TechSpot

Malware causing havoc

Solved
By harveydf
Aug 11, 2011
  1. My computer began acting funny, so I ran MBAM and it found pum.hijack.help in a registry file. I thought this was the end of it, but something returned about five days later. It disabled McAfee, MBAM and caused numerous programs to open and close, until so many windows were opened that the system locked up. Then, I did a restore from ERUNT, because restore was not running and there were no other restore points. Then I ran MBAM, and found the same pum.hijack.help, and I deleted it, however windows updates will not configure. I respect what you do and appreciate your help.
    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7438

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    8/11/2011 4:20:20 PM
    mbam-log-2011-08-11 (16-20-20).txt

    Scan type: Quick scan
    Objects scanned: 196708
    Time elapsed: 5 minute(s), 48 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-08-11 16:38:28
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000064 WDC_WD50 rev.12.0
    Running: ufhbk1mo.exe; Driver: C:\Users\Harveydf\AppData\Local\Temp\uxlcykob.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x82F821E8]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x82F82212]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x82F821FE]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x82F821D4]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85BCA1F8
    Device \Driver\atapi \Device\Ide\IdePort0 85BCA1F8
    Device \Driver\atapi \Device\Ide\IdePort1 85BCA1F8
    Device \Driver\ahkw3fpc \Device\Scsi\ahkw3fpc1 874C0500
    Device \Driver\ahkw3fpc \Device\Scsi\ahkw3fpc1Port5Path0Target0Lun0 874C0500
    Device \FileSystem\Ntfs \Ntfs 85BCD1F8

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----
    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Harveydf at 16:43:09 on 2011-08-11
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2186 [GMT -7:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Windows\system32\mfevtps.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\zHotkey.exe
    C:\Windows\ModPS2Key.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\AT&T\Self Support Tool\ATTTray.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Palm\HOTSYNC.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://att.my.yahoo.com/?_bc=1
    uSearch Bar = hxxp://www.google.com/ie
    mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
    mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110510034359.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [CHotkey] zHotkey.exe
    mRun: [ModPS2] ModPS2Key.exe
    mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SBC_McciTrayApp] c:\program files\at&t\self support tool\ATTTray.exe
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AcronisTimounterMonitor] c:\program files\maxtor\maxblast\TimounterMonitor.exe
    mRun: [ShowWnd] ShowWnd.exe
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\users\harveydf\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\users\harveydf\appdata\roaming\micros~1\windows\startm~1\programs\startup\hotsyn~1.lnk - c:\palm\HOTSYNC.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    uPolicies-explorer: NoSMMyDocs = 1 (0x1)
    uPolicies-explorer: NoFavoritesMenu = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: turbotax.com
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{193FD7B8-6ED3-43A3-9D42-499D673FB086} : DhcpNameServer = 192.168.1.254
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    LSA: Authentication Packages = msv1_0 relog_ap
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\harveydf\appdata\roaming\mozilla\firefox\profiles\lppj4d9t.default\
    FF - prefs.js: browser.search.selectedEngine - Startpage
    FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\users\harveydf\appdata\local\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\users\harveydf\appdata\roaming\mozilla\firefox\profiles\lppj4d9t.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
    FF - Ext: ThumbStrips: ilab@intuit - %profile%\extensions\ilab@intuit
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
    FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu
    FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: SkipScreen: SkipScreen@SkipScreen - %profile%\extensions\SkipScreen@SkipScreen
    FF - Ext: FlashResizer: {C6F77964-B0B5-4953-A144-93051184EC0C} - %profile%\extensions\{C6F77964-B0B5-4953-A144-93051184EC0C}
    FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    FF - Ext: RightToClick: {cd617375-6743-4ee8-bac4-fbf10f35729e} - %profile%\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-28 387480]
    R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-3-3 64584]
    R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-3-3 165032]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-26 176128]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-6-14 21992]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-17 21504]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-11 366640]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-28 88176]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-3 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-3 271480]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-3 271480]
    R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-3 171168]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-3 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-3 141792]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-3 56064]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-11 22712]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-28 153280]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-3 314088]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-28 52320]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-3 84488]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-28 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-28 40552]
    S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-08-11 23:12:45 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-11 23:12:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-11 23:12:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-11 06:57:39 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5609542c-2c48-46b8-ab80-3caa26bfe480}\mpengine.dll
    2011-08-10 08:27:18 375808 ----a-w- c:\windows\system32\winsrv.dll
    2011-08-10 08:27:16 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-08-10 08:27:14 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-08-10 08:26:36 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-08-10 08:26:36 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-08-10 08:26:20 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-08-04 09:50:15 -------- d-----w- c:\users\harveydf\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2011-08-02 06:43:57 21896 ----a-w- c:\windows\system32\drivers\eufs.sys
    2011-08-02 06:43:57 188808 ----a-w- c:\windows\system32\drivers\eudisk.sys
    2011-08-02 06:43:57 15240 ----a-w- c:\windows\system32\drivers\eudskacs.sys
    2011-08-02 06:43:56 37256 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
    2011-08-02 06:43:56 31112 ----a-w- c:\windows\system32\drivers\eubakup.sys
    2011-07-18 08:39:58 6271648 ----a-w- c:\program files\mozilla firefox\plugins\NPSWF32.dll
    2011-07-13 09:28:03 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-07-13 09:27:58 49152 ----a-w- c:\windows\system32\csrsrv.dll
    .
    ==================== Find3M ====================
    .
    2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-06-30 08:44:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-13 09:20:42 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
    2011-06-13 09:20:42 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
    2011-06-13 09:20:29 132224 ----a-w- c:\windows\system32\drivers\snapman.sys
    2011-06-13 09:20:26 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
    2011-06-12 00:55:18 22 --sha-w- c:\users\harveydf\appdata\roaming\Sys2662.Config.Repository.bin
    2011-05-25 02:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 16:43:52.09 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/23/2007 3:55:52 PM
    System Uptime: 8/11/2011 3:58:07 PM (1 hours ago)
    .
    Motherboard: ECS | | MCP61PM-GM
    Processor: AMD Phenom(tm) 9500 Quad-Core Processor | Socket AM2 | 2200/235mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 324 GiB total, 248.037 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 4.504 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    1500
    1500_Help
    1500Trb
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    32 Bit HP CIO Components Installer
    Acrobat.com
    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe Acrobat 9.4.5 - CPSID_83708
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Asset Services CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe Creative Suite 4 Design Premium
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Dreamweaver CS4
    Adobe Drive CS4
    Adobe Dynamiclink Support
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Fireworks CS4
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI en
    Adobe Flash CS4 STI-en
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Illustrator CS4
    Adobe InDesign CS4
    Adobe InDesign CS4 Application Feature Set Files (Roman)
    Adobe InDesign CS4 Common Base Files
    Adobe InDesign CS4 Icon Handler
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader 8.1.2
    Adobe Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Reader for Palm OS, 3.05
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe SGM CS4
    Adobe Shockwave Player 11.5
    Adobe SING CS4
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe Version Cue CS4 Server
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    AIO_CDB_ProductContext
    AIO_CDB_Software
    AIO_Scan
    AnswerWorks 4.0 Runtime - English
    AnswerWorks 5.0 English Runtime
    AOL Uninstaller (Choose which Products to Remove)
    Apple Mobile Device Support
    Apple Software Update
    ArcGIS Desktop
    ArcGIS Tutorial Data
    Astrolog32 2.02
    AT&T Self Support Tool
    AT&T Yahoo! Applications
    ATI Catalyst Install Manager
    Aureas v8.7
    Avery Wizard 3.1
    BayGenie eBay Auction Sniper Pro Edition 3.1.8.0
    Bonjour
    Browser Address Error Redirector
    BufferChm
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Czech
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Greek
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Polish
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    Catalyst Control Center Localization Thai
    Catalyst Control Center Localization Turkish
    ccc-core-static
    ccc-utility
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Compatibility Pack for the 2007 Office system
    Connect
    Copy
    Core Temp version 0.99.8
    CPUID CPU-Z 1.57.1
    creepy 0.1.93
    Destinations
    Dev-C++ 5 beta 9 release (4.9.9.2)
    DeviceManagementQFolder
    Digital Media Reader
    DocProc
    DocProcQFolder
    ERUNT 1.1j
    eSupportQFolder
    EVEREST Home Edition v2.20
    Fax
    FormatFactory 2.20
    Free Window Registry Repair
    FreeMind
    Gateway Connect
    Gateway Games
    Gateway Recovery Center Installer
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPSMaster 2.13.5
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Imaging Device Functions 8.0
    HP OCR Software 8.0
    HP Photosmart Essential
    HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
    HP Solution Center 8.0
    HP Update
    HPProductAssistant
    InfraRecorder
    ISO Recorder
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Java(TM) SE Runtime Environment 6 Update 1
    jv16 PowerTools 2011
    kuler
    LabelPrint
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Maxtor MaxBlast
    McAfee SecurityCenter
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Help Viewer 1.0
    Microsoft Money Essentials
    Microsoft Money Shared Libraries
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server System CLR Types
    Microsoft Sync Framework 2.0 Core Components (x86) ENU
    Microsoft Sync Framework 2.0 Provider Services (x86) ENU
    Microsoft Visual Basic 2010 Express - ENU
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Works
    Microsoft WSE 2.0 SP3 Runtime
    Mobipocket Creator 4.2
    Mobipocket Reader 6.2
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox (3.6.18)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    Palm Desktop
    PDF Settings CS4
    Photoshop Camera Raw
    Pixel Bender Toolkit
    Power2Go 5.0
    PS2 Multimedia Keyboard Driver
    Python 2.4.1
    QuickTime
    Realtek High Definition Audio Driver
    RTC Client API v1.2
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489)
    Send To Toys v2.61
    Skins
    Soft Data Fax Modem with SmartCP
    SolutionCenter
    StarFisher
    Status
    Suite Shared Configuration CS4
    SyncToy 2.1 (x86)
    The Rosetta Stone
    TI Connect 1.6
    TI StudyCards Creator
    Toolbox
    TrayApp
    TurboTax 2008
    TurboTax 2008 wcaiper
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 wrapper
    TurboTax 2009
    TurboTax 2009 wcaiper
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wrapper
    TurboTax 2010
    TurboTax 2010 wcaiper
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    TurboTax Deluxe 2007
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2586924)
    Viewpoint Media Player
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    WebReg
    Windows Automated Installation Kit
    Windows Media Player Firefox Plugin
    WinRAR archiver
    XMind
    .
     
  2. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    From your other topic:

    ==== Event Viewer Messages From Past Week ========
    .
    8/4/2011 2:54:41 AM, Error: EventLog [6008] - The previous system shutdown at 2:36:21 AM on 8/4/2011 was unexpected.
    8/11/2011 4:11:06 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Windows Vista (KB2563894).
    8/11/2011 4:11:06 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Windows Vista (KB2556532).
    8/11/2011 4:11:06 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2539633).
    8/11/2011 4:03:03 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Update Rollup for ActiveX Killbits for Windows Vista (KB2562937).
    8/11/2011 4:03:03 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Update for Windows Vista (KB2563227).
    8/11/2011 4:03:03 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Update for Windows Vista (KB2533623).
    8/11/2011 4:03:03 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Update for Windows Mail Junk E-mail Filter [August 2011] (KB905866).
    8/11/2011 4:03:03 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Windows Vista (KB2567680).
    8/11/2011 4:03:03 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Windows Vista (KB2555917).
    8/11/2011 4:03:03 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Windows Vista (KB2536276).
    8/11/2011 4:03:03 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Windows Vista (KB2532531).
    8/11/2011 4:03:03 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Windows Vista (KB2507938).
    8/11/2011 4:03:03 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Cumulative Security Update for Internet Explorer 9 for Windows Vista (KB2559049).
    8/11/2011 4:01:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
    8/11/2011 4:01:47 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB905866_client~31bf3856ad364e35~x86~~6.0.50.0 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB905866_client_2~31bf3856ad364e35~x86~~6.0.50.0 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2567680~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2567680_client~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2567680_client_2~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2563894_client~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2563894_client_2~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2563227_client~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2563227_client_2~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2562937_client~31bf3856ad364e35~x86~~6.0.1.1 () into Absent(Absent) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2562937_client_2~31bf3856ad364e35~x86~~6.0.1.1 () into Absent(Absent) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2559049_RTM~31bf3856ad364e35~x86~~9.1.1.3 () into Absent(Absent) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2556532_client~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2556532_client_2~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2555917_client~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2555917_client_2~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2555917_client_1~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2539633_client~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2539633_client_2~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2536276_client~31bf3856ad364e35~x86~~6.0.2.0 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2536276_client_2~31bf3856ad364e35~x86~~6.0.2.0 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2536276_client_1~31bf3856ad364e35~x86~~6.0.2.0 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2533623_client~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2533623_client_2~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2533623_client_1~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2532531_client~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2532531_client_2~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2532531_client_1~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2507938_client~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2507938_client_2~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2507938_client_1~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_7_for_KB978886~31bf3856ad364e35~x86~~6.0.1.2 () into Installed(Installed) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_7_for_KB978338~31bf3856ad364e35~x86~~6.0.1.2 () into Installed(Installed) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_7_for_KB974145~31bf3856ad364e35~x86~~6.0.1.4 () into Installed(Installed) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_7_for_KB2539633~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_7_for_KB2393802~31bf3856ad364e35~x86~~6.0.1.3 () into Installed(Installed) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_6_for_KB978886~31bf3856ad364e35~x86~~6.0.1.2 () into Installed(Installed) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_6_for_KB978338~31bf3856ad364e35~x86~~6.0.1.2 () into Installed(Installed) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_6_for_KB974145~31bf3856ad364e35~x86~~6.0.1.4 () into Installed(Installed) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_6_for_KB2507938~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_6_for_KB2393802~31bf3856ad364e35~x86~~6.0.1.3 () into Installed(Installed) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_5_for_KB2555917~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_5_for_KB2536276~31bf3856ad364e35~x86~~6.0.2.0 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_5_for_KB2533623~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_5_for_KB2507938~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2563894~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2556532~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2555917~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2536276~31bf3856ad364e35~x86~~6.0.2.0 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2533623~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2532531~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2507938~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB905866~31bf3856ad364e35~x86~~6.0.50.0 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2567680~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2563894~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2563227~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2562937~31bf3856ad364e35~x86~~6.0.1.1 () into Absent(Absent) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2559049~31bf3856ad364e35~x86~~9.1.1.3 () into Absent(Absent) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2556532~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2539633~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
    8/11/2011 4:01:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2532531~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
    8/11/2011 4:01:14 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2532531~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
    8/11/2011 4:01:10 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2536276~31bf3856ad364e35~x86~~6.0.2.0 () into Resolved(Resolved) state
    8/11/2011 4:01:06 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2562937~31bf3856ad364e35~x86~~6.0.1.1 () into Absent(Absent) state
    8/11/2011 4:01:02 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2555917~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
    8/11/2011 4:00:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2559049~31bf3856ad364e35~x86~~9.1.1.3 () into Absent(Absent) state
    8/11/2011 4:00:20 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB905866~31bf3856ad364e35~x86~~6.0.50.0 () into Resolved(Resolved) state
    8/11/2011 3:59:59 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2533623~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
    8/11/2011 3:59:45 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2563227~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
    8/11/2011 3:59:42 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2539633~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
    8/11/2011 3:59:42 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2507938~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
    8/11/2011 3:59:41 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2563894~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
    8/11/2011 3:59:41 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2556532~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
    8/11/2011 3:57:28 PM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.
    8/11/2011 3:16:23 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows Vista (KB2567680).
    8/11/2011 3:06:36 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2567680 (Security Update) into Staging(Staging) state
    8/11/2011 3:06:36 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2567680 (Security Update) into Resolved(Resolved) state
    8/11/2011 3:05:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows Vista (KB2536276).
    8/11/2011 3:05:54 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2536276 (Security Update) into Staging(Staging) state
    8/11/2011 3:05:54 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2536276 (Security Update) into Resolved(Resolved) state
    8/11/2011 3:03:50 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows Mail Junk E-mail Filter [August 2011] (KB905866).
    8/11/2011 3:03:45 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB905866 (Update) into Staging(Staging) state
    8/11/2011 3:03:45 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB905866 (Update) into Resolved(Resolved) state
    8/11/2011 3:03:40 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows Vista (KB2563227).
    8/11/2011 3:03:35 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2563227 (Update) into Staging(Staging) state
    8/11/2011 3:03:35 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2563227 (Update) into Resolved(Resolved) state
    8/11/2011 3:03:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2539633).
    8/11/2011 3:03:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2539633 (Security Update) into Staging(Staging) state
    8/11/2011 3:03:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2539633 (Security Update) into Resolved(Resolved) state
    8/11/2011 3:03:20 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2539633-2_neutral_GDR from package KB2539633(Security Update) into Staging(Staging) state
    8/11/2011 3:03:20 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2539633-14_neutral_GDR from package KB2539633(Security Update) into Staging(Staging) state
    8/11/2011 3:03:20 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2539633-13_neutral_LDR from package KB2539633(Security Update) into Staging(Staging) state
    8/11/2011 3:03:20 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2539633-1_neutral_LDR from package KB2539633(Security Update) into Staging(Staging) state
    8/11/2011 3:03:16 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows Vista (KB2556532).
    8/11/2011 3:03:11 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2556532 (Security Update) into Staging(Staging) state
    8/11/2011 3:03:11 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2556532 (Security Update) into Resolved(Resolved) state
    8/11/2011 3:03:09 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2556532-6_neutral_GDR from package KB2556532(Security Update) into Staging(Staging) state
    8/11/2011 3:03:09 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2556532-5_neutral_LDR from package KB2556532(Security Update) into Staging(Staging) state
    8/11/2011 3:03:09 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2556532-4_neutral_LDR from package KB2556532(Security Update) into Staging(Staging) state
    8/11/2011 3:03:09 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2556532-3_neutral_GDR from package KB2556532(Security Update) into Staging(Staging) state
    8/11/2011 3:03:09 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2556532-2_neutral_LDR from package KB2556532(Security Update) into Staging(Staging) state
    8/11/2011 3:03:09 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2556532-1_neutral_LDR from package KB2556532(Security Update) into Staging(Staging) state
    8/11/2011 3:00:35 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows Vista (KB2563894).
    8/11/2011 3:00:30 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2563894 (Security Update) into Staging(Staging) state
    8/11/2011 3:00:30 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2563894 (Security Update) into Resolved(Resolved) state
    8/11/2011 3:00:26 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2563894-6_neutral_GDR from package KB2563894(Security Update) into Staging(Staging) state
    8/11/2011 3:00:26 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2563894-5_neutral_LDR from package KB2563894(Security Update) into Staging(Staging) state
    8/11/2011 3:00:26 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2563894-4_neutral_LDR from package KB2563894(Security Update) into Staging(Staging) state
    8/11/2011 3:00:26 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2563894-3_neutral_GDR from package KB2563894(Security Update) into Staging(Staging) state
    8/11/2011 3:00:26 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2563894-2_neutral_LDR from package KB2563894(Security Update) into Staging(Staging) state
    8/11/2011 3:00:26 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2563894-1_neutral_LDR from package KB2563894(Security Update) into Staging(Staging) state
    8/11/2011 12:12:40 AM, Error: Service Control Manager [7000] - The Maxtor Scheduler2 Service service failed to start due to the following error: The system cannot find the path specified.
    8/10/2011 9:08:13 PM, Error: EventLog [6008] - The previous system shutdown at 8:56:58 PM on 8/10/2011 was unexpected.
    8/10/2011 8:51:05 PM, Error: EventLog [6008] - The previous system shutdown at 8:48:43 PM on 8/10/2011 was unexpected.
    8/10/2011 8:40:50 PM, Error: EventLog [6008] - The previous system shutdown at 8:39:00 PM on 8/10/2011 was unexpected.
    8/10/2011 11:46:42 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP PSC 1500 series with shared resource name HP PSC 1500 series. Error 2114. The printer cannot be used by others on the network.
    8/10/2011 11:44:30 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80092003 Error description: An error occurred while reading or writing to a file. Signatures loading: Backup Loading signature version: 1.109.625.0 Loading engine version: 1.1.7104.0
    .
    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  4. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    Havoc still happening

    I ran aswMBR and save the file to the desktop. I disabled McAfees and MBAM per your instructions, the firewall as well. I ran combofix, at stage 8 McAfees pops up a message asking if combofix could access the internet, I said yes? Then at stage 32 McAfees pops up the same message and I said yes. It finishes at stage 50, deletes four files and reboots the machine.
    After the reboot McAfees was totally enabled? It allowed three files quick access to the internet. Windows security had a big red X on it, and UAC was off. I turned it on and it ask for a reboot. I rebooted.
    I don’t think this is a successful stage two for us, but will post the two logs anyway and wait for your instructions.
    aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
    Run date: 2011-08-11 20:08:52
    -----------------------------
    20:08:52.819 OS Version: Windows 6.0.6002 Service Pack 2
    20:08:52.819 Number of processors: 4 586 0x202
    20:08:52.819 ComputerName: HARVEYDF-PC UserName: Harveydf
    20:08:54.488 Initialize success
    20:09:20.283 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
    20:09:20.283 Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 6
    20:09:22.311 Disk 0 MBR read successfully
    20:09:22.311 Disk 0 MBR scan
    20:09:22.311 Disk 0 Windows VISTA default MBR code
    20:09:22.327 Disk 0 scanning sectors +703154216
    20:09:22.373 Disk 0 scanning C:\Windows\system32\drivers
    20:09:28.021 Service scanning
    20:09:28.785 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    20:09:29.393 Modules scanning
    20:09:34.323 Disk 0 trace - called modules:
    20:09:34.339 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85bcc1f8]<<
    20:09:34.354 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f2a378]
    20:09:34.354 3 CLASSPNP.SYS[8b4d88b3] -> nt!IofCallDriver -> [0x85c37df0]
    20:09:34.354 5 acpi.sys[82d3d6bc] -> nt!IofCallDriver -> \Device\00000064[0x85c4eb88]
    20:09:34.370 \Driver\nvstor32[0x85c5ce20] -> IRP_MJ_CREATE -> 0x85bcc1f8
    20:09:34.370 Scan finished successfully
    20:09:57.177 Disk 0 MBR has been saved successfully to "C:\Users\Harveydf\Desktop\MBR.dat"
    20:09:57.224 The log file has been saved successfully to "C:\Users\Harveydf\Desktop\aswMBR.txt"
    ComboFix 11-08-11.04 - Harveydf 08/11/2011 20:24:26.1.4 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2103 [GMT -7:00]
    Running from: c:\users\Harveydf\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Harveydf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Windows12111_ConfigRepository.bin
    c:\windows\system32\regobj.dll
    c:\windows\Update.bat
    D:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_FILEMON
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-12 to 2011-08-12 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-12 03:34 . 2011-08-12 03:34 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-08-11 23:12 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-11 23:12 . 2011-08-11 23:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-11 23:12 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-11 06:57 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5609542C-2C48-46B8-AB80-3CAA26BFE480}\mpengine.dll
    2011-08-10 08:27 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
    2011-08-10 08:27 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-08-10 08:27 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-08-10 08:26 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-08-10 08:26 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-08-10 08:26 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-08-04 13:52 . 2011-08-04 13:55 -------- d-----w- c:\users\Harveydf\AppData\Roaming\ImgBurn
    2011-08-04 13:46 . 2011-08-04 13:47 -------- d-----w- c:\program files\ImgBurn
    2011-08-04 09:50 . 2011-08-04 09:50 -------- d-----w- c:\users\Harveydf\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2011-08-02 06:43 . 2011-04-23 01:26 21896 ----a-w- c:\windows\system32\drivers\eufs.sys
    2011-08-02 06:43 . 2011-04-23 01:26 15240 ----a-w- c:\windows\system32\drivers\eudskacs.sys
    2011-08-02 06:43 . 2011-04-23 01:26 188808 ----a-w- c:\windows\system32\drivers\eudisk.sys
    2011-08-02 06:43 . 2011-04-23 01:26 37256 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
    2011-08-02 06:43 . 2011-04-23 01:26 31112 ----a-w- c:\windows\system32\drivers\eubakup.sys
    2011-07-18 08:39 . 2011-06-30 08:44 6271648 ----a-w- c:\program files\Mozilla Firefox\plugins\NPSWF32.dll
    2011-07-13 09:28 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-07-13 09:27 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-30 08:44 . 2011-06-01 07:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-17 10:05 . 2010-08-17 05:37 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
    2011-06-13 09:20 . 2011-06-13 09:20 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
    2011-06-13 09:20 . 2011-06-13 09:20 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
    2011-06-13 09:20 . 2011-06-13 09:20 132224 ----a-w- c:\windows\system32\drivers\snapman.sys
    2011-06-13 09:20 . 2011-06-13 09:20 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
    2011-06-12 00:55 . 2011-06-12 00:55 22 --sha-w- c:\users\Harveydf\AppData\Roaming\Sys2662.Config.Repository.bin
    2011-05-25 02:14 . 2011-05-25 10:32 222080 ------w- c:\windows\system32\MpSigStub.exe
    2007-08-24 11:52 . 2008-02-19 16:21 300400 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
    2011-04-14 21:01 . 2011-03-03 18:57 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CHotkey"="zHotkey.exe" [2006-11-07 547840]
    "ModPS2"="ModPS2Key.exe" [2006-11-07 53248]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
    "SBC_McciTrayApp"="c:\program files\AT&T\Self Support Tool\ATTTray.exe" [2007-06-06 986208]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-03-31 611712]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-08 40376]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "ShowWnd"="ShowWnd.exe" [2005-01-27 36864]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072]
    .
    c:\users\Harveydf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    HotSync Manager.lnk - c:\palm\HOTSYNC.EXE [2004-4-13 299008]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMMyDocs"= 1 (0x1)
    "NoFavoritesMenu"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-01-12 06:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2008-08-08 12:11 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-09-03 17:36 136176 ----atw- c:\users\Harveydf\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\aol\1203397107\ee\aolsoftware.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-06-08 00:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2011-07-07 02:52 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
    2010-09-03 17:36 136176 ----atw- c:\users\Harveydf\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-04-08 19:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-06-01 04:43 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 135664]
    R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2010-03-31 288112]
    R3 ALSysIO;ALSysIO;c:\users\Harveydf\AppData\Local\Temp\ALSysIO.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 135664]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]
    R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-10-08 717296]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 64584]
    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 165032]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 88176]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-14 141792]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 15:59]
    .
    2011-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 15:59]
    .
    2011-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3010283643-4083402107-944152190-1000Core.job
    - c:\users\Harveydf\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-03 17:36]
    .
    2011-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3010283643-4083402107-944152190-1000UA.job
    - c:\users\Harveydf\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-03 17:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://att.my.yahoo.com/?_bc=1
    mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: turbotax.com
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\
    FF - prefs.js: browser.search.selectedEngine - Startpage
    FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
    FF - Ext: ThumbStrips: ilab@intuit - %profile%\extensions\ilab@intuit
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
    FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu
    FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: SkipScreen: SkipScreen@SkipScreen - %profile%\extensions\SkipScreen@SkipScreen
    FF - Ext: FlashResizer: {C6F77964-B0B5-4953-A144-93051184EC0C} - %profile%\extensions\{C6F77964-B0B5-4953-A144-93051184EC0C}
    FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    FF - Ext: RightToClick: {cd617375-6743-4ee8-bac4-fbf10f35729e} - %profile%\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-AcronisTimounterMonitor - c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe
    SafeBoot-aawservice
    AddRemove-InfraRecorder - c:\program files\InfraRecorder\uninstall.exe
    AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_B12CA2CBE40DD1A2.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-08-11 20:42
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&7f237b6&0&UID268435456\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&7f237b6&0&UID268435456\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GWY077A\5&7f237b6&0&UID268435460\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GWY077A\5&7f237b6&0&UID268435460\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GWY077B\5&7f237b6&0&UID268435456\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GWY077B\5&7f237b6&0&UID268435456\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\PHL0018\5&7f237b6&0&UID268435456\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\PHL0018\5&7f237b6&0&UID268435456\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(4608)
    c:\progra~1\mcafee\SITEAD~1\saHook.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\atieclxx.exe
    c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\rundll32.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
    c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\zHotkey.exe
    c:\windows\ModPS2Key.exe
    c:\windows\RtHDVCpl.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    .
    **************************************************************************
    .
    Completion time: 2011-08-11 20:47:23 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-08-12 03:47
    .
    Pre-Run: 265,833,684,992 bytes free
    Post-Run: 265,996,935,168 bytes free
    .
    - - End Of File - - D4EC75C891A9F7118FC15E3B07571CD8
     
  5. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Never disable firewall.
    It's your first line of protection.

    Combofix log looks good now.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  6. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    Havoc met demise?

    The computer seems OK. There was a lot of processor activity on reboot. I don't understand how McAfees re enabled itself and it settings, but if the logs are good then great.
    Here are the latest logs.

    OTL logfile created on: 8/11/2011 9:52:15 PM - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Harveydf\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 63.38% Memory free
    7.67 Gb Paging File | 6.42 Gb Available in Paging File | 83.72% Paging File free
    Paging file location(s): c:\pagefile.sys 4603 4603 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 324.26 Gb Total Space | 244.86 Gb Free Space | 75.51% Space Free | Partition Type: NTFS
    Drive D: | 11.03 Gb Total Space | 4.50 Gb Free Space | 40.83% Space Free | Partition Type: NTFS

    Computer Name: HARVEYDF-PC | User Name: Harveydf | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/08/11 21:31:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Harveydf\Desktop\OTL.exe
    PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/06/28 07:01:30 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2011/04/20 02:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
    PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    PRC - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/08/08 05:11:12 | 000,490,952 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
    PRC - [2007/10/30 21:35:58 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2007/06/06 10:48:44 | 000,986,208 | ---- | M] (AT&T Knowledge Ventures, L.P.) -- C:\Program Files\AT&T\Self Support Tool\ATTTray.exe
    PRC - [2006/11/07 15:34:26 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModPS2Key.exe
    PRC - [2006/11/07 15:08:40 | 000,547,840 | ---- | M] () -- C:\Windows\zHotkey.exe
    PRC - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
    PRC - [2004/04/13 10:54:26 | 000,299,008 | ---- | M] (Palm, Inc.) -- C:\Palm\HOTSYNC.EXE


    ========== Modules (SafeList) ==========

    MOD - [2011/08/11 21:31:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Harveydf\Desktop\OTL.exe
    MOD - [2011/07/21 19:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    MOD - [2011/07/21 19:45:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
    MOD - [2011/04/20 08:19:38 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
    MOD - [2011/04/14 14:01:38 | 000,075,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110510034359.dll
    MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
    MOD - [2010/11/04 11:51:35 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\GdiPlus.dll
    MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    MOD - [2009/04/10 23:28:25 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiutils.dll
    MOD - [2009/04/10 23:28:25 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll
    MOD - [2009/04/10 23:28:25 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll
    MOD - [2009/04/10 23:28:22 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
    MOD - [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll
    MOD - [2008/01/19 00:36:49 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemdisp.dll
    MOD - [2008/01/19 00:36:48 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
    MOD - [2008/01/19 00:36:37 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (Apple Mobile Device)
    SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
    SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
    SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2010/03/30 21:47:31 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
    SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2010/01/09 13:37:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/08/29 14:58:47 | 000,181,800 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/06/13 02:20:42 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
    DRV - [2011/06/13 02:20:42 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
    DRV - [2011/06/13 02:20:29 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
    DRV - [2011/06/13 02:20:26 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpman.sys -- (tdrpman)
    DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
    DRV - [2011/04/20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
    DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2011/04/14 14:01:38 | 000,165,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
    DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2011/04/14 14:01:38 | 000,064,584 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
    DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
    DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
    DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
    DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2008/10/07 20:38:21 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
    DRV - [2007/06/29 10:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/06/20 04:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2007/01/19 10:53:43 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2007/01/19 10:53:42 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2006/11/29 15:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2006/11/02 01:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2006/11/02 00:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
    DRV - [2006/11/02 00:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
    DRV - [2006/11/02 00:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2004/04/13 10:54:58 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
    DRV - [2004/02/04 11:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/?_bc=1
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Startpage"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
    FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
    FF - prefs.js..extensions.enabledItems: ilab@intuit:1.7
    FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.1.5
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.21amo
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {C6F77964-B0B5-4953-A144-93051184EC0C}:1.4
    FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.5
    FF - prefs.js..extensions.enabledItems: {cd617375-6743-4ee8-bac4-fbf10f35729e}:2.8.7

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found
    FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\Harveydf\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Harveydf\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Harveydf\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/08/10 00:26:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/30 20:24:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/18 01:39:58 | 000,000,000 | ---D | M]

    [2008/08/31 22:53:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Extensions
    [2011/08/11 05:16:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions
    [2011/08/08 21:04:22 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    [2010/06/25 13:16:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/05/26 18:42:12 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    [2011/06/30 01:56:44 | 000,000,000 | ---D | M] (FlashResizer) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{C6F77964-B0B5-4953-A144-93051184EC0C}
    [2011/08/08 21:18:06 | 000,000,000 | ---D | M] ("RightToClick") -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
    [2011/05/26 18:42:12 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    [2010/03/15 19:50:42 | 000,000,000 | ---D | M] ("ThumbStrips") -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\ilab@intuit
    [2008/03/28 10:36:45 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\moveplayer@movenetworks.com
    [2011/03/26 20:56:20 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\SkipScreen@SkipScreen
    [2011/05/26 18:42:14 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\zotero@chnm.gmu.edu
    [2011/08/11 17:33:22 | 000,005,457 | ---- | M] () -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\searchplugins\startpage.xml
    [2011/08/11 05:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/07/29 22:46:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/18 09:45:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/12/18 20:45:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/02/19 13:02:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/06/08 23:17:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2008/08/31 22:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
    [2011/08/10 00:26:29 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
    [2007/08/24 04:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
    [2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
    [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/06/30 01:44:11 | 006,271,648 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

    O1 HOSTS File: ([2011/08/11 20:37:45 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110510034359.dll (McAfee, Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [CHotkey] C:\Windows\zHotkey.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [ModPS2] C:\Windows\ModPS2Key.exe (Chicony)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SBC_McciTrayApp] C:\Program Files\AT&T\Self Support Tool\ATTTray.exe (AT&T Knowledge Ventures, L.P.)
    O4 - HKLM..\Run: [ShowWnd] C:\Windows\ShowWnd.exe ()
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
    O4 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
    O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
    O4 - Startup: C:\Users\Harveydf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Users\Harveydf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE (Palm, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
    O7 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
    O7 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
    O7 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O24 - Desktop BackupWallPaper: C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/08/11 21:31:16 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Harveydf\Desktop\OTL.exe
    [2011/08/11 20:47:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/08/11 20:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2011/08/11 20:37:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/08/11 20:20:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/08/11 20:20:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/08/11 20:20:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/08/11 20:20:47 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011/08/11 20:18:24 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/08/11 19:38:13 | 004,170,617 | R--- | C] (Swearware) -- C:\Users\Harveydf\Desktop\ComboFix.exe
    [2011/08/11 19:37:20 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\Harveydf\Desktop\aswMBR.exe
    [2011/08/11 16:41:13 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Harveydf\Desktop\dds.scr
    [2011/08/11 16:12:45 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/08/11 16:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/08/11 16:12:41 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/08/11 16:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/08/11 15:42:24 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Harveydf\Desktop\mbam-setup-1.51.1.1800.exe
    [2011/08/11 14:11:36 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/08/04 06:52:22 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\ImgBurn
    [2011/08/04 06:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
    [2011/08/04 02:50:15 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/08/01 23:43:57 | 000,188,808 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eudisk.sys
    [2011/08/01 23:43:57 | 000,021,896 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eufs.sys
    [2011/08/01 23:43:57 | 000,015,240 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eudskacs.sys
    [2011/08/01 23:43:56 | 000,031,112 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eubakup.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/08/11 21:31:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Harveydf\Desktop\OTL.exe
    [2011/08/11 20:54:20 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2011/08/11 20:44:49 | 000,695,370 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/08/11 20:44:49 | 000,139,910 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/08/11 20:37:45 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/08/11 20:37:34 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/08/11 20:37:34 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/08/11 20:37:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/08/11 20:37:03 | 3488,079,872 | -HS- | M] () -- C:\hiberfil.sys
    [2011/08/11 20:20:27 | 004,170,617 | R--- | M] (Swearware) -- C:\Users\Harveydf\Desktop\ComboFix.exe
    [2011/08/11 20:09:57 | 000,000,512 | ---- | M] () -- C:\Users\Harveydf\Desktop\MBR.dat
    [2011/08/11 19:51:28 | 001,008,092 | ---- | M] () -- C:\Users\Harveydf\Desktop\rkill.com
    [2011/08/11 19:37:44 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Harveydf\Desktop\aswMBR.exe
    [2011/08/11 16:41:16 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Harveydf\Desktop\dds.scr
    [2011/08/11 16:27:49 | 000,302,592 | ---- | M] () -- C:\Users\Harveydf\Desktop\ufhbk1mo.exe
    [2011/08/11 16:12:45 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/08/11 15:44:08 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Harveydf\Desktop\mbam-setup-1.51.1.1800.exe
    [2011/08/11 13:25:07 | 000,000,086 | ---- | M] () -- C:\Users\Harveydf\Desktop\Buy jv16 PowerTools.url
    [2011/08/11 13:03:55 | 000,308,659 | ---- | M] () -- C:\Users\Harveydf\AppData\Local\census.cache
    [2011/08/11 13:03:36 | 000,188,735 | ---- | M] () -- C:\Users\Harveydf\AppData\Local\ars.cache
    [2011/08/11 12:44:13 | 000,000,036 | ---- | M] () -- C:\Users\Harveydf\AppData\Local\housecall.guid.cache
    [2011/08/11 03:23:30 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/08/11 00:11:18 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3010283643-4083402107-944152190-1000UA.job
    [2011/08/10 23:46:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/08/10 23:40:36 | 006,029,312 | ---- | M] () -- C:\Users\Harveydf\ntuser.bak
    [2011/08/10 04:01:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3010283643-4083402107-944152190-1000Core.job
    [2011/07/13 03:22:02 | 002,383,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]



    I'm way over 50,000 limit. Second reply to follow.
     
  7. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    #2

    ========== Files Created - No Company Name ==========

    [2011/08/11 20:54:20 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/08/11 20:20:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/08/11 20:20:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/08/11 20:20:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/08/11 20:20:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/08/11 20:20:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/08/11 20:09:57 | 000,000,512 | ---- | C] () -- C:\Users\Harveydf\Desktop\MBR.dat
    [2011/08/11 19:51:22 | 001,008,092 | ---- | C] () -- C:\Users\Harveydf\Desktop\rkill.com
    [2011/08/11 16:27:49 | 000,302,592 | ---- | C] () -- C:\Users\Harveydf\Desktop\ufhbk1mo.exe
    [2011/08/11 16:12:45 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/08/11 13:03:55 | 000,308,659 | ---- | C] () -- C:\Users\Harveydf\AppData\Local\census.cache
    [2011/08/11 13:03:36 | 000,188,735 | ---- | C] () -- C:\Users\Harveydf\AppData\Local\ars.cache
    [2011/08/11 12:44:13 | 000,000,036 | ---- | C] () -- C:\Users\Harveydf\AppData\Local\housecall.guid.cache
    [2011/08/10 23:41:52 | 3488,079,872 | -HS- | C] () -- C:\hiberfil.sys
    [2011/08/01 23:43:56 | 000,037,256 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
    [2011/06/11 17:55:18 | 000,000,022 | -HS- | C] () -- C:\Users\Harveydf\AppData\Roaming\Sys2662.Config.Repository.bin
    [2011/05/15 19:26:53 | 000,075,776 | ---- | C] () -- C:\Windows\SendToClip.exe
    [2011/04/02 23:25:43 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI
    [2011/04/02 23:25:12 | 000,000,191 | ---- | C] () -- C:\Windows\PowerReg.dat
    [2011/03/23 20:50:21 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
    [2011/02/28 21:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2011/01/26 22:12:00 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
    [2010/08/15 14:20:55 | 001,055,498 | ---- | C] () -- C:\Windows\System32\libodbc++.dll
    [2009/09/18 06:27:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/09/18 06:27:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/03/28 13:04:34 | 000,008,212 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
    [2009/01/22 22:11:05 | 000,000,001 | ---- | C] () -- C:\Windows\System32\uuddc32.dll
    [2008/09/17 03:00:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/08/09 20:10:10 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI
    [2008/04/01 17:03:07 | 000,004,096 | -H-- | C] () -- C:\Users\Harveydf\AppData\Local\keyfile3.drm
    [2008/03/24 11:58:28 | 000,148,918 | ---- | C] () -- C:\Windows\hpoins19.dat
    [2008/03/24 11:57:59 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
    [2008/02/29 19:46:54 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2008/02/24 00:31:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2008/02/19 23:29:25 | 000,000,864 | ---- | C] () -- C:\Users\Harveydf\AppData\Roaming\wklnhst.dat
    [2008/02/18 22:02:42 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
    [2008/02/18 16:29:01 | 000,028,160 | ---- | C] () -- C:\Users\Harveydf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/12/14 12:32:52 | 000,012,632 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
    [2007/11/23 17:38:35 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
    [2007/11/23 17:04:15 | 000,547,840 | ---- | C] () -- C:\Windows\zHotkey.exe
    [2007/11/23 17:04:15 | 000,532,544 | ---- | C] () -- C:\Windows\PIC.dll
    [2007/11/23 17:04:15 | 000,036,864 | ---- | C] () -- C:\Windows\ShowWnd.exe
    [2007/11/23 17:04:15 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
    [2006/11/22 15:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
    [2006/11/21 11:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
    [2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 05:47:37 | 002,383,608 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 03:33:01 | 000,695,370 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 03:33:01 | 000,139,910 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/06/11 17:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe

    ========== LOP Check ==========

    [2010/05/31 18:20:42 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Aureas85
    [2009/04/26 21:25:15 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Avery
    [2011/08/04 02:50:15 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2008/10/07 20:38:08 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\DAEMON Tools
    [2010/08/15 14:25:54 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Dev-Cpp
    [2011/05/14 12:18:52 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\DisplayTune
    [2009/08/20 21:02:36 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Elluminate
    [2008/03/05 21:42:43 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\ESRI
    [2011/05/15 19:31:27 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\GPSMaster
    [2008/08/09 19:41:59 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\HotSync
    [2011/08/01 20:53:46 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Image Zone Express
    [2011/08/04 06:55:19 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\ImgBurn
    [2011/04/10 16:51:04 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\InfraRecorder
    [2008/08/09 20:02:28 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Leadertech
    [2011/02/07 22:50:00 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Mobipocket
    [2008/03/24 12:27:11 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Printer Info Cache
    [2008/02/18 21:20:57 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\SampleView
    [2008/03/07 22:17:51 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Spare Backup
    [2008/02/19 23:29:37 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Template
    [2011/04/09 00:43:38 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\uTorrent
    [2010/11/07 17:08:07 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\XMind
    [2011/08/11 20:36:08 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2006/06/11 17:36:06 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011/08/11 20:47:24 | 000,020,387 | ---- | M] () -- C:\ComboFix.txt
    [2011/05/13 17:00:10 | 000,000,010 | ---- | M] () -- C:\CONFIG.SYS
    [2006/12/07 12:24:36 | 000,241,664 | ---- | M] (Alcor Micro, Corp.) -- C:\EMicon.dll
    [2011/08/11 20:37:03 | 3488,079,872 | -HS- | M] () -- C:\hiberfil.sys
    [2008/08/09 19:44:19 | 003,918,000 | ---- | M] () -- C:\HuskyInstallerLog.txt
    [2010/01/26 22:28:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2007/11/23 17:13:02 | 000,000,165 | ---- | M] () -- C:\labelPrint.log
    [2011/02/05 13:06:39 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2010/01/26 22:28:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/08/11 20:37:00 | 531,628,031 | -HS- | M] () -- C:\pagefile.sys
    [2011/05/14 12:19:40 | 000,000,173 | ---- | M] () -- C:\pdisdk.log
    [2011/05/14 12:20:43 | 000,000,184 | ---- | M] () -- C:\pivot.log
    [2007/11/23 17:18:26 | 000,000,163 | ---- | M] () -- C:\power2go.log
    [2007/11/23 17:09:50 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
    [2008/02/18 22:00:42 | 000,000,223 | -H-- | M] () -- C:\T4Metrics.log
    [2008/02/23 15:36:33 | 000,000,152 | ---- | M] () -- C:\YServer.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/09/19 17:10:11 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 14:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/01/19 00:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
    [2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/06/17 22:55:11 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/04/20 08:28:55 | 000,000,341 | -HS- | M] () -- C:\Users\Harveydf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/08/11 19:37:44 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Harveydf\Desktop\aswMBR.exe
    [2011/08/11 20:20:27 | 004,170,617 | R--- | M] (Swearware) -- C:\Users\Harveydf\Desktop\ComboFix.exe
    [2011/08/11 15:44:08 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Harveydf\Desktop\mbam-setup-1.51.1.1800.exe
    [2011/08/11 21:31:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Harveydf\Desktop\OTL.exe
    [2011/08/11 16:27:49 | 000,302,592 | ---- | M] () -- C:\Users\Harveydf\Desktop\ufhbk1mo.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/02/18 16:27:28 | 000,000,402 | -HS- | M] () -- C:\Users\Harveydf\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/06/08 22:16:21 | 000,000,576 | ---- | M] () -- C:\ProgramData\afl.log
    [2008/03/24 12:11:12 | 000,000,799 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2009/03/28 13:05:57 | 000,008,212 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
    [2011/08/11 20:54:20 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >

    OTL Extras logfile created on: 8/11/2011 9:52:15 PM - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Harveydf\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 63.38% Memory free
    7.67 Gb Paging File | 6.42 Gb Available in Paging File | 83.72% Paging File free
    Paging file location(s): c:\pagefile.sys 4603 4603 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 324.26 Gb Total Space | 244.86 Gb Free Space | 75.51% Space Free | Partition Type: NTFS
    Drive D: | 11.03 Gb Total Space | 4.50 Gb Free Space | 40.83% Space Free | Partition Type: NTFS

    Computer Name: HARVEYDF-PC | User Name: Harveydf | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = aolfile_HTM] -- C:\Program Files\AOL 9.0a\aol.exe (AOL, LLC.)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Value error.
    https [open] -- C:\PROGRA~1\AOL9~1.0A\aol.exe -u"%1" (AOL, LLC.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [sendtotoys1add] -- C:\Program Files\Send To Toys\SendToAdd.exe "%1" ()
    Directory [sendtotoys1remove] -- C:\Program Files\Send To Toys\SendToRemove.exe "%1" ()
    Directory [sendtotoys2prompt] -- C:\Program Files\Send To Toys\SendToCommandPrompt.exe "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{112B93F4-88D2-4294-A65E-66A2D9C479E8}" = lport=139 | protocol=6 | dir=in | app=system |
    "{3048DFC0-1FFF-4F5D-AFF0-65CE9FCD6D7B}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
    "{44B33375-D4C1-4FF7-8143-812110374DDD}" = rport=445 | protocol=6 | dir=out | app=system |
    "{476FF280-8456-4CE0-8C3E-C5966EC5A6B0}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
    "{573FD981-FAE2-45A7-85C2-D60BF96DA605}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
    "{5CA5C57B-A5C0-430B-BC9F-D819CEA7ACF2}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
    "{5E02B5A1-425F-446A-BA9B-6F3E8ACDB4C4}" = rport=137 | protocol=17 | dir=out | app=system |
    "{5F206458-AF48-49E1-8665-747F10D39898}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
    "{674F910C-7D23-4E8E-A3E9-7A9A64D6A2AE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{8AC7FA7C-7DD3-46C3-BE38-782A67DD4E8A}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
    "{92B1BF70-B26E-4ED5-B406-0826BFDEDDCA}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
    "{991DB381-CE81-4335-99DA-78E48DBE29B1}" = lport=445 | protocol=6 | dir=in | app=system |
    "{BC026F58-F977-4FE8-8DF0-3CF9DDBF2A8B}" = rport=139 | protocol=6 | dir=out | app=system |
    "{BFA0DF57-5B2E-4FD2-ABBE-4B9406A2BFE9}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
    "{CEF34DAB-CA4E-49DA-AB5C-EAB36F830BA0}" = lport=138 | protocol=17 | dir=in | app=system |
    "{CF0FC15B-884A-4165-AE67-AF2EDACDA123}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{E0B38B14-326C-4A8E-846B-E00FA7D732B1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{E31282E3-ADA7-4428-94BE-E5A3ED8C7774}" = rport=138 | protocol=17 | dir=out | app=system |
    "{E6716CFA-C26E-4CA6-A865-4B3D74CB22EE}" = lport=137 | protocol=17 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{010BF3D0-F331-4387-A9FF-0E9ECFAB59E5}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
    "{0241D97C-CE58-4245-A198-4432D40800ED}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{08CB6ACC-4E57-4E8E-9FB2-27A713D2E4F2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{0EA22329-A2B7-4ABE-BDA7-87B4F2167E2A}" = protocol=17 | dir=in | app=c:\program files\aol 9.0a\waol.exe |
    "{1F2DAD6A-3EDF-4D7F-AF3F-336FA0E2077B}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
    "{2010DBED-2A76-4AE3-A7E7-349EB6B0768C}" = protocol=6 | dir=in | app=c:\program files\aol 9.0a\waol.exe |
    "{21A1ADD8-6BE7-45DB-ABF3-07BF35DB4C6D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
    "{242674D5-40D5-4D1E-A98C-41172AC945D2}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{290CA5CE-9E14-42DD-A150-188E80C639AA}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{31DA36A5-5F8B-4B11-959B-E86534E34A13}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
    "{3240D441-F355-469A-B614-579E1A1F3777}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{38729CF0-D43D-417B-A142-54EC1569F4AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{3B7448FA-474E-4BD7-919D-8D4C8EED0F5F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{3EEFCDEC-242C-4133-9ADC-EB358BCA4D53}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
    "{4F4AD580-2ECF-485C-A427-60B9B9C09D4B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{51CC8751-B6FD-429A-92D5-26C99D581B3C}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
    "{5C46600C-301E-42D3-9A93-83904D5B8B28}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{5FD5ACBE-82B3-4995-9EE1-120A302E220E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
    "{63B3457E-6E4A-46A1-AEA1-4DA7A97A378B}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
    "{72E9655D-E874-4772-A021-BC792D5F7150}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{75B2D3FE-9CEE-4595-81B6-5CD8F94C6421}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
    "{7F6114DA-B98B-4271-833D-9BD574E877E6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{8556D7A6-F4E1-4A0C-BDB9-7B0EA6C21BDE}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
    "{8EABBCA6-B16C-477A-A3CB-C6FADACDEAF1}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{911FC45D-1A3B-4694-8604-CF242D21AD1F}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
    "{A5E3F0D8-CEA6-48B8-AE8E-ADEFD1ADA65B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{A989579B-03C1-4F7D-8D05-9469A678CF0F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{AB677665-136F-4AA7-A0BA-69BBAFE2FB33}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
    "{B1BD9A08-2F2A-464D-A839-4B0AB92A825B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
    "{B5505DDE-5F71-48FF-AEA3-148962F39B1C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{B70C5423-21C6-4194-BA1F-EC7AF7FDDD1C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1203397107\ee\aolsoftware.exe |
    "{BF242987-5BE9-4B69-A3E3-3CCCBF0215A8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1203397107\ee\aolsoftware.exe |
    "{C476CB31-E10F-4A53-B9DA-1D95A47F9D90}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
    "{C9DFCE2D-874B-4642-9941-02E3D220A170}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
    "{E5E0131D-BF01-44F9-A213-F1235317AD0E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{F323D12B-3887-421A-87B6-A15053E063F8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
    "{F4482D62-0B2D-4C1F-93A2-67D43C8C5075}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
    "{F8B7820D-9331-4723-812D-E5817887974A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{03290E9A-A1E7-4ACD-2F51-C5A94CEAC6AD}" = Catalyst Control Center Localization Czech
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
    "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0E485F33-3537-1E80-29AB-21CD2ABC3696}" = CCC Help Swedish
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{1032F58F-D319-42C1-A25F-2D3C9A26705B}" = ArcGIS Tutorial Data
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
    "{17863712-03FA-D2FC-9E70-168A801B363C}" = Catalyst Control Center Localization Turkish
    "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{197B13B4-FC9F-0C40-528F-03E78A7963C3}" = Catalyst Control Center Graphics Full Existing
    "{198193A7-DD1F-BBF5-D413-843F601EE8C6}" = CCC Help French
    "{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
    "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
    "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
    "{1F34839E-4826-4B64-B1B3-42E5AE8DEC5A}" = ArcGIS Desktop
    "{1FC5CEBB-434B-6B0F-9328-D4D97C6A8151}" = CCC Help Dutch
    "{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
    "{21C17FA8-28CA-4F00-80F1-1F96FACEC060}_is1" = StarFisher
    "{23DD6DAA-DDEF-41F5-A527-CECF07FA2CAF}" = 1500
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26
    "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
    "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
    "{2B393511-8610-0457-4E9B-E5D243916953}" = ccc-core-static
    "{2B520884-433A-E833-5EBA-0B995A1109BB}" = Catalyst Control Center Localization Norwegian
    "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
    "{2DA3B2C6-C28F-453E-8C8D-13127850113B}" = CCC Help Polish
    "{2F42F74B-F4DB-275B-DC0C-ECF10D0CC8FE}" = Catalyst Control Center Localization Chinese Traditional
    "{2F95C932-2730-525C-6575-56BC36E9909D}" = CCC Help Thai
    "{2FAE7E90-746B-13C1-AC76-9299266172ED}" = Catalyst Control Center Localization Spanish
    "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
    "{31E8F586-4EF7-4500-844D-BA8756474FF1}" = Windows Automated Installation Kit
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
    "{36DECF15-CB43-E506-DE01-8B99ECDFD363}" = CCC Help Hungarian
    "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
    "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
    "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
    "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
    "{39600969-41C3-4658-876E-16F108FC5C92}" = ISO Recorder
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{3CA7CFB1-36C9-71E0-D3A1-537958142A7B}" = Catalyst Control Center Localization Finnish
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
    "{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
    "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
    "{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
    "{44F47986-6CA3-74FD-3C6A-4A824B6B4505}" = Catalyst Control Center Localization Korean
    "{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
    "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
    "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
    "{54BCBDE4-6822-43D1-8326-1DF8B5227B85}_is1" = Astrolog32 2.02
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
    "{5C316513-EF94-3FD4-C714-8144C9FBFA8D}" = Catalyst Control Center Localization Thai
    "{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
    "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
    "{631EBC45-9F7C-E682-7ED2-C771DC9D9B84}" = CCC Help Norwegian
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{6522FA47-BE84-54C5-D0B0-4A812638C381}" = Catalyst Control Center Localization Swedish
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A65BE06-2F50-376C-D48F-89E5DA4A276A}" = Skins
    "{6D2C4B0C-1752-D091-6B1D-F5C8C4F0A937}" = ATI Catalyst Install Manager
    "{6D5E4EC5-8E6C-FB39-1C42-59834C343BD4}" = CCC Help Turkish
    "{6EC5A101-7484-1D9F-9499-55FF1C610918}" = Catalyst Control Center Core Implementation
    "{6EEA339D-D79A-A551-F7D5-A40EF907D73F}" = CCC Help Japanese
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
    "{75FD939A-A871-6061-FB50-C20CEED2419A}" = Catalyst Control Center Localization Polish
    "{77030BB4-4FFD-1EC3-6F43-0C6B643181ED}" = Catalyst Control Center Localization Dutch
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
    "{7A24C23C-C830-B155-0B06-5CCA0E84DEA7}" = Catalyst Control Center Localization Hungarian
    "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
    "{7C8172A4-2DA8-D207-7F79-F00051D88C50}" = CCC Help Russian
    "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
    "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
    "{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
    "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
    "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
    "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
    "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92CB9D44-A108-4716-0BE8-A4F831D2002F}" = Catalyst Control Center

    Still over 50,000.
     
  8. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    #3

    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
    "{99E1A31C-63E9-498C-AFD8-22008624C889}" = CCC Help Italian
    "{9A6AA265-101C-4756-E19D-97EE6C823BD0}" = Catalyst Control Center Localization French
    "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9CE4E9E2-EDB1-31F4-E4C5-384809ABF5D5}" = Catalyst Control Center Localization Japanese
    "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
    "{9FC4F2D3-97F7-29F3-8035-DD5DD91CF78D}" = CCC Help Chinese Traditional
    "{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
    "{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
    "{A1F8A68F-C445-0A8C-EA90-2BE52E215AE6}" = CCC Help German
    "{A2101ACC-DC36-42AA-A576-6FD6A8D466DA}" = 1500_Help
    "{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
    "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
    "{A3966E11-60DB-B561-AF76-4DC15C793284}" = Catalyst Control Center Graphics Light
    "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
    "{A4C6B32D-5088-40AF-B74D-CDABEF144F04}" = 1500Trb
    "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
    "{A85ACC14-8A0D-AC25-99F2-159690BE893A}" = CCC Help Portuguese
    "{A8ABE86A-E542-0C4D-EB19-FA28B1F23E75}" = CCC Help Korean
    "{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
    "{AC76BA86-1033-F400-7760-000000000004}_945" = Adobe Acrobat 9.4.5 - CPSID_83708
    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
    "{AE1CB9E7-89B9-10F2-A6CB-3C541C5925DC}" = CCC Help Greek
    "{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B1D78321-7AB1-45A7-A084-885AF75B8F3D}" = Palm Desktop
    "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
    "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B35E86C1-AE3B-7864-4819-8414E0BE422C}" = CCC Help Spanish
    "{B3B2CC77-13A5-43E3-ABB3-73E6B64EC700}" = TI StudyCards Creator
    "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
    "{B433E3D6-4D5F-FE01-ACAD-EBF96B49E081}" = Catalyst Control Center Localization Greek
    "{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    "{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
    "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
    "{BF663FD1-AEA8-ACA1-44A9-E26CA24372EA}" = CCC Help Danish
    "{C01091B1-237C-0E89-D125-1937B3697772}" = CCC Help Finnish
    "{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Maxtor*MaxBlast
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C716522C-3731-4667-8579-40B098294500}" = Toolbox
    "{C7227EE3-6954-22FB-D54B-7A6FEE680BB3}" = Catalyst Control Center Localization Portuguese
    "{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}" = Apple Mobile Device Support
    "{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
    "{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D1D8A8EA-753D-D754-FCFC-115BEFC3629D}" = Catalyst Control Center Graphics Previews Vista
    "{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
    "{DEA243C5-9448-9B0A-D96D-9A2A980E92F8}" = Catalyst Control Center Localization Chinese Standard
    "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
    "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
    "{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
    "{E17EC53E-E86E-AAD4-E9B8-8AFC26171821}" = CCC Help English
    "{E5794CEF-F506-112F-3A4B-907F24D27903}" = Catalyst Control Center Localization German
    "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
    "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
    "{EA418519-2160-43A0-AABD-6608DDD8D87F}" = iTunes
    "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
    "{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
    "{EDB42D3A-F64D-CEED-1E54-A23A6F49D670}" = CCC Help Czech
    "{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}" = Gateway Connect
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
    "{F2462493-1411-41CA-B205-4EA9D91995A7}" = Catalyst Control Center Localization Danish
    "{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
    "{F53457D9-F5D9-1254-2BCD-65942C0E5694}" = Catalyst Control Center Localization Italian
    "{F61CE400-BD11-A4E0-F370-8C96ACBA2E81}" = Catalyst Control Center Localization Russian
    "{F6B0FF01-14C3-45A0-A365-BD84B49059EC}" = ccc-utility
    "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
    "{FF262740-C85A-11D5-BBEC-00D0B740900A}" = PS2 Multimedia Keyboard Driver
    "{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
    "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
    "AT&T Self Support Tool" = AT&T Self Support Tool
    "Aureas85_is1" = Aureas v8.7
    "B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
    "BayGenie eBay Auction Sniper Pro Edition_is1" = BayGenie eBay Auction Sniper Pro Edition 3.1.8.0
    "CNXT_MODEM_PCI_HSF" = Soft Data Fax Modem with SmartCP
    "com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
    "creepy" = creepy 0.1.93
    "Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
    "ERUNT_is1" = ERUNT 1.1j
    "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
    "FormatFactory" = FormatFactory 2.20
    "Free Window Registry Repair" = Free Window Registry Repair
    "GPSMaster_2.13.5" = GPSMaster 2.13.5
    "HijackThis" = HijackThis 2.0.2
    "HP Imaging Device Functions" = HP Imaging Device Functions 8.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
    "HPOCR" = HP OCR Software 8.0
    "InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
    "jv16 PowerTools 2011" = jv16 PowerTools 2011
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
    "Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
    "Money2007b" = Microsoft Money Essentials
    "Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
    "MSC" = McAfee SecurityCenter
    "NVIDIA Drivers" = NVIDIA Drivers
    "PROR" = Microsoft Office Professional 2007
    "Python 2.4.1" = Python 2.4.1
    "Send To Toys_is1" = Send To Toys v2.61
    "The Rosetta Stone" = The Rosetta Stone
    "TurboTax 2008" = TurboTax 2008
    "TurboTax 2009" = TurboTax 2009
    "TurboTax 2010" = TurboTax 2010
    "TurboTax Deluxe 2007" = TurboTax Deluxe 2007
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "WildTangent gateway Master Uninstall" = Gateway Games
    "WinRAR archiver" = WinRAR archiver
    "XMind" = XMind
    "Yahoo! Applications" = AT&T Yahoo! Applications

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Adobe Reader for Palm OS" = Adobe Reader for Palm OS, 3.05
    "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 8/1/2011 6:20:00 AM | Computer Name = Harveydf-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 8/1/2011 7:32:45 AM | Computer Name = Harveydf-PC | Source = McLogEvent | ID = 5022
    Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

    Error - 8/1/2011 7:56:24 PM | Computer Name = Harveydf-PC | Source = McLogEvent | ID = 5022
    Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

    Error - 8/1/2011 8:02:59 PM | Computer Name = Harveydf-PC | Source = McLogEvent | ID = 5022
    Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

    Error - 8/1/2011 8:55:20 PM | Computer Name = Harveydf-PC | Source = McLogEvent | ID = 5022
    Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

    Error - 8/4/2011 6:53:15 AM | Computer Name = Harveydf-PC | Source = Perflib | ID = 1010
    Description =

    Error - 8/4/2011 10:28:11 AM | Computer Name = Harveydf-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 8/4/2011 10:28:11 AM | Computer Name = Harveydf-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 8/4/2011 10:28:39 AM | Computer Name = Harveydf-PC | Source = Application Error | ID = 1000
    Description = Faulting application mbam.exe, version 1.51.1.1076, time stamp 0x4e0a6f10,
    faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
    0xc0000005, fault offset 0x4c4b4a49, process id 0x15a0, application start time 0x01cc52b2cb6de649.

    Error - 8/5/2011 6:36:31 AM | Computer Name = Harveydf-PC | Source = Application Error | ID = 1000
    Description = Faulting application McInfo.exe, version 10.5.177.0, time stamp 0x4bcccb6d,
    faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception
    code 0xc0000008, fault offset 0x0007442c, process id 0x6ee0, application start time
    0x01cc535b89e9da4a.

    [ OSession Events ]
    Error - 6/29/2011 6:15:39 AM | Computer Name = Harveydf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 207868
    seconds with 2700 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 8/11/2011 11:22:42 PM | Computer Name = Harveydf-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 8/11/2011 11:23:51 PM | Computer Name = Harveydf-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 8/11/2011 11:29:05 PM | Computer Name = Harveydf-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 8/11/2011 11:35:32 PM | Computer Name = Harveydf-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 8/11/2011 11:35:45 PM | Computer Name = Harveydf-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 8/11/2011 11:36:02 PM | Computer Name = Harveydf-PC | Source = DCOM | ID = 10010
    Description =

    Error - 8/11/2011 11:39:49 PM | Computer Name = Harveydf-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 8/11/2011 11:39:49 PM | Computer Name = Harveydf-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 8/11/2011 11:39:51 PM | Computer Name = Harveydf-PC | Source = DCOM | ID = 10010
    Description =

    Error - 8/11/2011 11:47:17 PM | Computer Name = Harveydf-PC | Source = Service Control Manager | ID = 7022
    Description =


    < End of report >
     
  9. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    havoc and mayhem now

    I was using Firefox browsing and the tab crashed. I restarted the program, but could not leave the homepage. So I tried Explorer same story. Then I rebooted, next I had to id the operating system followed by desktop opening and the start menu opening automatically. The CPU had heavy usage for five minutes, so I wait for it to calm down and tried to open Firefox. It will not load. I'm on another machine sending this message.
     
  10. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    I fell asleep on the couch watching a movie. Woke up because of noise, it was the computer rebooting. I did not think of this before, but windows is scheduled to update at 3 in the am. This caused the computer to crash. On the reboot it gave the option to boot in safe mode, so I did. Then windows reverted its configuration from the failed attempt. Explorer can't find a connection to the internet. Firefox is not on the desktop.
     
  11. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    I don't think we're dealing here with an infection.
    So far I didn't see much.

    Using working computer and USB flash drive, download the following and transfer it to a "sick" computer.

    Please download MiniToolBox and run it.

    Checkmark following boxes:
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List last 10 Event Viewer log
    • List Users, Partitions and Memory size
    Click Go and post the result.

    ======================================================

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
     
  12. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    I downloaded to usb both files and transfer them to the sick computer. Then rebooted the computer, because I didn't see the usb drive when I inserted it, while in the safe mode. I ran minitool box and save results to usb. I then ran dts, and it found a suspicious file, but it would not let me save the file, and I no longer could see the usb drive. Here is the result from mini tool box.

    MiniToolBox by Farbar
    Ran by Harveydf (administrator) on 12-08-2011 at 11:59:32
    Windows Vista (TM) Home Premium Service Pack 2 (X86)

    ***************************************************************************

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    ========================= FF Proxy Settings: ==============================

    ========================= Hosts content: =================================

    127.0.0.1 localhost

    ========================= IP Configuration: ================================

    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4

    reset
    set global


    popd
    # End of IPv4 configuration



    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Harveydf-PC
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Broadcast
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : gateway.2wire.net

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . : gateway.2wire.net
    Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
    Physical Address. . . . . . . . . : 00-1E-90-66-FE-E3
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::dd1b:ac8c:8e89:88d8%8(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : Friday, August 12, 2011 11:45:52 AM
    Lease Expires . . . . . . . . . . : Saturday, August 13, 2011 11:45:52 AM
    Default Gateway . . . . . . . . . : 192.168.1.254
    DHCP Server . . . . . . . . . . . : 192.168.1.254
    DHCPv6 IAID . . . . . . . . . . . : 201334416
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-D9-20-8F-00-1E-90-64-0C-48
    DNS Servers . . . . . . . . . . . : 192.168.1.254
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 6:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 02-00-54-55-4E-01
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3c57:3229:3f57:febf(Preferred)
    Link-local IPv6 Address . . . . . : fe80::3c57:3229:3f57:febf%9(Preferred)
    Default Gateway . . . . . . . . . : ::
    NetBIOS over Tcpip. . . . . . . . : Disabled

    Tunnel adapter Local Area Connection* 7:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . : gateway.2wire.net
    Description . . . . . . . . . . . : isatap.gateway.2wire.net
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Server: home
    Address: 192.168.1.254

    DNS request timed out.
    timeout was 2 seconds.


    Pinging google.com [74.125.224.147] with 32 bytes of data:

    Reply from 74.125.224.147: bytes=32 time=28ms TTL=53

    Reply from 74.125.224.147: bytes=32 time=26ms TTL=53



    Ping statistics for 74.125.224.147:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 26ms, Maximum = 28ms, Average = 27ms

    Server: home
    Address: 192.168.1.254

    Name: yahoo.com
    Addresses: 69.147.125.65
    72.30.2.43
    98.137.149.56
    209.191.122.70
    67.195.160.76



    Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

    Reply from 209.191.122.70: bytes=32 time=69ms TTL=54

    Reply from 209.191.122.70: bytes=32 time=73ms TTL=54



    Ping statistics for 209.191.122.70:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 69ms, Maximum = 73ms, Average = 71ms



    Pinging 127.0.0.1 with 32 bytes of data:

    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



    Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

    ===========================================================================
    Interface List
    8 ...00 1e 90 66 fe e3 ...... NVIDIA nForce 10/100 Mbps Ethernet
    1 ........................... Software Loopback Interface 1
    9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
    13 ...00 00 00 00 00 00 00 e0 isatap.gateway.2wire.net
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 20
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    192.168.1.0 255.255.255.0 On-link 192.168.1.64 276
    192.168.1.64 255.255.255.255 On-link 192.168.1.64 276
    192.168.1.255 255.255.255.255 On-link 192.168.1.64 276
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 192.168.1.64 276
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 192.168.1.64 276
    ===========================================================================
    Persistent Routes:
    None

    IPv6 Route Table
    ===========================================================================
    Active Routes:
    If Metric Network Destination Gateway
    9 18 ::/0 On-link
    1 306 ::1/128 On-link
    9 18 2001::/32 On-link
    9 266 2001:0:4137:9e76:3c57:3229:3f57:febf/128
    On-link
    8 276 fe80::/64 On-link
    9 266 fe80::/64 On-link
    9 266 fe80::3c57:3229:3f57:febf/128
    On-link
    8 276 fe80::dd1b:ac8c:8e89:88d8/128
    On-link
    1 306 ff00::/8 On-link
    9 266 ff00::/8 On-link
    8 276 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
    None

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (08/12/2011 03:22:38 AM) (Source: EventSystem) (User: )
    Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

    Error: (08/11/2011 04:36:55 PM) (Source: Perflib) (User: )
    Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

    Error: (08/11/2011 00:11:28 AM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
    Description: MCSCAN32 Engine Initialisation failed.
    Engine returned error : 3

    Error: (08/10/2011 11:54:04 PM) (Source: LoadPerf) (User: )
    Description: 864416

    Error: (08/10/2011 11:54:01 PM) (Source: LoadPerf) (User: )
    Description: WmiApRplWmiApRpl8

    Error: (08/10/2011 11:54:01 PM) (Source: LoadPerf) (User: )
    Description: 864416

    Error: (08/10/2011 11:46:52 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
    Description: MCSCAN32 Engine Initialisation failed.
    Engine returned error : 3

    Error: (08/10/2011 11:42:59 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
    Description: MCSCAN32 Engine Initialisation failed.
    Engine returned error : 3

    Error: (08/10/2011 09:09:41 PM) (Source: Windows Search Service) (User: )
    Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (08/10/2011 09:09:41 PM) (Source: Windows Search Service) (User: )
    Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)


    System errors:
    =============
    Error: (08/12/2011 11:56:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
    Description: 0x80070020Security Update for Windows Vista (KB2563894){90251517-2EF3-4FF2-AA8F-7B463B3D4BD9}102

    Error: (08/12/2011 11:56:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
    Description: 0x80070020Security Update for Windows Vista (KB2556532){E01D3C24-0F19-4483-B664-E6387654A2FA}102

    Error: (08/12/2011 11:56:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
    Description: 0x80070020Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2539633){D25A3C25-89A8-4701-8E07-B4AC308473D3}102

    Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
    Description: 0x80070020Security Update for Windows Vista (KB2507938){F5B61030-0598-4938-894B-48DAF6E482C3}104

    Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
    Description: 0x80070020Update for Windows Vista (KB2563227){FA0D4E30-DC73-41BB-95D5-B3A4DAF7A95F}100

    Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
    Description: 0x80070020Update for Windows Vista (KB2533623){378A8A33-B781-4F63-82ED-23C51EEDCACF}102

    Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
    Description: 0x80070020Update for Windows Mail Junk E-mail Filter [August 2011] (KB905866){5B014E51-A72C-4153-8348-8E20FCE03EA5}100

    Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
    Description: 0x80070020Cumulative Security Update for Internet Explorer 9 for Windows Vista (KB2559049){E56F8457-94E9-4FC2-8DFF-0615405C4C39}101

    Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
    Description: 0x80070020Security Update for Windows Vista (KB2555917){3697DEB7-4AF1-4A4A-A16B-5FED1A2FB9D8}102

    Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
    Description: 0x80070020Update Rollup for ActiveX Killbits for Windows Vista (KB2562937){A72EBFCA-5B2C-4A8E-8967-234068079733}103


    Microsoft Office Sessions:
    =========================
    Error: (06/29/2011 03:15:39 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 207868 seconds with 2700 seconds of active time. This session ended with a crash.


    ========================= Memory info: ===================================

    Percentage of memory in use: 32%
    Total physical RAM: 3325.57 MB
    Available physical RAM: 2229.49 MB
    Total Pagefile: 7849.06 MB
    Available Pagefile: 6611.16 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1972.96 MB

    ========================= Partitions: =====================================

    1 Drive c: () (Fixed) (Total:324.26 GB) (Free:244.31 GB) NTFS
    2 Drive d: (RECOVERY) (Fixed) (Total:11.03 GB) (Free:4.5 GB) NTFS
    9 Drive k: (CRUZER) (Removable) (Total:7.5 GB) (Free:7.5 GB) FAT32

    ========================= Users: ========================================

    User accounts for \\HARVEYDF-PC

    Administrator Guest Harveydf


    == End of log ==
     
  13. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Your internet connection is fine. "Ping" works no problem.

    I need to see TDSSKiller log.
     
  14. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    I rebooted into safe mode w/networking and was able to get the file.

    2011/08/12 12:03:26.0032 5336 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
    2011/08/12 12:03:26.0750 5336 ================================================================================
    2011/08/12 12:03:26.0750 5336 SystemInfo:
    2011/08/12 12:03:26.0750 5336
    2011/08/12 12:03:26.0750 5336 OS Version: 6.0.6002 ServicePack: 2.0
    2011/08/12 12:03:26.0750 5336 Product type: Workstation
    2011/08/12 12:03:26.0750 5336 ComputerName: HARVEYDF-PC
    2011/08/12 12:03:26.0750 5336 UserName: Harveydf
    2011/08/12 12:03:26.0750 5336 Windows directory: C:\Windows
    2011/08/12 12:03:26.0750 5336 System windows directory: C:\Windows
    2011/08/12 12:03:26.0750 5336 Processor architecture: Intel x86
    2011/08/12 12:03:26.0750 5336 Number of processors: 4
    2011/08/12 12:03:26.0750 5336 Page size: 0x1000
    2011/08/12 12:03:26.0750 5336 Boot type: Normal boot
    2011/08/12 12:03:26.0750 5336 ================================================================================
    2011/08/12 12:03:27.0296 5336 Initialize success
    2011/08/12 12:03:37.0036 5016 ================================================================================
    2011/08/12 12:03:37.0036 5016 Scan started
    2011/08/12 12:03:37.0036 5016 Mode: Manual;
    2011/08/12 12:03:37.0036 5016 ================================================================================
    2011/08/12 12:03:37.0456 5016 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
    2011/08/12 12:03:37.0501 5016 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2011/08/12 12:03:37.0557 5016 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys
    2011/08/12 12:03:37.0704 5016 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2011/08/12 12:03:37.0737 5016 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2011/08/12 12:03:37.0804 5016 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2011/08/12 12:03:37.0824 5016 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2011/08/12 12:03:37.0904 5016 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    2011/08/12 12:03:38.0174 5016 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    2011/08/12 12:03:38.0205 5016 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/08/12 12:03:38.0222 5016 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    2011/08/12 12:03:38.0375 5016 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2011/08/12 12:03:38.0391 5016 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    2011/08/12 12:03:38.0423 5016 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2011/08/12 12:03:38.0439 5016 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    2011/08/12 12:03:38.0634 5016 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/08/12 12:03:38.0828 5016 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
    2011/08/12 12:03:38.0974 5016 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2011/08/12 12:03:38.0993 5016 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2011/08/12 12:03:39.0074 5016 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/08/12 12:03:39.0090 5016 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2011/08/12 12:03:39.0282 5016 atikmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/08/12 12:03:39.0390 5016 ATWPKT2 (0d74d0aa2eccb5e2019b5e10c38afd19) C:\Windows\system32\drivers\ATWPKT2.SYS
    2011/08/12 12:03:39.0484 5016 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
    2011/08/12 12:03:39.0545 5016 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/08/12 12:03:39.0645 5016 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    2011/08/12 12:03:39.0729 5016 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/08/12 12:03:39.0745 5016 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/08/12 12:03:39.0777 5016 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/08/12 12:03:39.0814 5016 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/08/12 12:03:39.0846 5016 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/08/12 12:03:39.0861 5016 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/08/12 12:03:39.0878 5016 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/08/12 12:03:40.0061 5016 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/08/12 12:03:40.0093 5016 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/08/12 12:03:40.0162 5016 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\Windows\system32\drivers\cfwids.sys
    2011/08/12 12:03:40.0247 5016 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2011/08/12 12:03:40.0278 5016 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2011/08/12 12:03:40.0332 5016 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/08/12 12:03:40.0363 5016 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    2011/08/12 12:03:40.0381 5016 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/08/12 12:03:40.0448 5016 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys
    2011/08/12 12:03:40.0579 5016 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2011/08/12 12:03:40.0584 5016 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2011/08/12 12:03:40.0663 5016 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    2011/08/12 12:03:40.0763 5016 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2011/08/12 12:03:40.0790 5016 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
    2011/08/12 12:03:40.0848 5016 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    2011/08/12 12:03:40.0879 5016 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
    2011/08/12 12:03:40.0895 5016 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/08/12 12:03:40.0979 5016 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/08/12 12:03:40.0982 5016 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/08/12 12:03:41.0032 5016 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2011/08/12 12:03:41.0096 5016 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2011/08/12 12:03:41.0181 5016 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2011/08/12 12:03:41.0233 5016 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2011/08/12 12:03:41.0264 5016 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/08/12 12:03:41.0293 5016 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/08/12 12:03:41.0349 5016 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/08/12 12:03:41.0380 5016 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/08/12 12:03:41.0392 5016 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2011/08/12 12:03:41.0450 5016 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/08/12 12:03:41.0481 5016 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/08/12 12:03:41.0534 5016 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/08/12 12:03:41.0651 5016 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
    2011/08/12 12:03:41.0683 5016 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/08/12 12:03:41.0701 5016 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/08/12 12:03:41.0752 5016 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/08/12 12:03:41.0783 5016 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/08/12 12:03:41.0803 5016 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2011/08/12 12:03:41.0888 5016 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    2011/08/12 12:03:42.0084 5016 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
    2011/08/12 12:03:42.0237 5016 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2011/08/12 12:03:42.0284 5016 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2011/08/12 12:03:42.0296 5016 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/08/12 12:03:42.0370 5016 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
    2011/08/12 12:03:42.0424 5016 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2011/08/12 12:03:42.0471 5016 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/08/12 12:03:42.0571 5016 IntcAzAudAddService (4e38a2883df3ba382a59132b3e7d709e) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/08/12 12:03:42.0687 5016 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
    2011/08/12 12:03:42.0724 5016 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/08/12 12:03:42.0771 5016 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/08/12 12:03:42.0855 5016 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2011/08/12 12:03:42.0887 5016 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/08/12 12:03:42.0941 5016 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/08/12 12:03:42.0988 5016 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2011/08/12 12:03:43.0007 5016 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/08/12 12:03:43.0057 5016 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/08/12 12:03:43.0088 5016 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/08/12 12:03:43.0104 5016 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/08/12 12:03:43.0157 5016 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/08/12 12:03:43.0197 5016 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2011/08/12 12:03:43.0288 5016 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/08/12 12:03:43.0306 5016 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2011/08/12 12:03:43.0357 5016 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2011/08/12 12:03:43.0389 5016 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/08/12 12:03:43.0441 5016 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/08/12 12:03:43.0492 5016 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
    2011/08/12 12:03:43.0697 5016 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2011/08/12 12:03:43.0760 5016 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2011/08/12 12:03:43.0791 5016 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\Windows\system32\drivers\mfeapfk.sys
    2011/08/12 12:03:43.0872 5016 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\Windows\system32\drivers\mfeavfk.sys
    2011/08/12 12:03:44.0056 5016 mfebopk (a528b15e330edb83ea649be318d841d5) C:\Windows\system32\drivers\mfebopk.sys
    2011/08/12 12:03:44.0156 5016 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\Windows\system32\drivers\mfefirek.sys
    2011/08/12 12:03:44.0271 5016 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\Windows\system32\drivers\mfehidk.sys
    2011/08/12 12:03:44.0371 5016 mfenlfk (3a1aa28066785449da570462e0532d0c) C:\Windows\system32\DRIVERS\mfenlfk.sys
    2011/08/12 12:03:44.0456 5016 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\Windows\system32\drivers\mferkdet.sys
    2011/08/12 12:03:44.0540 5016 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
    2011/08/12 12:03:44.0621 5016 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
    2011/08/12 12:03:44.0721 5016 mfewfpk (b2baac6bbedda3e26e82db13fa0e5bee) C:\Windows\system32\drivers\mfewfpk.sys
    2011/08/12 12:03:44.0856 5016 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/08/12 12:03:44.0887 5016 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/08/12 12:03:44.0904 5016 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/08/12 12:03:44.0972 5016 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/08/12 12:03:45.0003 5016 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/08/12 12:03:45.0020 5016 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2011/08/12 12:03:45.0073 5016 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/08/12 12:03:45.0104 5016 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/08/12 12:03:45.0204 5016 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
    2011/08/12 12:03:45.0288 5016 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
    2011/08/12 12:03:45.0384 5016 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2011/08/12 12:03:45.0405 5016 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/08/12 12:03:45.0580 5016 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/08/12 12:03:45.0727 5016 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/08/12 12:03:45.0853 5016 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    2011/08/12 12:03:45.0885 5016 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2011/08/12 12:03:45.0933 5016 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/08/12 12:03:45.0965 5016 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2011/08/12 12:03:45.0989 5016 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/08/12 12:03:46.0049 5016 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/08/12 12:03:46.0065 5016 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/08/12 12:03:46.0089 5016 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2011/08/12 12:03:46.0149 5016 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/08/12 12:03:46.0165 5016 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/08/12 12:03:46.0197 5016 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2011/08/12 12:03:46.0250 5016 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/08/12 12:03:46.0298 5016 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2011/08/12 12:03:46.0319 5016 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/08/12 12:03:46.0381 5016 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/08/12 12:03:46.0398 5016 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/08/12 12:03:46.0450 5016 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/08/12 12:03:46.0498 5016 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2011/08/12 12:03:46.0550 5016 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2011/08/12 12:03:46.0723 5016 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
    2011/08/12 12:03:46.0855 5016 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/08/12 12:03:46.0903 5016 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2011/08/12 12:03:46.0924 5016 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2011/08/12 12:03:47.0002 5016 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2011/08/12 12:03:47.0086 5016 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/08/12 12:03:47.0103 5016 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/08/12 12:03:47.0156 5016 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
    2011/08/12 12:03:47.0204 5016 NVNET (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
    2011/08/12 12:03:47.0373 5016 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    2011/08/12 12:03:47.0404 5016 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    2011/08/12 12:03:47.0421 5016 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
    2011/08/12 12:03:47.0473 5016 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    2011/08/12 12:03:47.0520 5016 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/08/12 12:03:47.0604 5016 PalmUSBD (803cf09c795290825607505d37819135) C:\Windows\system32\drivers\PalmUSBD.sys
    2011/08/12 12:03:47.0673 5016 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/08/12 12:03:47.0704 5016 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2011/08/12 12:03:47.0720 5016 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/08/12 12:03:47.0789 5016 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2011/08/12 12:03:47.0820 5016 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
    2011/08/12 12:03:47.0821 5016 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/08/12 12:03:47.0889 5016 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/08/12 12:03:48.0021 5016 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/08/12 12:03:48.0074 5016 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
    2011/08/12 12:03:48.0121 5016 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2011/08/12 12:03:48.0190 5016 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2011/08/12 12:03:48.0237 5016 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/08/12 12:03:48.0258 5016 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/08/12 12:03:48.0321 5016 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/08/12 12:03:48.0338 5016 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/08/12 12:03:48.0391 5016 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/08/12 12:03:48.0438 5016 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/08/12 12:03:48.0439 5016 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/08/12 12:03:48.0508 5016 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/08/12 12:03:48.0540 5016 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    2011/08/12 12:03:48.0592 5016 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/08/12 12:03:48.0623 5016 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2011/08/12 12:03:48.0708 5016 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/08/12 12:03:48.0739 5016 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/08/12 12:03:48.0793 5016 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/08/12 12:03:48.0824 5016 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/08/12 12:03:48.0846 5016 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2011/08/12 12:03:48.0895 5016 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2011/08/12 12:03:48.0942 5016 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/08/12 12:03:48.0995 5016 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    2011/08/12 12:03:49.0026 5016 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/08/12 12:03:49.0043 5016 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    2011/08/12 12:03:49.0055 5016 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/08/12 12:03:49.0111 5016 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    2011/08/12 12:03:49.0142 5016 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2011/08/12 12:03:49.0157 5016 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2011/08/12 12:03:49.0227 5016 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2011/08/12 12:03:49.0296 5016 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\Windows\system32\DRIVERS\snapman.sys
    2011/08/12 12:03:49.0360 5016 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/08/12 12:03:49.0443 5016 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
    2011/08/12 12:03:49.0443 5016 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
    2011/08/12 12:03:49.0443 5016 sptd - detected LockedFile.Multi.Generic (1)
    2011/08/12 12:03:49.0460 5016 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    2011/08/12 12:03:49.0644 5016 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    2011/08/12 12:03:49.0798 5016 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/08/12 12:03:49.0913 5016 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2011/08/12 12:03:49.0944 5016 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/08/12 12:03:49.0951 5016 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/08/12 12:03:49.0999 5016 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/08/12 12:03:50.0060 5016 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
    2011/08/12 12:03:50.0200 5016 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/08/12 12:03:50.0246 5016 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2011/08/12 12:03:50.0264 5016 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/08/12 12:03:50.0331 5016 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\Windows\system32\DRIVERS\tdrpman.sys
    2011/08/12 12:03:50.0431 5016 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/08/12 12:03:50.0453 5016 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2011/08/12 12:03:50.0515 5016 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2011/08/12 12:03:50.0600 5016 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\Windows\system32\drivers\tiehdusb.sys
    2011/08/12 12:03:50.0660 5016 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
    2011/08/12 12:03:50.0750 5016 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys
    2011/08/12 12:03:50.0902 5016 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/08/12 12:03:50.0933 5016 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/08/12 12:03:50.0953 5016 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/08/12 12:03:51.0002 5016 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    2011/08/12 12:03:51.0049 5016 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2011/08/12 12:03:51.0118 5016 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    2011/08/12 12:03:51.0149 5016 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2011/08/12 12:03:51.0157 5016 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/08/12 12:03:51.0219 5016 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/08/12 12:03:51.0254 5016 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/08/12 12:03:51.0334 5016 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/08/12 12:03:51.0351 5016 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/08/12 12:03:51.0403 5016 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/08/12 12:03:51.0450 5016 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/08/12 12:03:51.0463 5016 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/08/12 12:03:51.0519 5016 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/08/12 12:03:51.0551 5016 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/08/12 12:03:51.0608 5016 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/08/12 12:03:51.0655 5016 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/08/12 12:03:51.0671 5016 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/08/12 12:03:51.0724 5016 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/08/12 12:03:51.0755 5016 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2011/08/12 12:03:51.0769 5016 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2011/08/12 12:03:51.0825 5016 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    2011/08/12 12:03:51.0856 5016 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2011/08/12 12:03:51.0910 5016 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2011/08/12 12:03:51.0958 5016 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2011/08/12 12:03:51.0973 5016 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2011/08/12 12:03:52.0041 5016 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/08/12 12:03:52.0059 5016 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/08/12 12:03:52.0095 5016 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/08/12 12:03:52.0142 5016 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
    2011/08/12 12:03:52.0162 5016 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2011/08/12 12:03:52.0243 5016 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2011/08/12 12:03:52.0343 5016 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
    2011/08/12 12:03:52.0412 5016 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    2011/08/12 12:03:52.0612 5016 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    2011/08/12 12:03:52.0677 5016 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/08/12 12:03:52.0759 5016 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/08/12 12:03:52.0812 5016 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys
    2011/08/12 12:03:52.0877 5016 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    2011/08/12 12:03:52.0928 5016 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk5\DR5
    2011/08/12 12:03:53.0007 5016 Boot (0x1200) (10ff9c14cd7c653f910b683224932980) \Device\Harddisk0\DR0\Partition0
    2011/08/12 12:03:53.0008 5016 Boot (0x1200) (c1dc6e02b93052c89b63df3fa485b757) \Device\Harddisk0\DR0\Partition1
    2011/08/12 12:03:53.0020 5016 Boot (0x1200) (37d6a4a5d8bcd9153a4b8cb9bd50e43c) \Device\Harddisk5\DR5\Partition0
    2011/08/12 12:03:53.0075 5016 ================================================================================
    2011/08/12 12:03:53.0075 5016 Scan finished
    2011/08/12 12:03:53.0075 5016 ================================================================================
    2011/08/12 12:03:53.0091 5948 Detected object count: 1
    2011/08/12 12:03:53.0091 5948 Actual detected object count: 1
    2011/08/12 12:04:15.0730 5948 LockedFile.Multi.Generic(sptd) - User select action: Skip
    2011/08/12 12:10:47.0757 1512 Deinitialize success
     
  15. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Is it a log form brand new scan?
    If so I'd like to see the log when "it found a suspicious file".

    So your browsers work fine in safe mode with networking, but not in normal mode?
     
  16. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    I only ran the program once. This is the entry, it is in the last log I sent you about 60 lines up from the bottom.

    2011/08/12 12:03:49.0443 5016 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b

    I don't have access to a browser. I just rebooted in safe with networking hoping to see the usb drive in my computer. Then I just typed in f: or c: and could see the drives. I hope this makes sense.
     
  17. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    That's a safe file.

    Let's clarify something...
    Is the computer bootable in safe and normal mode, or just in safe mode?
     
  18. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    It will boot into normal mode, but I can't leave my homepage in firefox or explorer. Also, I could not save the log files to the usb drive after I saved mini toolbox. safe mode is fine, but not internet access.
     
  19. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Still unclear.
    In normal mode you can access your homepage (it does connect there), but no more browsing?
    What's the situation in Safe Mode with Networking?

    Any other current issues?
     
  20. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    I rebooted into normal mode, and I am able to use the internet and log into our website. Thank goodness! Safe mode is good as well. By the way --- Thank You for hanging with me so far, I'm extremely grateful.
     
  21. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Gremlins?...LOL

    You're very welcome [​IMG]

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  22. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    Good news was short lived. Sick computer started to auto scroll the page until it locked at the bottom of the page. I changed tabs in firefox and that page locked up as well. I closed firefox and open explorer, and after loading the home page, it would not go to another link. I retried and it did to go to another link, but after getting there it auto scrolled up and down the page, and would not response anymore. I closed explorer and I'm on my other machine writing you now.
    Should I download the first two programs, put them on a flash drive, then run them on sick machine? Should I stay in normal mode or reboot to safe mode to run the programs?
     
  23. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Not yet.

    Go Start>Run (Start Search in Vista), type in:
    msconfig
    Click OK (hit Enter in Vista).

    Click on Startup tab.
    Click Disable all
    IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

    Click Services tab.
    Put checkmark in Hide all Microsoft services
    Click Disable all.

    Click OK.
    Restart computer in Normal Mode.

    NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
    If you use Windows firewall, you're fine.

    Same problem?
     
  24. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    I can not type anything into start run. Every time I type a character the menu flickers and nothing is there?
     
  25. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Restart in safe mode and see if you can do it from there.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.