093 1780 alim1541 - ok
    03:45:40.0156 1780 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
    03:45:40.0171 1780 amdagp - ok
    03:45:40.0203 1780 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
    03:45:40.0203 1780 amsint - ok
    03:45:40.0375 1780 [ 8FA646F0E639D9A8C8B98E217D471DC0 ] AOL ACS C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    03:45:40.0406 1780 AOL ACS - ok
    03:45:40.0562 1780 [ A8AA9D47F971570A5162B862B80F87E8 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    03:45:40.0593 1780 Apple Mobile Device - ok
    03:45:40.0687 1780 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    03:45:40.0703 1780 AppMgmt - ok
    03:45:40.0765 1780 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
    03:45:40.0765 1780 asc - ok
    03:45:40.0796 1780 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    03:45:40.0796 1780 asc3350p - ok
    03:45:40.0859 1780 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
    03:45:40.0859 1780 asc3550 - ok
    03:45:40.0937 1780 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
    03:45:40.0937 1780 ASCTRM - ok
    03:45:41.0140 1780 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    03:45:41.0140 1780 aspnet_state - ok
    03:45:41.0218 1780 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    03:45:41.0218 1780 AsyncMac - ok
    03:45:41.0265 1780 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    03:45:41.0281 1780 atapi - ok
    03:45:41.0296 1780 Atdisk - ok
    03:45:41.0390 1780 [ ABC57A6F6070BAF9786C318F59F29F0B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
    03:45:41.0406 1780 Ati HotKey Poller - ok
    03:45:41.0562 1780 [ 03621F7F968FF63713943405DEB777F9 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    03:45:41.0593 1780 ati2mtag - ok
    03:45:41.0687 1780 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    03:45:41.0687 1780 Atmarpc - ok
    03:45:41.0734 1780 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    03:45:41.0734 1780 AudioSrv - ok
    03:45:41.0765 1780 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    03:45:41.0765 1780 audstub - ok
    03:45:41.0921 1780 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
    03:45:41.0937 1780 BBSvc - ok
    03:45:42.0015 1780 [ B770039886598AAB7CF5EAEEC2409E31 ] BCMH43XX C:\WINDOWS\system32\DRIVERS\bcmwlhigh5.sys
    03:45:42.0015 1780 BCMH43XX - ok
    03:45:42.0046 1780 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    03:45:42.0046 1780 Beep - ok
    03:45:42.0156 1780 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    03:45:42.0328 1780 BITS - ok
    03:45:42.0390 1780 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    03:45:42.0406 1780 Bonjour Service - ok
    03:45:42.0453 1780 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    03:45:42.0453 1780 Browser - ok
    03:45:42.0484 1780 bvrp_pci - ok
    03:45:42.0593 1780 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    03:45:42.0593 1780 cbidf - ok
    03:45:42.0609 1780 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    03:45:42.0609 1780 cbidf2k - ok
    03:45:42.0671 1780 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    03:45:42.0687 1780 cd20xrnt - ok
    03:45:42.0750 1780 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    03:45:42.0750 1780 Cdaudio - ok
    03:45:42.0812 1780 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    03:45:42.0812 1780 Cdfs - ok
    03:45:42.0859 1780 [ 814ACB9B8A55804D9878248B3C79F862 ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys
    03:45:42.0859 1780 Cdr4_xp - ok
    03:45:42.0906 1780 [ BCE7213F8AA1BC9D5C08F81CB05E10A7 ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys
    03:45:42.0906 1780 Cdralw2k - ok
    03:45:42.0937 1780 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    03:45:42.0937 1780 Cdrom - ok
    03:45:43.0015 1780 [ 7E6F7DA1C4DE5680820F964562548949 ] cfwids C:\WINDOWS\system32\drivers\cfwids.sys
    03:45:43.0015 1780 cfwids - ok
    03:45:43.0046 1780 Changer - ok
    03:45:43.0140 1780 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    03:45:43.0140 1780 CiSvc - ok
    03:45:43.0218 1780 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    03:45:43.0218 1780 ClipSrv - ok
    03:45:43.0296 1780 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    03:45:43.0296 1780 clr_optimization_v2.0.50727_32 - ok
    03:45:43.0328 1780 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
    03:45:43.0343 1780 CmdIde - ok
    03:45:43.0375 1780 COMSysApp - ok
    03:45:43.0453 1780 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    03:45:43.0453 1780 Cpqarray - ok
    03:45:43.0546 1780 [ 7DB5E3F44D797BD38B8E336CCC2E49D5 ] Creative Labs Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    03:45:43.0546 1780 Creative Labs Licensing Service - ok
    03:45:43.0640 1780 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
    03:45:43.0640 1780 Creative Service for CDROM Access - ok
    03:45:43.0718 1780 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    03:45:43.0718 1780 CryptSvc - ok
    03:45:43.0750 1780 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    03:45:43.0750 1780 dac2w2k - ok
    03:45:43.0796 1780 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    03:45:43.0796 1780 dac960nt - ok
    03:45:43.0875 1780 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    03:45:43.0890 1780 DcomLaunch - ok
    03:45:43.0953 1780 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    03:45:43.0968 1780 Dhcp - ok
    03:45:44.0000 1780 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    03:45:44.0000 1780 Disk - ok
    03:45:44.0078 1780 [ E2D0DE31442390C35E3163C87CB6A9EB ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    03:45:44.0078 1780 DLABOIOM - ok
    03:45:44.0109 1780 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    03:45:44.0109 1780 DLACDBHM - ok
    03:45:44.0171 1780 [ 83545593E297F50A8E2524B4C071A153 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
    03:45:44.0171 1780 DLADResN - ok
    03:45:44.0203 1780 [ 96E01D901CDC98C7817155CC057001BF ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    03:45:44.0203 1780 DLAIFS_M - ok
    03:45:44.0250 1780 [ 0A60A39CC5E767980A31CA5D7238DFA9 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    03:45:44.0250 1780 DLAOPIOM - ok
    03:45:44.0296 1780 [ 9FE2B72558FC808357F427FD83314375 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    03:45:44.0296 1780 DLAPoolM - ok
    03:45:44.0343 1780 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
    03:45:44.0343 1780 DLARTL_N - ok
    03:45:44.0375 1780 [ F08E1DAFAC457893399E03430A6A1397 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    03:45:44.0375 1780 DLAUDFAM - ok
    03:45:44.0421 1780 [ E7D105ED1E694449D444A9933DF8E060 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    03:45:44.0421 1780 DLAUDF_M - ok
    03:45:44.0453 1780 dmadmin - ok
    03:45:44.0531 1780 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    03:45:44.0562 1780 dmboot - ok
    03:45:44.0640 1780 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    03:45:44.0640 1780 dmio - ok
    03:45:44.0687 1780 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    03:45:44.0687 1780 dmload - ok
    03:45:44.0765 1780 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    03:45:44.0765 1780 dmserver - ok
    03:45:44.0796 1780 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    03:45:44.0796 1780 DMusic - ok
    03:45:44.0859 1780 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    03:45:44.0859 1780 Dnscache - ok
    03:45:44.0937 1780 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    03:45:44.0937 1780 Dot3svc - ok
    03:45:45.0015 1780 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    03:45:45.0015 1780 dpti2o - ok
    03:45:45.0062 1780 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    03:45:45.0062 1780 drmkaud - ok
    03:45:45.0125 1780 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    03:45:45.0125 1780 DRVMCDB - ok
    03:45:45.0171 1780 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    03:45:45.0171 1780 DRVNDDM - ok
    03:45:45.0296 1780 [ FE80901578E7E3DA70299A5AEB2B7FBD ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
    03:45:45.0296 1780 DSBrokerService - ok
    03:45:45.0343 1780 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
    03:45:45.0343 1780 DSproct - ok
    03:45:45.0406 1780 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
    03:45:45.0421 1780 dsunidrv - ok
    03:45:45.0484 1780 [ D57A8FC800B501AC05B10D00F66D127A ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
    03:45:45.0484 1780 E100B - ok
    03:45:45.0531 1780 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    03:45:45.0546 1780 EapHost - ok
    03:45:45.0656 1780 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
    03:45:45.0671 1780 ehRecvr - ok
    03:45:45.0765 1780 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
    03:45:45.0765 1780 ehSched - ok
    03:45:45.0828 1780 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    03:45:45.0828 1780 ERSvc - ok
    03:45:45.0890 1780 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    03:45:45.0906 1780 Eventlog - ok
    03:45:45.0968 1780 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    03:45:45.0968 1780 EventSystem - ok
    03:45:46.0031 1780 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    03:45:46.0031 1780 Fastfat - ok
    03:45:46.0109 1780 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    03:45:46.0125 1780 FastUserSwitchingCompatibility - ok
    03:45:46.0187 1780 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
    03:45:46.0203 1780 Fax - ok
    03:45:46.0234 1780 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
    03:45:46.0234 1780 Fdc - ok
    03:45:46.0296 1780 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    03:45:46.0296 1780 Fips - ok
    03:45:46.0343 1780 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    03:45:46.0343 1780 Flpydisk - ok
    03:45:46.0406 1780 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    03:45:46.0406 1780 FltMgr - ok
    03:45:46.0531 1780 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    03:45:46.0531 1780 FontCache3.0.0.0 - ok
    03:45:46.0578 1780 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    03:45:46.0578 1780 Fs_Rec - ok
    03:45:46.0656 1780 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    03:45:46.0656 1780 Ftdisk - ok
    03:45:46.0718 1780 [ AB8A6A87D9D7255C3884D5B9541A6E80 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    03:45:46.0718 1780 GEARAspiWDM - ok
    03:45:46.0750 1780 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    03:45:46.0750 1780 Gpc - ok
    03:45:46.0875 1780 [ 751C1D2CA2ABF4A9F5A6B8D7D45B907C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    03:45:46.0875 1780 gusvc - ok
    03:45:46.0921 1780 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    03:45:46.0921 1780 HDAudBus - ok
    03:45:47.0015 1780 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    03:45:47.0015 1780 helpsvc - ok
    03:45:47.0062 1780 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    03:45:47.0062 1780 HidServ - ok
    03:45:47.0093 1780 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    03:45:47.0093 1780 HidUsb - ok
    03:45:47.0187 1780 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    03:45:47.0187 1780 hkmsvc - ok
    03:45:47.0296 1780 [ C5F00D15AA15CB7F55A027FF75E44BB7 ] HP Port Resolver C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    03:45:47.0328 1780 HP Port Resolver - ok
    03:45:47.0375 1780 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
    03:45:47.0375 1780 hpn - ok
    03:45:47.0468 1780 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
    03:45:47.0468 1780 HSFHWBS2 - ok
    03:45:47.0531 1780 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
    03:45:47.0562 1780 HSF_DP - ok
    03:45:47.0640 1780 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    03:45:47.0656 1780 HTTP - ok
    03:45:47.0703 1780 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    03:45:47.0718 1780 HTTPFilter - ok
    03:45:47.0750 1780 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
    03:45:47.0750 1780 i2omgmt - ok
    03:45:47.0812 1780 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
    03:45:47.0812 1780 i2omp - ok
    03:45:47.0859 1780 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    03:45:47.0859 1780 i8042prt - ok
    03:45:47.0968 1780 [ 5A8E05F1D5C36ABD58CFFA111EB325EA ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    03:45:48.0078 1780 ialm - ok
    03:45:48.0171 1780 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    03:45:48.0234 1780 idsvc - ok
    03:45:48.0296 1780 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    03:45:48.0296 1780 Imapi - ok
    03:45:48.0359 1780 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    03:45:48.0359 1780 ImapiService - ok
    03:45:48.0437 1780 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
    03:45:48.0437 1780 ini910u - ok
    03:45:48.0531 1780 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
    03:45:48.0546 1780 IntelIde - ok
    03:45:48.0625 1780 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    03:45:48.0625 1780 intelppm - ok
    03:45:48.0703 1780 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    03:45:48.0718 1780 Ip6Fw - ok
    03:45:48.0781 1780 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    03:45:48.0781 1780 IpFilterDriver - ok
    03:45:48.0828 1780 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    03:45:48.0828 1780 IpInIp - ok
    03:45:48.0890 1780 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    03:45:48.0890 1780 IpNat - ok
    03:45:48.0953 1780 [ 62937A89470AF8FF172F0980CA8AEFC9 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    03:45:48.0984 1780 iPod Service - ok
    03:45:49.0031 1780 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    03:45:49.0031 1780 IPSec - ok
    03:45:49.0078 1780 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    03:45:49.0093 1780 IRENUM - ok
    03:45:49.0171 1780 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    03:45:49.0171 1780 isapnp - ok
    03:45:49.0265 1780 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    03:45:49.0265 1780 JavaQuickStarterService - ok
    03:45:49.0312 1780 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    03:45:49.0312 1780 Kbdclass - ok
    03:45:49.0343 1780 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    03:45:49.0343 1780 kbdhid - ok
    03:45:49.0421 1780 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    03:45:49.0421 1780 kmixer - ok
    03:45:49.0468 1780 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    03:45:49.0468 1780 KSecDD - ok
    03:45:49.0515 1780 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    03:45:49.0515 1780 lanmanserver - ok
    03:45:49.0578 1780 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    03:45:49.0593 1780 lanmanworkstation - ok
    03:45:49.0640 1780 [ 9FFD1CF2A782F2560E78EEC4B8B8689E ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys
    03:45:49.0640 1780 LBeepKE - ok
    03:45:49.0671 1780 lbrtfdc - ok
    03:45:49.0828 1780 [ 3AF6B73A3AD1FC37C5933441F66CEB91 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    03:45:49.0828 1780 LBTServ - ok
    03:45:49.0906 1780 [ 70035567754BED4E6AD353CA3F175127 ] LEqdUsb C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
    03:45:49.0906 1780 LEqdUsb - ok
    03:45:49.0937 1780 [ 32491B6BAE0AFAD1D7A62C0EF0AF4321 ] LHidEqd C:\WINDOWS\system32\Drivers\LHidEqd.Sys
    03:45:49.0937 1780 LHidEqd - ok
    03:45:50.0000 1780 [ 7F9C7B28CF1C859E1C42619EEA946DC8 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
    03:45:50.0015 1780 LHidFilt - ok
    03:45:50.0078 1780 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    03:45:50.0078 1780 LmHosts - ok
    03:45:50.0125 1780 [ AB33792A87285344F43B5CE23421BAB0 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
    03:45:50.0125 1780 LMouFilt - ok
    03:45:50.0234 1780 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    03:45:50.0234 1780 McComponentHostService - ok
    03:45:50.0359 1780 [ B26A3EA976E6FD5C03C65F6E5824AD7C ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    03:45:50.0375 1780 McMPFSvc - ok
    03:45:50.0406 1780 [ B26A3EA976E6FD5C03C65F6E5824AD7C ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    03:45:50.0406 1780 mcmscsvc - ok
    03:45:50.0453 1780 [ B26A3EA976E6FD5C03C65F6E5824AD7C ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    03:45:50.0453 1780 McNaiAnn - ok
    03:45:50.0484 1780 [ B26A3EA976E6FD5C03C65F6E5824AD7C ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    03:45:50.0484 1780 McNASvc - ok
    03:45:50.0703 1780 [ ADA83A989D5822DAA5E2F62FDF118AC6 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
    03:45:50.0703 1780 McODS - ok
    03:45:50.0734 1780 [ B26A3EA976E6FD5C03C65F6E5824AD7C ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    03:45:50.0734 1780 McProxy - ok
    03:45:50.0828 1780 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
    03:45:50.0828 1780 McrdSvc - ok
    03:45:50.0875 1780 [ 7394FCADC0DD68DDC5921884906F4AE9 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    03:45:50.0875 1780 McShield - ok
    03:45:51.0000 1780 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    03:45:51.0015 1780 MDM - ok
    03:45:51.0046 1780 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    03:45:51.0046 1780 mdmxsdk - ok
    03:45:51.0203 1780 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    03:45:51.0203 1780 Messenger - ok
    03:45:51.0265 1780 [ 84D59A3EDDFB9438FB94F7F80D37859D ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
    03:45:51.0265 1780 mfeapfk - ok
    03:45:51.0328 1780 [ 67E961988312B1A28D6F93357B0BF998 ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
    03:45:51.0343 1780 mfeavfk - ok
    03:45:51.0390 1780 [ 19161B1796CF74A6A326ABDE309062BA ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
    03:45:51.0406 1780 mfebopk - ok
    03:45:51.0468 1780 [ 3D8E909DA47E22E2B32056FD2AE66EDE ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    03:45:51.0468 1780 mfefire - ok
    03:45:51.0531 1780 [ D5F89B4934960C70882924D992C6ABFC ] mfefirek C:\WINDOWS\system32\drivers\mfefirek.sys
    03:45:51.0531 1780 mfefirek - ok
    03:45:51.0625 1780 [ 0EFAB2B91B27543FE589DE700DE07136 ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
    03:45:51.0640 1780 mfehidk - ok
    03:45:51.0687 1780 [ 549DD4966BF0B1D1FC205CA0755A745B ] mfendisk C:\WINDOWS\system32\DRIVERS\mfendisk.sys
    03:45:51.0687 1780 mfendisk - ok
    03:45:51.0703 1780 [ 549DD4966BF0B1D1FC205CA0755A745B ] mfendiskmp C:\WINDOWS\system32\DRIVERS\mfendisk.sys
    03:45:51.0718 1780 mfendiskmp - ok
    03:45:51.0796 1780 [ C9EDA1EADA2AB6E34CD1A10C3A24AB25 ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys
    03:45:51.0796 1780 mferkdet - ok
    03:45:51.0875 1780 [ E6C5F7AADE5A31C057D73201ACFE8ADF ] mfetdi2k C:\WINDOWS\system32\drivers\mfetdi2k.sys
    03:45:51.0875 1780 mfetdi2k - ok
    03:45:51.0937 1780 [ 5C1B2814EF2A6313936A111D3FD095AF ] mfevtp C:\WINDOWS\system32\mfevtps.exe
    03:45:51.0937 1780 mfevtp - ok
    03:45:52.0000 1780 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
    03:45:52.0015 1780 MHN - ok
    03:45:52.0046 1780 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    03:45:52.0046 1780 MHNDRV - ok
    03:45:52.0140 1780 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    03:45:52.0140 1780 mnmdd - ok
    03:45:52.0203 1780 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    03:45:52.0203 1780 mnmsrvc - ok
    03:45:52.0281 1780 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    03:45:52.0281 1780 Modem - ok
    03:45:52.0328 1780 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
    03:45:52.0328 1780 MODEMCSA - ok
    03:45:52.0390 1780 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    03:45:52.0390 1780 Mouclass - ok
    03:45:52.0437 1780 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    03:45:52.0437 1780 mouhid - ok
    03:45:52.0468 1780 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    03:45:52.0468 1780 MountMgr - ok
    03:45:52.0546 1780 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    03:45:52.0562 1780 MozillaMaintenance - ok
    03:45:52.0609 1780 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    03:45:52.0609 1780 mraid35x - ok
    03:45:52.0656 1780 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    03:45:52.0656 1780 MRxDAV - ok
    03:45:52.0734 1780 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32
     
  11. Sprinter

    Sprinter TS Rookie Topic Starter Posts: 59

    \DRIVERS\mrxsmb.sys
    03:45:52.0734 1780 MRxSmb - ok
    03:45:52.0796 1780 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    03:45:52.0796 1780 MSDTC - ok
    03:45:52.0843 1780 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    03:45:52.0859 1780 Msfs - ok
    03:45:52.0890 1780 MSIServer - ok
    03:45:52.0968 1780 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    03:45:52.0968 1780 MSKSSRV - ok
    03:45:53.0031 1780 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    03:45:53.0031 1780 MSPCLOCK - ok
    03:45:53.0078 1780 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    03:45:53.0093 1780 MSPQM - ok
    03:45:53.0171 1780 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    03:45:53.0171 1780 mssmbios - ok
    03:45:53.0203 1780 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    03:45:53.0218 1780 Mup - ok
    03:45:53.0296 1780 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    03:45:53.0312 1780 napagent - ok
    03:45:53.0343 1780 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    03:45:53.0359 1780 NDIS - ok
    03:45:53.0421 1780 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    03:45:53.0421 1780 NdisTapi - ok
    03:45:53.0484 1780 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    03:45:53.0484 1780 Ndisuio - ok
    03:45:53.0515 1780 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    03:45:53.0515 1780 NdisWan - ok
    03:45:53.0578 1780 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    03:45:53.0578 1780 NDProxy - ok
    03:45:53.0656 1780 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    03:45:53.0656 1780 NetBIOS - ok
    03:45:53.0703 1780 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    03:45:53.0703 1780 NetBT - ok
    03:45:53.0765 1780 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    03:45:53.0781 1780 NetDDE - ok
    03:45:53.0812 1780 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    03:45:53.0828 1780 NetDDEdsdm - ok
    03:45:53.0890 1780 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    03:45:53.0890 1780 Netlogon - ok
    03:45:53.0953 1780 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    03:45:53.0953 1780 Netman - ok
    03:45:54.0140 1780 [ 9DA26B773BD04B867A8E9F427CD048FC ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    03:45:54.0140 1780 NetSvc - ok
    03:45:54.0218 1780 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    03:45:54.0234 1780 NetTcpPortSharing - ok
    03:45:54.0281 1780 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    03:45:54.0281 1780 Nla - ok
    03:45:54.0359 1780 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    03:45:54.0359 1780 Npfs - ok
    03:45:54.0437 1780 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    03:45:54.0453 1780 Ntfs - ok
    03:45:54.0484 1780 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    03:45:54.0484 1780 NtLmSsp - ok
    03:45:54.0578 1780 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    03:45:54.0593 1780 NtmsSvc - ok
    03:45:54.0671 1780 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    03:45:54.0671 1780 Null - ok
    03:45:54.0765 1780 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    03:45:54.0812 1780 nv - ok
    03:45:54.0859 1780 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    03:45:54.0859 1780 NwlnkFlt - ok
    03:45:54.0921 1780 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    03:45:54.0921 1780 NwlnkFwd - ok
    03:45:54.0984 1780 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    03:45:54.0984 1780 ose - ok
    03:45:55.0093 1780 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    03:45:55.0093 1780 Parport - ok
    03:45:55.0140 1780 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    03:45:55.0140 1780 PartMgr - ok
    03:45:55.0203 1780 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    03:45:55.0203 1780 ParVdm - ok
    03:45:55.0234 1780 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    03:45:55.0234 1780 PCI - ok
    03:45:55.0281 1780 PCIDump - ok
    03:45:55.0343 1780 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    03:45:55.0343 1780 PCIIde - ok
    03:45:55.0421 1780 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    03:45:55.0421 1780 Pcmcia - ok
    03:45:55.0437 1780 PDCOMP - ok
    03:45:55.0484 1780 PDFRAME - ok
    03:45:55.0531 1780 PDRELI - ok
    03:45:55.0578 1780 PDRFRAME - ok
    03:45:55.0640 1780 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
    03:45:55.0640 1780 perc2 - ok
    03:45:55.0703 1780 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    03:45:55.0703 1780 perc2hib - ok
    03:45:55.0843 1780 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    03:45:55.0843 1780 PlugPlay - ok
    03:45:55.0890 1780 [ D31F88C5F19EEFA366A415D6BC5F2ABC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
    03:45:55.0890 1780 Pml Driver HPZ12 - ok
    03:45:55.0921 1780 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    03:45:55.0921 1780 PolicyAgent - ok
    03:45:56.0000 1780 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    03:45:56.0000 1780 PptpMiniport - ok
    03:45:56.0015 1780 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    03:45:56.0015 1780 ProtectedStorage - ok
    03:45:56.0062 1780 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    03:45:56.0062 1780 PSched - ok
    03:45:56.0156 1780 [ 1DF21F001F3A94EBA4A2950C70CC358F ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys
    03:45:56.0156 1780 PSI - ok
    03:45:56.0203 1780 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    03:45:56.0218 1780 Ptilink - ok
    03:45:56.0250 1780 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    03:45:56.0250 1780 PxHelp20 - ok
    03:45:56.0296 1780 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
    03:45:56.0296 1780 ql1080 - ok
    03:45:56.0343 1780 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    03:45:56.0343 1780 Ql10wnt - ok
    03:45:56.0375 1780 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
    03:45:56.0375 1780 ql12160 - ok
    03:45:56.0421 1780 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
    03:45:56.0421 1780 ql1240 - ok
    03:45:56.0468 1780 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
    03:45:56.0468 1780 ql1280 - ok
    03:45:56.0515 1780 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    03:45:56.0531 1780 RasAcd - ok
    03:45:56.0593 1780 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    03:45:56.0593 1780 RasAuto - ok
    03:45:56.0640 1780 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    03:45:56.0640 1780 Rasl2tp - ok
    03:45:56.0750 1780 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    03:45:56.0750 1780 RasMan - ok
    03:45:56.0781 1780 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    03:45:56.0781 1780 RasPppoe - ok
    03:45:56.0812 1780 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    03:45:56.0812 1780 Raspti - ok
    03:45:56.0875 1780 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    03:45:56.0875 1780 Rdbss - ok
    03:45:56.0906 1780 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    03:45:56.0906 1780 RDPCDD - ok
    03:45:57.0000 1780 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    03:45:57.0000 1780 rdpdr - ok
    03:45:57.0078 1780 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    03:45:57.0093 1780 RDPWD - ok
    03:45:57.0187 1780 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    03:45:57.0187 1780 RDSessMgr - ok
    03:45:57.0234 1780 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    03:45:57.0234 1780 redbook - ok
    03:45:57.0296 1780 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    03:45:57.0296 1780 RemoteAccess - ok
    03:45:57.0390 1780 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    03:45:57.0390 1780 RemoteRegistry - ok
    03:45:57.0437 1780 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    03:45:57.0437 1780 RpcLocator - ok
    03:45:57.0500 1780 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
    03:45:57.0500 1780 RpcSs - ok
    03:45:57.0562 1780 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    03:45:57.0578 1780 RSVP - ok
    03:45:57.0640 1780 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    03:45:57.0640 1780 SamSs - ok
    03:45:57.0687 1780 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    03:45:57.0687 1780 SCardSvr - ok
    03:45:57.0765 1780 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    03:45:57.0765 1780 Schedule - ok
    03:45:57.0843 1780 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    03:45:57.0859 1780 SeaPort - ok
    03:45:57.0921 1780 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    03:45:57.0921 1780 Secdrv - ok
    03:45:57.0984 1780 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    03:45:58.0000 1780 seclogon - ok
    03:45:58.0046 1780 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    03:45:58.0046 1780 SENS - ok
    03:45:58.0109 1780 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    03:45:58.0109 1780 serenum - ok
    03:45:58.0187 1780 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    03:45:58.0203 1780 Serial - ok
    03:45:58.0296 1780 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    03:45:58.0296 1780 Sfloppy - ok
    03:45:58.0359 1780 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    03:45:58.0359 1780 ShellHWDetection - ok
    03:45:58.0484 1780 [ 6BD3976B881888AC9A0ED3EB94E7FD38 ] sigfilt C:\WINDOWS\system32\drivers\sigfilt.sys
    03:45:58.0515 1780 sigfilt - ok
    03:45:58.0531 1780 Simbad - ok
    03:45:58.0625 1780 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
    03:45:58.0625 1780 sisagp - ok
    03:45:58.0671 1780 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
    03:45:58.0671 1780 Sparrow - ok
    03:45:58.0750 1780 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    03:45:58.0750 1780 splitter - ok
    03:45:58.0812 1780 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    03:45:58.0812 1780 Spooler - ok
    03:45:58.0843 1780 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    03:45:58.0843 1780 sr - ok
    03:45:58.0921 1780 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    03:45:58.0921 1780 srservice - ok
    03:45:58.0984 1780 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    03:45:58.0984 1780 Srv - ok
    03:45:59.0046 1780 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    03:45:59.0046 1780 SSDPSRV - ok
    03:45:59.0109 1780 [ B95480C92C4C9C311BE47B8A1AD73770 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
    03:45:59.0125 1780 STHDA - ok
    03:45:59.0234 1780 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
    03:45:59.0234 1780 StillCam - ok
    03:45:59.0328 1780 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    03:45:59.0343 1780 stisvc - ok
    03:45:59.0390 1780 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    03:45:59.0390 1780 swenum - ok
    03:45:59.0421 1780 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    03:45:59.0437 1780 swmidi - ok
    03:45:59.0468 1780 SwPrv - ok
    03:45:59.0546 1780 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
    03:45:59.0546 1780 symc810 - ok
    03:45:59.0640 1780 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    03:45:59.0640 1780 symc8xx - ok
    03:45:59.0671 1780 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    03:45:59.0671 1780 sym_hi - ok
    03:45:59.0718 1780 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    03:45:59.0718 1780 sym_u3 - ok
    03:45:59.0812 1780 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    03:45:59.0812 1780 sysaudio - ok
    03:45:59.0859 1780 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    03:45:59.0859 1780 SysmonLog - ok
    03:45:59.0937 1780 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    03:45:59.0953 1780 TapiSrv - ok
    03:46:00.0015 1780 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    03:46:00.0031 1780 Tcpip - ok
    03:46:00.0093 1780 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    03:46:00.0093 1780 TDPIPE - ok
    03:46:00.0140 1780 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    03:46:00.0140 1780 TDTCP - ok
    03:46:00.0203 1780 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    03:46:00.0203 1780 TermDD - ok
    03:46:00.0281 1780 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    03:46:00.0296 1780 TermService - ok
    03:46:00.0343 1780 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    03:46:00.0343 1780 Themes - ok
    03:46:00.0421 1780 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    03:46:00.0421 1780 TlntSvr - ok
    03:46:00.0484 1780 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
    03:46:00.0484 1780 TosIde - ok
    03:46:00.0562 1780 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    03:46:00.0562 1780 TrkWks - ok
    03:46:00.0656 1780 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    03:46:00.0656 1780 Udfs - ok
    03:46:00.0703 1780 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
    03:46:00.0703 1780 ultra - ok
    03:46:00.0765 1780 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    03:46:00.0781 1780 Update - ok
    03:46:00.0828 1780 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    03:46:00.0843 1780 upnphost - ok
    03:46:00.0890 1780 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    03:46:00.0890 1780 UPS - ok
    03:46:00.0984 1780 [ C1CA131F4E3ED63D6BC89A35FFAD4CDA ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
    03:46:00.0984 1780 USBAAPL - ok
    03:46:01.0046 1780 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    03:46:01.0046 1780 usbccgp - ok
    03:46:01.0093 1780 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    03:46:01.0093 1780 usbehci - ok
    03:46:01.0187 1780 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    03:46:01.0187 1780 usbhub - ok
    03:46:01.0281 1780 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    03:46:01.0281 1780 usbprint - ok
    03:46:01.0375 1780 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    03:46:01.0375 1780 USBSTOR - ok
    03:46:01.0437 1780 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    03:46:01.0437 1780 usbuhci - ok
    03:46:01.0500 1780 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    03:46:01.0500 1780 VgaSave - ok
    03:46:01.0562 1780 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
    03:46:01.0562 1780 viaagp - ok
    03:46:01.0656 1780 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
    03:46:01.0656 1780 ViaIde - ok
    03:46:01.0718 1780 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    03:46:01.0718 1780 VolSnap - ok
    03:46:01.0796 1780 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    03:46:01.0812 1780 VSS - ok
    03:46:01.0875 1780 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
    03:46:01.0890 1780 w32time - ok
    03:46:01.0937 1780 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    03:46:01.0937 1780 Wanarp - ok
    03:46:02.0000 1780 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
    03:46:02.0015 1780 wanatw - ok
    03:46:02.0078 1780 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    03:46:02.0078 1780 Wdf01000 - ok
    03:46:02.0109 1780 WDICA - ok
    03:46:02.0187 1780 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    03:46:02.0187 1780 wdmaud - ok
    03:46:02.0250 1780 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    03:46:02.0250 1780 WebClient - ok
    03:46:02.0343 1780 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    03:46:02.0375 1780 winachsf - ok
    03:46:02.0484 1780 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    03:46:02.0484 1780 winmgmt - ok
    03:46:02.0687 1780 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    03:46:02.0734 1780 wlidsvc - ok
    03:46:02.0843 1780 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    03:46:02.0843 1780 WLSetupSvc - ok
    03:46:02.0906 1780 [ 581176F60885AEF8F78C6E38DCC3CDF9 ] WMDM PMSP Service C:\WINDOWS\system32\MsPMSPSv.exe
    03:46:02.0906 1780 WMDM PMSP Service - ok
    03:46:02.0984 1780 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    03:46:02.0984 1780 WmdmPmSN - ok
    03:46:03.0062 1780 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    03:46:03.0093 1780 Wmi - ok
    03:46:03.0187 1780 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    03:46:03.0187 1780 WmiApSrv - ok
    03:46:03.0328 1780 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    03:46:03.0359 1780 WMPNetworkSvc - ok
    03:46:03.0421 1780 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
    03:46:03.0421 1780 WpdUsb - ok
    03:46:03.0500 1780 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    03:46:03.0640 1780 wuauserv - ok
    03:46:03.0734 1780 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    03:46:03.0734 1780 WudfPf - ok
    03:46:03.0796 1780 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    03:46:03.0812 1780 WudfRd - ok
    03:46:03.0875 1780 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    03:46:03.0875 1780 WudfSvc - ok
    03:46:03.0953 1780 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    03:46:03.0968 1780 WZCSVC - ok
    03:46:04.0015 1780 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    03:46:04.0109 1780 xmlprov - ok
    03:46:04.0187 1780 ================ Scan global ===============================
    03:46:04.0265 1780 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    03:46:04.0312 1780 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    03:46:04.0328 1780 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    03:46:04.0359 1780 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    03:46:04.0359 1780 [Global] - ok
    03:46:04.0359 1780 ================ Scan MBR ==================================
    03:46:04.0406 1780 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
    03:46:04.0656 1780 \Device\Harddisk0\DR0 - ok
    03:46:04.0656 1780 ================ Scan VBR ==================================
    03:46:04.0687 1780 [ 2860AF43991D59E904A9CEA7DF8231F3 ] \Device\Harddisk0\DR0\Partition1
    03:46:04.0687 1780 \Device\Harddisk0\DR0\Partition1 - ok
    03:46:04.0703 1780 ============================================================
    03:46:04.0703 1780 Scan finished
    03:46:04.0703 1780 ============================================================
    03:46:04.0765 1764 Detected object count: 1
    03:46:04.0765 1764 Actual detected object count: 1
    03:47:12.0703 1764 C:\WINDOWS\System32\Drivers\39081e7f9367d87f.sys - copied to quarantine
    03:47:12.0718 1764 HKLM\SYSTEM\ControlSet001\services\39081e7f9367d87f - will be deleted on reboot
    03:47:12.0750 1764 HKLM\SYSTEM\ControlSet002\services\39081e7f9367d87f - will be deleted on reboot
    03:47:12.0890 1764 C:\WINDOWS\System32\Drivers\39081e7f9367d87f.sys - will be deleted on reboot
    03:47:12.0890 1764 39081e7f9367d87f ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
    03:47:31.0890 1300 Deinitialize success
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Now when your computer is doing better we'll run some checks to make sure you're clean.

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ============================================

    Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    If normal mode still doesn't work, run the tool from safe mode.

    When the scan is done Notepad will open with rKill log.
    Post it in your next reply.

    NOTE. rKill.txt log will also be present on your desktop.

    ===========================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  13. Sprinter

    Sprinter TS Rookie Topic Starter Posts: 59

    This is the malwarebytes AM log. about to download and run rKill and post that log in a min


    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.08.31.13
    Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 7.0.5730.13
    atinker :: TINKER [administrator]
    8/31/2012 8:56:14 PM
    mbam-log-2012-08-31 (20-56-14).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 278662
    Time elapsed: 21 minute(s), 19 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 2
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|syshost32 (Trojan.Phex.THAGen6) -> Data: C:\WINDOWS\Installer\{B1E5375A-06CD-8564-AA25-957888614293}\syshost.exe -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|55476 (Trojan.Inject) -> Data: C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msiiui.scr -> Delete on reboot.
    Registry Data Items Detected: 2
    HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bad: (C:\RECYCLER\S-1-5-18\$27254ec040351f30aee8a6638f936eca\n.) Good: (fastprox.dll) -> Quarantined and repaired successfully.
    HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\RECYCLER\S-1-5-21-241897789-3776253787-1937995284-1006\$27254ec040351f30aee8a6638f936eca\n.) Good: (fastprox.dll) -> Quarantined and repaired successfully.
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 2
    C:\WINDOWS\Installer\{B1E5375A-06CD-8564-AA25-957888614293}\syshost.exe (Trojan.Phex.THAGen6) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Local Settings\Temp\msiiui.scr (Trojan.Inject) -> Quarantined and deleted successfully.
    (end)
     
  14. Sprinter

    Sprinter TS Rookie Topic Starter Posts: 59

    Rkill log


    Rkill 2.3.3 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html
    Program started at: 08/31/2012 10:26:08 PM in x86 mode.
    Windows Version: Microsoft Windows XP Service Pack 3
    Checking for Windows services to stop.
    * No malware services found to stop.
    Checking for processes to terminate.
    * No malware processes found to kill.
    Checking Registry for malware related settings.
    * No issues found in the Registry.
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    * HKLM\Software\Classes\.com "@" has been changed to ComFile!
    * HKLM\Software\Classes\.com "@"was reset to comfile!

    Performing miscellaneous checks.
    * Windows Firewall Disabled
    [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = dword:00000000
    Checking Windows Service Integrity:
    * Background Intelligent Transfer Service (BITS) is not Running.
    Startup Type set to: Automatic
    * COM+ Event System (EventSystem) is not Running.
    Startup Type set to: Manual
    * wscsvc [Missing Service]
    * wuauserv [Missing Service]
    * SharedAccess [Missing ImagePath]
    Searching for Missing Digital Signatures:
    * No issues found.
    Program finished at: 08/31/2012 10:26:57 PM
    Execution time: 0 hours(s), 0 minute(s), and 48 seconds(s)
     
  15. Sprinter

    Sprinter TS Rookie Topic Starter Posts: 59

    The last scan. aswMBR log is as follows. any next steps for me?
    thank you for the help so far and your free time,
    -Sprinter


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-31 22:30:11
    -----------------------------
    22:30:11.578 OS Version: Windows 5.1.2600 Service Pack 3
    22:30:11.578 Number of processors: 2 586 0x407
    22:30:11.578 ComputerName: TINKER UserName:
    22:30:12.046 Initialize success
    22:39:36.515 AVAST engine defs: 12083102
    22:59:17.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
    22:59:17.296 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
    22:59:17.343 Disk 0 MBR read successfully
    22:59:17.359 Disk 0 MBR scan
    22:59:17.421 Disk 0 unknown MBR code
    22:59:17.453 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
    22:59:17.515 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71468 MB offset 112455
    22:59:17.562 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 146496735
    22:59:17.609 Disk 0 scanning sectors +156232125
    22:59:17.718 Disk 0 scanning C:\WINDOWS\system32\drivers
    22:59:33.312 Service scanning
    22:59:58.609 Modules scanning
    23:00:02.968 Disk 0 trace - called modules:
    23:00:02.984 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
    23:00:02.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f77ab8]
    23:00:02.984 3 CLASSPNP.SYS[f7675fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86fd5d98]
    23:00:03.500 AVAST engine scan C:\WINDOWS
    23:00:46.828 AVAST engine scan C:\WINDOWS\system32
    23:04:40.265 AVAST engine scan C:\WINDOWS\system32\drivers
    23:05:02.484 AVAST engine scan C:\Documents and Settings\atinker
    23:37:25.234 AVAST engine scan C:\Documents and Settings\All Users
    23:48:44.750 Scan finished successfully
    23:54:07.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\atinker\Desktop\MBR.dat"
    23:54:07.796 The log file has been saved successfully to "C:\Documents and Settings\atinker\Desktop\aswMBR.txt"
     
  16. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Looks good so far...

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  17. Sprinter

    Sprinter TS Rookie Topic Starter Posts: 59

    Combofix log is as follows. im still running in safemode. what should I do next?

    ComboFix 12-08-31.08 - atinker 09/01/2012 0:21.3.2 - x86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.560 [GMT -4:00]
    Running from: c:\documents and settings\atinker\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    c:\windows\wt
    c:\windows\wt\data.wts
    c:\windows\wt\updater\wcmdmgr.exe
    c:\windows\wt\updater\wcmdmgrl.exe
    c:\windows\wt\updater\wt.ini
    c:\windows\wt\webdriver.dll
    c:\windows\wt\webdriver\4.1.1\actorobject.dll
    c:\windows\wt\webdriver\4.1.1\dx5drv.dll
    c:\windows\wt\webdriver\4.1.1\dx7drv.dll
    c:\windows\wt\webdriver\4.1.1\objectbundle.dll
    c:\windows\wt\webdriver\4.1.1\sound.dll
    c:\windows\wt\webdriver\4.1.1\wdcaps.ded
    c:\windows\wt\webdriver\4.1.1\wdengine.dll
    c:\windows\wt\webdriver\4.1.1\webdriver.dll
    c:\windows\wt\webdriver\4.1.1\wthost.exe
    c:\windows\wt\webdriver\4.1.1\wthostctl.dll
    c:\windows\wt\webdriver\4.1.1\wtmulti.dll
    c:\windows\wt\webdriver\4.1.1\wtmulti.jar
    c:\windows\wt\webdriver\4.1.1\wtwmplug.ax
    c:\windows\wt\webdriver\4.1.1\wtwmplug.ini
    c:\windows\wt\webdriver\export.dat
    c:\windows\wt\webdriver\jdriver.dll
    c:\windows\wt\webdriver\rdriver.dll
    c:\windows\wt\webdriver\wildtangent.jar
    c:\windows\wt\webdriver\wtdmmp.dll
    c:\windows\wt\webdriver\wtdmmpi.jar
    c:\windows\wt\webdriver\wtdmmpv.dll
    c:\windows\wt\wt3d.dll
    c:\windows\wt\wt3d.ini
    c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\controlPanel\index.html
    c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\update_info\data.wts
    c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmp.dll
    c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpi.jar
    c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpv.dll
    c:\windows\wt\wtupdates\dmmp\3.0.2.000\install\dmmp.cdanfo
    c:\windows\wt\wtupdates\dmmp\3.0.2.000\install\DMMP_Uninstall.cdas
    c:\windows\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html
    c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll
    c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar
    c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll
    c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll
    c:\windows\wt\wtupdates\DRM\3.2.0.19\files\wt.sto
    c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo
    c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas
    c:\windows\wt\wtupdates\webd\4.1.1\files\actorobject.dll
    c:\windows\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html
    c:\windows\wt\wtupdates\webd\4.1.1\files\dx5drv.dll
    c:\windows\wt\wtupdates\webd\4.1.1\files\dx7drv.dll
    c:\windows\wt\wtupdates\webd\4.1.1\files\jdriver.dll
    c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\data.wts
    c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll
    c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll
    c:\windows\wt\wtupdates\webd\4.1.1\files\npWTHost.dll
    c:\windows\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt
    c:\windows\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll
    c:\windows\wt\wtupdates\webd\4.1.1\files\rdriver.dll
    c:\windows\wt\wtupdates\webd\4.1.1\files\Sound.dll
    c:\windows\wt\wtupdates\webd\4.1.1\files\update_info\data.wts
    c:\windows\wt\wtupdates\webd\4.1.1\files\wdcaps.ded
    c:\windows\wt\wtupdates\webd\4.1.1\files\wdengine.dll
    c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo
    c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas
    c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas
    c:\windows\wt\wtupdates\webd\4.1.1\files\webdriver.dll
    c:\windows\wt\wtupdates\webd\4.1.1\files\wildtangent.jar
    c:\windows\wt\wtupdates\webd\4.1.1\files\wt3d.ini
    c:\windows\wt\wtupdates\webd\4.1.1\files\WTHost.exe
    c:\windows\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll
    c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.dll
    c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.jar
    c:\windows\wt\wtupdates\webd\4.1.1\files\wtvh.dll
    c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax
    c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini
    c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo
    c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas
    c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\controlpanel\index.html
    c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl.cdanfo
    c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl_Uninstall.cdas
    c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\WireControl.dll
    c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\index.html
    c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo
    c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas
    c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll
    c:\windows\wt\wtupdates\wtdmmp\update_info\data.wts
    c:\windows\wt\wtupdates\wtupdater\appinfo.dat
    c:\windows\wt\wtupdates\wtwebdriver\update_info\data.wts
    c:\windows\wt\wtvh.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-01 to 2012-09-01 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-01 02:21 . 2005-10-15 00:45 135168 ----a-w- c:\windows\system32\igfxres.dll
    2012-08-31 07:47 . 2012-08-31 07:47 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-08-29 16:17 . 2012-08-29 16:17 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
    2012-08-07 06:40 . 2012-08-07 06:40 -------- d-----w- c:\documents and settings\atinker\Local Settings\Application Data\Sun
    2012-08-07 06:31 . 2012-08-07 06:31 -------- d-----w- c:\program files\Oracle
    2012-08-07 06:31 . 2012-08-07 06:31 -------- d-----w- c:\documents and settings\atinker\Application Data\Oracle
    2012-08-07 06:31 . 2012-07-06 02:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-06 13:58 . 2005-08-16 08:18 78336 ----a-w- c:\windows\system32\browser.dll
    2012-07-06 02:07 . 2010-05-10 04:02 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-07-04 14:05 . 2005-08-16 08:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 17:46 . 2010-10-30 00:14 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-03 15:07 . 2005-08-16 08:18 832512 ----a-w- c:\windows\system32\wininet.dll
    2012-07-03 15:07 . 2005-08-16 08:18 1830912 ------w- c:\windows\system32\inetcpl.cpl
    2012-07-03 15:07 . 2005-08-16 08:18 78336 ----a-w- c:\windows\system32\ieencode.dll
    2012-07-03 15:07 . 2005-08-16 08:18 17408 ----a-w- c:\windows\system32\corpol.dll
    2012-07-03 13:40 . 2005-08-16 08:18 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50 . 2008-07-09 01:42 1372672 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50 . 2005-08-16 08:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32 . 2005-08-16 08:18 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-08-29 16:17 . 2012-06-11 01:14 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2010-10-14 03:28 . 2011-01-04 19:29 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
    "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
    "MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
    "VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
    "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-22 1193848]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "46A661F4-1EEB-4BBD-8947-26414B632DAE"="start" [X]
    "Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "Malwarebytes Anti-Malware (cleanup)"="c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-07-03 1085000]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-21 24576]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-20 813584]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-01-06 18:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2007-10-18 15:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
    2006-06-29 18:17 319488 ----a-w- c:\program files\Napster\napster.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/4/2011 3:28 PM 84072]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [1/4/2011 3:29 PM 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/4/2011 3:28 PM 141792]
    R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [7/29/2012 9:26 PM 642432]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [6/17/2009 12:55 PM 40720]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [6/17/2009 12:55 PM 10384]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/4/2011 3:28 PM 313288]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/4/2011 3:28 PM 88544]
    S1 A2DDA;A2 Direct Disk Access Support Driver;c:\documents and settings\atinker\Desktop\EmsisoftEmergencyKit\Run\a2ddax86.sys [8/31/2012 2:55 AM 17904]
    S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/20/2010 5:20 PM 10384]
    S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/4/2011 3:28 PM 271480]
    S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [1/4/2011 3:28 PM 271480]
    S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 6:44 PM 183560]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/4/2011 3:28 PM 55840]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/4/2011 3:28 PM 88544]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/4/2011 3:28 PM 84264]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/10/2012 9:14 PM 114144]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 10:05 AM 14904]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *Deregistered* - aswMBR
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    FF - ProfilePath - c:\documents and settings\atinker\Application Data\Mozilla\Firefox\Profiles\at0tu0ks.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-Aim6 - (no file)
    SafeBoot-96997861.sys
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-09-01 00:36
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1252)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll
    c:\windows\system32\l3codeca.acm
    c:\windows\system32\igfxdev.dll
    .
    Completion time: 2012-09-01 00:40:10
    ComboFix-quarantined-files.txt 2012-09-01 04:39
    .
    Pre-Run: 26,998,071,296 bytes free
    Post-Run: 28,414,414,848 bytes free
    .
    - - End Of File - - F07949A200455F569018111BC898A259
     
  18. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Looks good :)

    Are you having any issue with running the computer in normal mode?

    If not....

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  19. Sprinter

    Sprinter TS Rookie Topic Starter Posts: 59

    I restarted my computer in normal mode and a window and command prompt popped up before everything loaded. the window was titled "46A661F4-1EEB-4BBD-8947-26414b632DAE.exe"

    in the window it said "Windows cannot find 46A661F4-1EEB-4BBD-8947-26414b632DAE.exe . Make sure you typed the name correctly, and then try again. To search for a file, click the Start button , and then click Search"

    I clicked Ok and then everything loaded up fine. Not sure if this is an issue or not.
    Also I was wonder if I can delete any of this scanning tools or if you reccommend I keep certain ones to check for stuff now and then.?

    Thanks sooo much for the help! I really appreciate it.
    -Sprinter
     
  20. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    We'll look into that message when I see OTL logs.
     
  21. Sprinter

    Sprinter TS Rookie Topic Starter Posts: 59

    OTL logfile created on: 9/1/2012 10:41:07 PM - Run 1
    OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\atinker\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1022.07 Mb Total Physical Memory | 619.70 Mb Available Physical Memory | 60.63% Memory free
    2.40 Gb Paging File | 2.11 Gb Available in Paging File | 87.85% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 69.79 Gb Total Space | 25.49 Gb Free Space | 36.52% Space Free | Partition Type: NTFS

    Computer Name: TINKER | User Name: atinker | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/01 22:39:25 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\atinker\Desktop\OTL.exe
    PRC - [2012/09/01 22:26:31 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\atinker\Local Settings\temp\clclean.0001
    PRC - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    PRC - [2010/10/13 23:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    PRC - [2010/10/13 23:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
    PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
    PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/08/21 08:03:10 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    PRC - [2006/05/03 03:12:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    PRC - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
    PRC - [2005/09/15 09:47:22 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    PRC - [2005/03/23 00:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
    PRC - [2004/04/07 12:07:34 | 000,496,752 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    PRC - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/09/01 22:26:31 | 000,697,884 | ---- | M] () -- C:\Documents and Settings\atinker\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp
    MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
    MOD - [2009/07/20 13:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
    MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2006/05/03 03:12:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    MOD - [2005/05/19 08:54:00 | 001,345,520 | ---- | M] () -- C:\WINDOWS\system32\CTMBHA.DLL
    MOD - [2004/04/07 11:34:42 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\AOL\ACS\US\DialerRes.dll


    ========== Services (SafeList) ==========

    SRV - [2012/08/29 12:17:24 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/10/13 23:28:54 | 000,188,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
    SRV - [2010/10/13 23:28:54 | 000,171,168 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2010/10/13 23:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
    SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
    SRV - [2006/08/21 08:03:10 | 000,069,632 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
    SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\atinker\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
    DRV - [2012/08/31 00:10:11 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Documents and Settings\atinker\Desktop\EmsisoftEmergencyKit\Run\a2ddax86.sys -- (A2DDA)
    DRV - [2010/10/13 23:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2010/10/13 23:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2010/10/13 23:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2010/10/13 23:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2010/10/13 23:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
    DRV - [2010/10/13 23:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
    DRV - [2010/10/13 23:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2010/10/13 23:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
    DRV - [2010/10/13 23:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
    DRV - [2010/10/13 23:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2010/07/07 10:05:32 | 000,014,904 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
    DRV - [2009/11/06 04:26:36 | 000,642,432 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
    DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2009/06/17 12:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
    DRV - [2009/06/17 12:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
    DRV - [2009/06/17 12:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
    DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2006/08/21 08:10:08 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2005/09/07 13:32:58 | 000,024,960 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2005/09/07 13:29:44 | 000,044,288 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2005/06/06 21:40:48 | 000,180,736 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2005/03/25 16:11:00 | 001,350,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sigfilt.sys -- (sigfilt)
    DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    IE - HKU\S-1-5-21-241897789-3776253787-1937995284-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-241897789-3776253787-1937995284-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-241897789-3776253787-1937995284-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-241897789-3776253787-1937995284-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-241897789-3776253787-1937995284-1006\..\SearchScopes,DefaultScope = {52F738BA-DF21-405D-B72D-5797EB205C4E}
    IE - HKU\S-1-5-21-241897789-3776253787-1937995284-1006\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q={searchTerms}&src=IE-SearchBox
    IE - HKU\S-1-5-21-241897789-3776253787-1937995284-1006\..\SearchScopes\{52F738BA-DF21-405D-B72D-5797EB205C4E}: "URL" = http://www.google.com/search?q={sea...icrosoft:en-US&ie=utf8&oe=utf8&rlz=1I7_____en
    IE - HKU\S-1-5-21-241897789-3776253787-1937995284-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-241897789-3776253787-1937995284-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\atinker\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\atinker\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/29 12:17:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/07 02:31:12 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\atinker\Application Data\Move Networks [2010/05/10 04:05:02 | 000,000,000 | ---D | M]

    [2009/06/29 10:25:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\atinker\Application Data\Mozilla\Extensions
    [2012/06/10 21:19:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\atinker\Application Data\Mozilla\Firefox\Profiles\at0tu0ks.default\extensions
    [2009/09/10 18:28:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\atinker\Application Data\Mozilla\Firefox\Profiles\at0tu0ks.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/10/31 15:36:27 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\atinker\Application Data\Mozilla\Firefox\Profiles\at0tu0ks.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2010/10/31 15:27:15 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\atinker\Application Data\Mozilla\Firefox\Profiles\at0tu0ks.default\searchplugins\bing.xml
    [2012/06/14 04:04:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/01/31 18:41:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/01/31 18:41:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2012/08/29 12:17:25 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2010/10/13 23:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
    [2010/10/13 20:51:56 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll
    [2012/08/29 12:17:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/08/29 12:17:19 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/09/01 00:36:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll File not found
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKU\S-1-5-21-241897789-3776253787-1937995284-1006\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
    O3 - HKU\S-1-5-21-241897789-3776253787-1937995284-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
    O3 - HKU\S-1-5-21-241897789-3776253787-1937995284-1006\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online, Inc)
    O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
    O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
    O4 - HKU\S-1-5-21-241897789-3776253787-1937995284-1006..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-241897789-3776253787-1937995284-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-241897789-3776253787-1937995284-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-241897789-3776253787-1937995284-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-241897789-3776253787-1937995284-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
    O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-241897789-3776253787-1937995284-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1606AD12-2B57-4EA2-B8E1-4C06D804E959}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\atinker\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\atinker\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/01 22:39:21 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\atinker\Desktop\OTL.exe
    [2012/09/01 00:40:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2012/09/01 00:19:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/09/01 00:19:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/09/01 00:19:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/09/01 00:19:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/09/01 00:18:57 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/01 00:15:03 | 004,742,651 | R--- | C] (Swearware) -- C:\Documents and Settings\atinker\Desktop\ComboFix.exe
    [2012/08/31 22:29:32 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\atinker\Desktop\aswMBR.exe
    [2012/08/31 22:19:23 | 001,614,752 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\atinker\Desktop\rkill.exe
    [2012/08/31 03:47:12 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/08/31 03:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\atinker\Desktop\tdsskiller
    [2012/08/31 00:10:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\atinker\Desktop\EmsisoftEmergencyKit
    [2012/08/30 06:47:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2012/08/29 21:25:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2012/08/29 18:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Local Settings
    [2012/08/29 11:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2012/08/07 02:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\atinker\Local Settings\Application Data\Sun
    [2012/08/07 02:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
    [2012/08/07 02:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\atinker\Application Data\Oracle
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/09/01 22:39:25 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\atinker\Desktop\OTL.exe
    [2012/09/01 22:24:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/09/01 22:19:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/09/01 22:19:38 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/01 22:17:43 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/09/01 00:36:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/09/01 00:15:03 | 004,742,651 | R--- | M] (Swearware) -- C:\Documents and Settings\atinker\Desktop\ComboFix.exe
    [2012/08/31 23:54:07 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\atinker\Desktop\MBR.dat
    [2012/08/31 22:29:32 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\atinker\Desktop\aswMBR.exe
    [2012/08/31 22:19:29 | 001,614,752 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\atinker\Desktop\rkill.exe
    [2012/08/31 20:53:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/31 03:44:43 | 002,193,184 | ---- | M] () -- C:\Documents and Settings\atinker\Desktop\tdsskiller.zip
    [2012/08/31 00:03:33 | 172,178,317 | ---- | M] () -- C:\Documents and Settings\atinker\Desktop\EmsisoftEmergencyKit.zip
    [2012/08/27 17:54:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/08/15 14:25:40 | 000,154,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/08/15 13:59:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/08/07 02:46:19 | 000,000,040 | ---- | M] () -- C:\Documents and Settings\atinker\jagex_cl_runescape_LIVE.dat
    [2012/08/07 02:42:58 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\atinker\jagex_runescape_preferences2.dat
    [2012/08/07 02:41:13 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\atinker\jagex_runescape_preferences.dat
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/09/01 22:19:38 | 1071,796,224 | -HS- | C] () -- C:\hiberfil.sys
    [2012/09/01 00:19:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/09/01 00:19:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/09/01 00:19:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/09/01 00:19:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/09/01 00:19:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/08/31 23:54:07 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\atinker\Desktop\MBR.dat
    [2012/08/31 20:53:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/31 03:44:43 | 002,193,184 | ---- | C] () -- C:\Documents and Settings\atinker\Desktop\tdsskiller.zip
    [2012/08/31 00:02:45 | 172,178,317 | ---- | C] () -- C:\Documents and Settings\atinker\Desktop\EmsisoftEmergencyKit.zip
    [2012/08/07 02:41:11 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\atinker\jagex_cl_runescape_LIVE.dat
    [2012/02/15 16:34:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2010/11/24 12:17:19 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
    [2010/11/24 12:16:46 | 000,000,736 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
    [2010/11/24 12:13:22 | 000,110,390 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
    [2010/11/24 12:13:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2010/11/24 12:12:48 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
    [2010/11/17 19:47:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2010/05/09 23:55:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\atinker\jagex__preferences3.dat
    [2009/11/10 11:47:27 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\atinker\jagex_runescape_preferences2.dat
    [2008/08/20 01:39:23 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\atinker\jagex_runescape_preferences.dat
    [2007/04/10 14:43:25 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
    [2006/08/25 13:52:58 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\atinker\Local Settings\Application Data\fusioncache.dat

    ========== LOP Check ==========

    [2008/07/03 16:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
    [2005/08/16 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
    [2006/08/30 22:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
    [2010/04/12 17:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2009/02/05 21:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

    ========== Purity Check ==========


    < End of report >
     
  22. Sprinter

    Sprinter TS Rookie Topic Starter Posts: 59

    OTL Extras logfile created on: 9/1/2012 10:41:07 PM - Run 1
    OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\atinker\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1022.07 Mb Total Physical Memory | 619.70 Mb Available Physical Memory | 60.63% Memory free
    2.40 Gb Paging File | 2.11 Gb Available in Paging File | 87.85% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 69.79 Gb Total Space | 25.49 Gb Free Space | 36.52% Space Free | Partition Type: NTFS

    Computer Name: TINKER | User Name: atinker | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-241897789-3776253787-1937995284-1006\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
    "{162D2FB8-60A3-4871-B6A1-5C744CD34FF5}" = 725plc32
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
    "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
    "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
    "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
    "{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
    "{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
    "{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
    "{56DF5C9E-6392-46D3-B366-297B14E1DAAF}" = Bonjour Core for Windows
    "{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
    "{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
    "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
    "{66F324A1-BDC0-11D7-9E5C-00D0B76A8705}" = Creative NOMAD Jukebox Zen Xtra
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
    "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
    "{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{81823AEA-8950-4A07-AA39-6DDB5241A757}" = SAMSUNG Android USB Modem Software
    "{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{8A8F4EF8-160C-4E0F-B32D-92E2313E039B}" = Microsoft Baseline Security Analyzer 2.0
    "{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
    "{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
    "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
    "{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
    "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
    "{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
    "{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
    "{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
    "{E4257ACA-7D3B-4FBA-8A37-E1F4699E91C7}" = WOT Services
    "{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
    "{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}" = Goombah Partner COM Server
    "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
    "{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
    "{F99520C7-7EE6-472E-8DD8-E60003A9292F}" = WOT for Internet Explorer
    "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AIM_6" = AIM 6
    "AOL Connectivity Services" = AOL Connectivity Services
    "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
    "AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
    "ATI Display Driver" = ATI Display Driver
    "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
    "Creative Jukebox Driver" = Creative Jukebox Driver
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    "ESET Online Scanner" = ESET Online Scanner v3
    "ESPNMotion" = ESPNMotion
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSC" = McAfee SecurityCenter
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PartyPokerNet" = PartyPokerNet
    "PopCap Browser Plugin" = PopCap Browser Plugin
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RealPlayer 6.0" = RealPlayer Basic
    "Ruckus Player" = Ruckus Player
    "Secunia PSI" = Secunia PSI
    "Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
    "StarCraft II" = StarCraft II
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "WildTangent CDA" = WildTangent Web Driver
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMCSetup" = Windows Media Connect
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-241897789-3776253787-1937995284-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Media Player" = Move Media Player
    "Warcraft III" = Warcraft III

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11/21/2011 3:58:45 AM | Computer Name = TINKER | Source = Application Hang | ID = 1002
    Description = Hanging application OIS.EXE, version 11.0.8161.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 11/21/2011 11:24:40 PM | Computer Name = TINKER | Source = McLogEvent | ID = 5046
    Description = The McShield scanning service cannot find any configuration in the
    registry

    Error - 11/21/2011 11:40:23 PM | Computer Name = TINKER | Source = McLogEvent | ID = 5046
    Description = The McShield scanning service cannot find any configuration in the
    registry

    Error - 11/23/2011 6:36:09 AM | Computer Name = TINKER | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 7.0.6000.17103, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 11/24/2011 2:03:23 PM | Computer Name = TINKER | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.4324, faulting
    module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

    Error - 12/3/2011 12:16:59 AM | Computer Name = TINKER | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.4324, faulting
    module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

    Error - 12/10/2011 5:42:43 AM | Computer Name = TINKER | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.4324, faulting
    module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

    Error - 12/12/2011 7:47:30 AM | Computer Name = TINKER | Source = McLogEvent | ID = 5046
    Description = The McShield scanning service cannot find any configuration in the
    registry

    Error - 12/13/2011 10:16:59 AM | Computer Name = TINKER | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 7.0.6000.17103, faulting
    module ieframe.dll, version 7.0.6000.17103, fault address 0x000c954f.

    Error - 12/15/2011 4:29:12 AM | Computer Name = TINKER | Source = McLogEvent | ID = 5046
    Description = The McShield scanning service cannot find any configuration in the
    registry

    [ System Events ]
    Error - 9/1/2012 10:19:46 PM | Computer Name = TINKER | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the McAfee Services service
    to connect.

    Error - 9/1/2012 10:19:46 PM | Computer Name = TINKER | Source = Service Control Manager | ID = 7000
    Description = The McAfee Services service failed to start due to the following error:
    %%1053

    Error - 9/1/2012 10:19:46 PM | Computer Name = TINKER | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the McAfee VirusScan Announcer
    service to connect.

    Error - 9/1/2012 10:19:46 PM | Computer Name = TINKER | Source = Service Control Manager | ID = 7000
    Description = The McAfee VirusScan Announcer service failed to start due to the
    following error: %%1053

    Error - 9/1/2012 10:19:46 PM | Computer Name = TINKER | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the McAfee Personal Firewall
    Service service to connect.

    Error - 9/1/2012 10:19:46 PM | Computer Name = TINKER | Source = Service Control Manager | ID = 7000
    Description = The McAfee Personal Firewall Service service failed to start due to
    the following error: %%1053

    Error - 9/1/2012 10:19:47 PM | Computer Name = TINKER | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the McAfee Network Agent
    service to connect.

    Error - 9/1/2012 10:19:47 PM | Computer Name = TINKER | Source = Service Control Manager | ID = 7000
    Description = The McAfee Network Agent service failed to start due to the following
    error: %%1053

    Error - 9/1/2012 10:19:47 PM | Computer Name = TINKER | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the McAfee Proxy Service
    service to connect.

    Error - 9/1/2012 10:19:47 PM | Computer Name = TINKER | Source = Service Control Manager | ID = 7000
    Description = The McAfee Proxy Service service failed to start due to the following
    error: %%1053


    < End of report >
     
  23. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      MOD - [2012/09/01 22:26:31 | 000,697,884 | ---- | M] () -- C:\Documents and Settings\atinker\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp
      O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll File not found
      O15 - HKU\S-1-5-21-241897789-3776253787-1937995284-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ====================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  24. Sprinter

    Sprinter TS Rookie Topic Starter Posts: 59

    All processes killed
    ========== OTL ==========
    Releasing module C:\Documents and Settings\atinker\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp
    C:\Documents and Settings\atinker\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-241897789-3776253787-1937995284-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users
    ->Temp folder emptied: 0 bytes

    User: atinker
    ->Temp folder emptied: 2425523 bytes
    ->Temporary Internet Files folder emptied: 29321613 bytes
    ->Java cache emptied: 3487842 bytes
    ->FireFox cache emptied: 59100903 bytes
    ->Flash cache emptied: 34657948 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: gtinker
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 3024 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 664 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 123.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: atinker
    ->Java cache emptied: 0 bytes

    User: Default User

    User: gtinker

    User: LocalService

    User: NetworkService

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: atinker
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: gtinker

    User: LocalService

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.59.1 log created on 09022012_025813
    Files\Folders moved on Reboot...
    C:\Documents and Settings\atinker\Local Settings\Temp\clclean.0001.dir.0000\~efe2.tmp moved successfully.
    File\Folder C:\Documents and Settings\atinker\Local Settings\Temp\fla27.tmp not found!
    C:\Documents and Settings\atinker\Local Settings\Temp\REG21.tmp moved successfully.
    C:\Documents and Settings\atinker\Local Settings\Temp\REG22.tmp moved successfully.
    File\Folder C:\Documents and Settings\atinker\Local Settings\Temp\~DF717E.tmp not found!
    File\Folder C:\Documents and Settings\atinker\Local Settings\Temp\~DF718E.tmp not found!
    C:\Documents and Settings\atinker\Local Settings\Temporary Internet Files\Content.IE5\Y6ASIU0C\page-2[1].htm moved successfully.
    C:\Documents and Settings\atinker\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  25. Sprinter

    Sprinter TS Rookie Topic Starter Posts: 59

    Farbar Service Scanner Version: 06-08-2012
    Ran by atinker (administrator) on 02-09-2012 at 03:07:40
    Running from "C:\Documents and Settings\atinker\Desktop"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Security Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit
    Extra List:
    =======
    Gpc(6) IPSec(4) mfetdi2k(8) NetBT(5) PSched(7) Tcpip(3)
    0x080000000400000001000000020000000300000008000000050000000600000007000000
    IpSec Tag value is correct.
    **** End of log ****
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.