TechSpot

Malware causing havoc

Solved
By harveydf
Aug 11, 2011
  1. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    I restarted in safe mode. I followed all instructions and rebooted to normal mode. I downloaded the two programs to the desktop. Then as I was going to run the first program when firefox started auto scrolling. I closed firefox and started the first program, upon completion it would not allow me to save the file. The file name was blank and I could not type anything in the box for name. Should I run the programs in safe mode?
     
  2. Broni

    Broni Malware Annihilator Posts: 47,993   +271

    Go ahead, but then you'll need normal mode for Eset scan.
     
  3. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    I ran both programs in safe mode. Here is the log.

    MiniToolBox by Farbar
    Ran by Harveydf (administrator) on 12-08-2011 at 11:59:32
    Windows Vista (TM) Home Premium Service Pack 2 (X86)

    ***************************************************************************

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    ========================= FF Proxy Settings: ==============================

    ========================= Hosts content: =================================

    127.0.0.1 localhost

    ========================= IP Configuration: ================================

    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4

    reset
    set global


    popd
    # End of IPv4 configuration



    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Harveydf-PC
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Broadcast
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : gateway.2wire.net

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . : gateway.2wire.net
    Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
    Physical Address. . . . . . . . . : 00-1E-90-66-FE-E3
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::dd1b:ac8c:8e89:88d8%8(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : Friday, August 12, 2011 11:45:52 AM
    Lease Expires . . . . . . . . . . : Saturday, August 13, 2011 11:45:52 AM
    Default Gateway . . . . . . . . . : 192.168.1.254
    DHCP Server . . . . . . . . . . . : 192.168.1.254
    DHCPv6 IAID . . . . . . . . . . . : 201334416
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-D9-20-8F-00-1E-90-64-0C-48
    DNS Servers . . . . . . . . . . . : 192.168.1.254
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 6:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 02-00-54-55-4E-01
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3c57:3229:3f57:febf(Preferred)
    Link-local IPv6 Address . . . . . : fe80::3c57:3229:3f57:febf%9(Preferred)
    Default Gateway . . . . . . . . . : ::
    NetBIOS over Tcpip. . . . . . . . : Disabled

    Tunnel adapter Local Area Connection* 7:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . : gateway.2wire.net
    Description . . . . . . . . . . . : isatap.gateway.2wire.net
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Server: home
    Address: 192.168.1.254

    DNS request timed out.
    timeout was 2 seconds.


    Pinging google.com [74.125.224.147] with 32 bytes of data:

    Reply from 74.125.224.147: bytes=32 time=28ms TTL=53

    Reply from 74.125.224.147: bytes=32 time=26ms TTL=53



    Ping statistics for 74.125.224.147:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 26ms, Maximum = 28ms, Average = 27ms

    Server: home
    Address: 192.168.1.254

    Name: yahoo.com
    Addresses: 69.147.125.65
    72.30.2.43
    98.137.149.56
    209.191.122.70
    67.195.160.76



    Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

    Reply from 209.191.122.70: bytes=32 time=69ms TTL=54

    Reply from 209.191.122.70: bytes=32 time=73ms TTL=54



    Ping statistics for 209.191.122.70:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 69ms, Maximum = 73ms, Average = 71ms



    Pinging 127.0.0.1 with 32 bytes of data:

    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



    Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

    ===========================================================================
    Interface List
    8 ...00 1e 90 66 fe e3 ...... NVIDIA nForce 10/100 Mbps Ethernet
    1 ........................... Software Loopback Interface 1
    9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
    13 ...00 00 00 00 00 00 00 e0 isatap.gateway.2wire.net
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 20
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    192.168.1.0 255.255.255.0 On-link 192.168.1.64 276
    192.168.1.64 255.255.255.255 On-link 192.168.1.64 276
    192.168.1.255 255.255.255.255 On-link 192.168.1.64 276
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 192.168.1.64 276
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 192.168.1.64 276
    ===========================================================================
    Persistent Routes:
    None

    IPv6 Route Table
    ===========================================================================
    Active Routes:
    If Metric Network Destination Gateway
    9 18 ::/0 On-link
    1 306 ::1/128 On-link
    9 18 2001::/32 On-link
    9 266 2001:0:4137:9e76:3c57:3229:3f57:febf/128
    On-link
    8 276 fe80::/64 On-link
    9 266 fe80::/64 On-link
    9 266 fe80::3c57:3229:3f57:febf/128
    On-link
    8 276 fe80::dd1b:ac8c:8e89:88d8/128
    On-link
    1 306 ff00::/8 On-link
    9 266 ff00::/8 On-link
    8 276 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
    None

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (08/12/2011 03:22:38 AM) (Source: EventSystem) (User: )
    Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

    Error: (08/11/2011 04:36:55 PM) (Source: Perflib) (User: )
    Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

    Error: (08/11/2011 00:11:28 AM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
    Description: MCSCAN32 Engine Initialisation failed.
    Engine returned error : 3

    Error: (08/10/2011 11:54:04 PM) (Source: LoadPerf) (User: )
    Description: 864416

    Error: (08/10/2011 11:54:01 PM) (Source: LoadPerf) (User: )
    Description: WmiApRplWmiApRpl8

    Error: (08/10/2011 11:54:01 PM) (Source: LoadPerf) (User: )
    Description: 864416

    Error: (08/10/2011 11:46:52 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
    Description: MCSCAN32 Engine Initialisation failed.
    Engine returned error : 3

    Error: (08/10/2011 11:42:59 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
    Description: MCSCAN32 Engine Initialisation failed.
    Engine returned error : 3

    Error: (08/10/2011 09:09:41 PM) (Source: Windows Search Service) (User: )
    Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (08/10/2011 09:09:41 PM) (Source: Windows Search Service) (User: )
    Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)


    System errors:
    =============
    Error: (08/12/2011 11:56:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
    Description: 0x80070020Security Update for Windows Vista (KB2563894){90251517-2EF3-4FF2-AA8F-7B463B3D4BD9}102

    Error: (08/12/2011 11:56:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
    Description: 0x80070020Security Update for Windows Vista (KB2556532){E01D3C24-0F19-4483-B664-E6387654A2FA}102

    Error: (08/12/2011 11:56:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
    Description: 0x80070020Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2539633){D25A3C25-89A8-4701-8E07-B4AC308473D3}102

    Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
    Description: 0x80070020Security Update for Windows Vista (KB2507938){F5B61030-0598-4938-894B-48DAF6E482C3}104

    Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
    Description: 0x80070020Update for Windows Vista (KB2563227){FA0D4E30-DC73-41BB-95D5-B3A4DAF7A95F}100

    Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
    Description: 0x80070020Update for Windows Vista (KB2533623){378A8A33-B781-4F63-82ED-23C51EEDCACF}102

    Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
    Description: 0x80070020Update for Windows Mail Junk E-mail Filter [August 2011] (KB905866){5B014E51-A72C-4153-8348-8E20FCE03EA5}100

    Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
    Description: 0x80070020Cumulative Security Update for Internet Explorer 9 for Windows Vista (KB2559049){E56F8457-94E9-4FC2-8DFF-0615405C4C39}101

    Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
    Description: 0x80070020Security Update for Windows Vista (KB2555917){3697DEB7-4AF1-4A4A-A16B-5FED1A2FB9D8}102

    Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
    Description: 0x80070020Update Rollup for ActiveX Killbits for Windows Vista (KB2562937){A72EBFCA-5B2C-4A8E-8967-234068079733}103


    Microsoft Office Sessions:
    =========================
    Error: (06/29/2011 03:15:39 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 207868 seconds with 2700 seconds of active time. This session ended with a crash.


    ========================= Memory info: ===================================

    Percentage of memory in use: 32%
    Total physical RAM: 3325.57 MB
    Available physical RAM: 2229.49 MB
    Total Pagefile: 7849.06 MB
    Available Pagefile: 6611.16 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1972.96 MB

    ========================= Partitions: =====================================

    1 Drive c: () (Fixed) (Total:324.26 GB) (Free:244.31 GB) NTFS
    2 Drive d: (RECOVERY) (Fixed) (Total:11.03 GB) (Free:4.5 GB) NTFS
    9 Drive k: (CRUZER) (Removable) (Total:7.5 GB) (Free:7.5 GB) FAT32

    ========================= Users: ========================================

    User accounts for \\HARVEYDF-PC

    Administrator Guest Harveydf

    Even after disabling services and startup per your instructions, I can not connect my browsers. Explorer doesn't work either to run Esent scanner.
     
  4. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    I'm sorry, that was the wrong log.

    Results of screen317's Security Check version 0.99.7
    Windows Vista Service Pack 2 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!
    McAfee SecurityCenter
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    Java(TM) 6 Update 26
    Java(TM) SE Runtime Environment 6 Update 1
    Out of date Java installed!
    Adobe Flash Player 10.3.181.34
    Adobe Reader 8.1.2
    Adobe Reader 8.1.2 Security Update 1 (KB403742)
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````
     
  5. Broni

    Broni Malware Annihilator Posts: 47,993   +271

    Uninstall Java(TM) SE Runtime Environment 6 Update 1

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.
     
  6. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    I was in normal mode and went to add/remove programs and it quit responding. So I booted into safe mode. I'll uninstall java from there. Do I even need adobe reader when I have adobe cs4 suite installed?
     
  7. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    From the safe mode the message windows installer service could not be accessed?
     
  8. Broni

    Broni Malware Annihilator Posts: 47,993   +271

    See if you can run Eset scan.
     
  9. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    I don't have internet in the safe mode, but will reboot into normal mode and give it a try. I have not had a working connection there for some time, but I will try. I will have to search for the link first, because I have not been able to access our forum on the sick machine for quite awhile now. By the way congrats on the thread with funkduck, I saw you and him solved his problems. It gives me hope.
     
  10. Broni

    Broni Malware Annihilator Posts: 47,993   +271

    The problem with you is, that I'm not even sure if this is about an infection.

    If you're unable to run Eset download this tool on good computer and move it to bad computer.

    Please click HERE to download Kaspersky Virus Removal Tool.

    • Double click on the file you just downloaded and let it install.
    • It will install to your desktop (be patient; it may take a while).
    • Accept license agreement and click "Start" button.
    • Click on Settings button [​IMG]
      • In Scan scope leave pre-checked items as they're and also checkmark My Computer
      • In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection
    • Click on Automatic Scan tab and then click on Start scanning button.
    • Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
    • When the scan is done NO log will be produced.
    • Click on Report button [​IMG] then on Automatic Scan report tab.
    • Right click anywhere within right pane, click Select All then right click again and click Copy.
    • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
    • You can save this on the desktop.
    • Post the contents of the document in your next reply.
     
  11. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    I don't understand, if it is not a virus what else could this be? I am downloading Kaspersky on the good machine now. I'll run it as soon as it finishes.
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,993   +271

    Let's see what we'll get there.
     
  13. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    I ran Kaspersky and copied the report and tried to send it on my good machine. It won't connect to our site. I believe the other machine is now infected.
     
  14. Broni

    Broni Malware Annihilator Posts: 47,993   +271

  15. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    Hi Broni

    Things are not good. The second machine is infected, and there was a third machine on the network and it to has symtoms too . Before Kasperky died it gave me some clues. When Kasperky finished running on machine 1, I opened the log of the quick scan and copied and pasted it to notepad. I should have realized something was up because the pasted selection was trying to being erased from the bottom up, as I pasted the text. When I closed Kasperky it erased the log. But I saw the log, first it archived Kaspersky as a rar.exe file in one line and password protected it in the next. It packed sys 32 wlanapi.dll and moved it to a folder called pe_patch_stolen. It packed 21 .sys files and moved them to sys1132 folder. It renamed combofix and pack it to a directory called UPX, there it archived 21 files and ziped 2 others. It packed and archived Hijackthis.exe and sifxinst. It renamed aswmbr.exe and moved it to a folder upx.
    On the second computer there was more damage.
    There is a rar program on the root of c drive and it has a x thru the uninstall icon. This explains how I could boot in normal mode but not much functionality.
    If you been holding back the big guns, I think we need them now.
     
  16. Broni

    Broni Malware Annihilator Posts: 47,993   +271

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
  17. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    When I double clicked on the exe, it burned the cd, but a message came up from old timer that the software was for windows 7 and not vista.
     
  18. Broni

    Broni Malware Annihilator Posts: 47,993   +271

    Never seen a message like that.
    It came up exactly when?
     
  19. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    I'm afraid in my haste I probably caused the program to fail. I executed the exe and didn't run it as a administrator. After the program ran, I got the message a program may have not installed properly, so I ran it a again, that is when I got the message. The good news is the disc works. Here is the log.
    OTL logfile created on: 8/14/2011 10:31:05 PM - Run
    OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
    Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 94.00% Paging File free
    Paging file location(s): c:\pagefile.sys 4603 4603 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 324.26 Gb Total Space | 241.63 Gb Free Space | 74.52% Space Free | Partition Type: NTFS
    Drive H: | 11.03 Gb Total Space | 4.51 Gb Free Space | 40.87% Space Free | Partition Type: NTFS
    Drive I: | 24.41 Gb Total Space | 24.33 Gb Free Space | 99.65% Space Free | Partition Type: NTFS
    Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled] -- -- (Apple Mobile Device)
    SRV - [2011/07/06 22:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/04/20 05:04:08 | 000,176,128 | ---- | M] (AMD) [Disabled] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2011/04/14 17:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
    SRV - [2011/04/14 17:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
    SRV - [2011/04/14 17:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
    SRV - [2011/02/16 18:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2010/10/08 00:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010/08/24 00:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2010/03/31 00:47:31 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
    SRV - [2010/03/10 14:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2010/03/10 14:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2010/03/10 14:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2010/03/10 14:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2010/03/10 14:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2010/01/09 16:37:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/08/29 17:58:47 | 000,181,800 | ---- | M] (WildTangent, Inc.) [Disabled] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand] -- -- (MRESP50a64)
    DRV - File not found [Kernel | On_Demand] -- -- (MREMP50a64)
    DRV - File not found [Kernel | On_Demand] -- -- (mfeavfk01)
    DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
    DRV - File not found [Kernel | On_Demand] -- -- (catchme)
    DRV - File not found [Kernel | On_Demand] -- -- (ALSysIO)
    DRV - [2011/07/06 22:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/06/13 05:20:42 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
    DRV - [2011/06/13 05:20:42 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
    DRV - [2011/06/13 05:20:29 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
    DRV - [2011/06/13 05:20:26 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
    DRV - [2011/04/20 05:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2011/04/20 05:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
    DRV - [2011/04/20 04:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
    DRV - [2011/04/14 17:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2011/04/14 17:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2011/04/14 17:01:38 | 000,165,032 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
    DRV - [2011/04/14 17:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2011/04/14 17:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2011/04/14 17:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2011/04/14 17:01:38 | 000,064,584 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
    DRV - [2011/04/14 17:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
    DRV - [2011/04/14 17:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2010/11/09 18:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
    DRV - [2010/08/12 15:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
    DRV - [2009/09/16 13:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2009/09/16 13:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2008/10/07 23:38:21 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
    DRV - [2007/08/09 22:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
    DRV - [2007/06/29 13:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/06/20 07:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2007/04/13 13:30:39 | 000,025,136 | ---- | M] (America Online) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atwpkt2.sys -- (ATWPKT2)
    DRV - [2007/01/19 13:53:43 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2007/01/19 13:53:42 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2006/11/02 04:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2006/11/02 03:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
    DRV - [2006/11/02 03:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
    DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2004/04/13 13:54:58 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
    DRV - [2004/02/04 14:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662


    IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\Harveydf_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\Harveydf_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/?_bc=1
    IE - HKU\Harveydf_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\Harveydf_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\Harveydf_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKU\Harveydf_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\Harveydf_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Startpage"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
    FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
    FF - prefs.js..extensions.enabledItems: ilab@intuit:1.7
    FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.1.5
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.21amo
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {C6F77964-B0B5-4953-A144-93051184EC0C}:1.4
    FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.5
    FF - prefs.js..extensions.enabledItems: {cd617375-6743-4ee8-bac4-fbf10f35729e}:2.8.7

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1:
    FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\Harveydf\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/08/10 03:26:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/30 23:24:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/14 17:43:54 | 000,000,000 | ---D | M]

    [2008/09/01 01:53:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Extensions
    [2011/08/12 17:25:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions
    [2011/08/09 00:04:22 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    [2010/06/25 16:16:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/05/26 21:42:12 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    [2011/06/30 04:56:44 | 000,000,000 | ---D | M] (FlashResizer) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{C6F77964-B0B5-4953-A144-93051184EC0C}
    [2011/08/09 00:18:06 | 000,000,000 | ---D | M] ("RightToClick") -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
    [2011/05/26 21:42:12 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    [2010/03/15 22:50:42 | 000,000,000 | ---D | M] ("ThumbStrips") -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\ilab@intuit
    [2008/03/28 13:36:45 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\moveplayer@movenetworks.com
    [2011/03/26 23:56:20 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\SkipScreen@SkipScreen
    [2011/05/26 21:42:14 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\zotero@chnm.gmu.edu
    [2011/08/11 20:33:22 | 000,005,457 | ---- | M] () -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\searchplugins\startpage.xml
    [2011/08/11 08:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/07/30 01:46:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/18 12:45:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/12/18 23:45:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/02/19 16:02:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/06/09 02:17:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2008/09/01 01:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
    [2011/08/10 03:26:29 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
    [2007/08/24 07:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
    [2011/04/14 17:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
    [2011/05/04 07:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/06/30 04:44:11 | 006,271,648 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

    O1 HOSTS File: ([2011/08/11 23:37:45 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110510034359.dll (McAfee, Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\Harveydf_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\Harveydf_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\Harveydf_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
    O7 - HKU\Harveydf_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
    O7 - HKU\Harveydf_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
    O7 - HKU\Harveydf_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper:
    O24 - Desktop BackupWallPaper:
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/08/14 22:44:10 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Users\Harveydf\Desktop\OTLPENet.exe
    [2011/08/14 19:19:58 | 004,171,239 | ---- | C] (Swearware) -- C:\Users\Harveydf\Desktop\Harvey_081411.exe
    [2011/08/14 19:19:58 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Harveydf\Desktop\esetsmartinstaller_enu_081411.exe
    [2011/08/12 18:26:25 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Harveydf\Desktop\TFC.exe
    [2011/08/12 18:17:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2011/08/12 18:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2011/08/12 14:58:24 | 001,404,720 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Harveydf\Desktop\tdsskiller.exe
    [2011/08/12 00:31:16 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Harveydf\Desktop\OTL.exe
    [2011/08/11 23:47:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/08/11 23:37:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/08/11 23:20:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/08/11 23:20:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/08/11 23:20:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/08/11 23:20:47 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011/08/11 23:18:24 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/08/11 22:37:20 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\Harveydf\Desktop\aswMBR.exe
    [2011/08/11 19:41:13 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Harveydf\Desktop\dds.scr
    [2011/08/11 19:12:45 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/08/11 19:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/08/11 19:12:41 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/08/11 19:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/08/11 18:42:24 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Harveydf\Desktop\mbam-setup-1.51.1.1800.exe
    [2011/08/11 17:11:36 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/08/10 06:07:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2011/08/10 06:07:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
    [2011/08/10 06:07:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2011/08/10 06:07:56 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2011/08/10 06:07:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2011/08/10 06:07:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2011/08/10 04:27:18 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
    [2011/08/10 04:26:36 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2011/08/10 04:26:36 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2011/08/04 09:52:22 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\ImgBurn
    [2011/08/04 09:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
    [2011/08/04 05:50:15 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/08/02 02:43:57 | 000,188,808 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eudisk.sys
    [2011/08/02 02:43:57 | 000,021,896 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eufs.sys
    [2011/08/02 02:43:57 | 000,015,240 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eudskacs.sys
    [2011/08/02 02:43:56 | 000,031,112 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eubakup.sys

    ========== Files - Modified Within 30 Days ==========

    [2011/08/14 23:37:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/08/14 23:37:47 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/08/14 23:37:47 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/08/14 23:29:37 | 000,708,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/08/14 23:29:37 | 000,144,490 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/08/14 23:22:10 | 3488,079,872 | -HS- | M] () -- C:\hiberfil.sys
    [2011/08/14 22:39:31 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\Harveydf\Desktop\OTLPENet.exe
    [2011/08/14 19:13:02 | 102,303,544 | ---- | M] () -- C:\Users\Harveydf\Desktop\kapersky2_081411.exe
    [2011/08/14 18:44:13 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Harveydf\Desktop\esetsmartinstaller_enu_081411.exe
    [2011/08/14 18:12:26 | 004,171,239 | ---- | M] (Swearware) -- C:\Users\Harveydf\Desktop\Harvey_081411.exe
    [2011/08/14 00:20:23 | 001,008,092 | ---- | M] () -- C:\Users\Harveydf\Desktop\rkill.scr
    [2011/08/12 21:42:24 | 102,027,600 | ---- | M] () -- C:\Users\Harveydf\Desktop\setup_11.0.0.1245.x01_2011_08_13_03_10.exe
    [2011/08/12 18:26:35 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Harveydf\Desktop\TFC.exe
    [2011/08/12 18:26:00 | 000,879,028 | ---- | M] () -- C:\Users\Harveydf\Desktop\SecurityCheck.exe
    [2011/08/12 18:17:43 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    [2011/08/12 18:17:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2011/08/12 14:33:40 | 001,404,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Harveydf\Desktop\tdsskiller.exe
    [2011/08/12 14:31:52 | 000,376,189 | ---- | M] () -- C:\Users\Harveydf\Desktop\MiniToolBox.exe
    [2011/08/12 00:31:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Harveydf\Desktop\OTL.exe
    [2011/08/11 23:54:20 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2011/08/11 23:37:45 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/08/11 23:09:57 | 000,000,512 | ---- | M] () -- C:\MBR081411.dat
    [2011/08/11 23:09:57 | 000,000,512 | ---- | M] () -- C:\Users\Harveydf\Desktop\MBR.dat
    [2011/08/11 22:51:28 | 001,008,092 | ---- | M] () -- C:\Users\Harveydf\Desktop\rkill.com
    [2011/08/11 22:37:44 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Harveydf\Desktop\aswMBR.exe
    [2011/08/11 19:41:16 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Harveydf\Desktop\dds.scr
    [2011/08/11 19:27:49 | 000,302,592 | ---- | M] () -- C:\Users\Harveydf\Desktop\ufhbk1mo.exe
    [2011/08/11 19:12:45 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/08/11 19:12:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/08/11 18:44:08 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Harveydf\Desktop\mbam-setup-1.51.1.1800.exe
    [2011/08/11 16:03:55 | 000,308,659 | ---- | M] () -- C:\Users\Harveydf\AppData\Local\census.cache
    [2011/08/11 16:03:36 | 000,188,735 | ---- | M] () -- C:\Users\Harveydf\AppData\Local\ars.cache
    [2011/08/11 15:44:13 | 000,000,036 | ---- | M] () -- C:\Users\Harveydf\AppData\Local\housecall.guid.cache
    [2011/08/11 06:23:30 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/08/11 03:11:18 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3010283643-4083402107-944152190-1000UA.job
    [2011/08/11 02:46:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/08/10 07:01:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3010283643-4083402107-944152190-1000Core.job
    [2011/08/07 07:47:20 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades
    [2011/08/02 00:03:36 | 000,002,365 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2011/08/01 06:13:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    [2011/07/21 22:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2011/07/21 22:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2011/07/21 22:46:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2011/07/21 22:45:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
    [2011/07/21 22:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2011/07/21 22:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

    ========== Files Created - No Company Name ==========

    [2011/08/14 19:54:51 | 000,000,512 | ---- | C] () -- C:\MBR081411.dat
    [2011/08/14 19:19:55 | 102,303,544 | ---- | C] () -- C:\Users\Harveydf\Desktop\kapersky2_081411.exe
    [2011/08/14 00:21:47 | 001,008,092 | ---- | C] () -- C:\Users\Harveydf\Desktop\rkill.scr
    [2011/08/12 21:46:11 | 102,027,600 | ---- | C] () -- C:\Users\Harveydf\Desktop\setup_11.0.0.1245.x01_2011_08_13_03_10.exe
    [2011/08/12 21:01:51 | 3488,079,872 | -HS- | C] () -- C:\hiberfil.sys
    [2011/08/12 18:25:56 | 000,879,028 | ---- | C] () -- C:\Users\Harveydf\Desktop\SecurityCheck.exe
    [2011/08/12 14:58:10 | 000,376,189 | ---- | C] () -- C:\Users\Harveydf\Desktop\MiniToolBox.exe
    [2011/08/11 23:54:20 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/08/11 23:20:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/08/11 23:20:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/08/11 23:20:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/08/11 23:20:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/08/11 23:20:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/08/11 23:09:57 | 000,000,512 | ---- | C] () -- C:\Users\Harveydf\Desktop\MBR.dat
    [2011/08/11 22:51:22 | 001,008,092 | ---- | C] () -- C:\Users\Harveydf\Desktop\rkill.com
    [2011/08/11 19:27:49 | 000,302,592 | ---- | C] () -- C:\Users\Harveydf\Desktop\ufhbk1mo.exe
    [2011/08/11 19:12:45 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/08/11 16:03:55 | 000,308,659 | ---- | C] () -- C:\Users\Harveydf\AppData\Local\census.cache
    [2011/08/11 16:03:36 | 000,188,735 | ---- | C] () -- C:\Users\Harveydf\AppData\Local\ars.cache
    [2011/08/11 15:44:13 | 000,000,036 | ---- | C] () -- C:\Users\Harveydf\AppData\Local\housecall.guid.cache
    [2011/08/02 02:43:56 | 000,037,256 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
    [2011/06/11 20:55:18 | 000,000,022 | -HS- | C] () -- C:\Users\Harveydf\AppData\Roaming\Sys2662.Config.Repository.bin
    [2011/05/15 22:26:53 | 000,075,776 | ---- | C] () -- C:\Windows\SendToClip.exe
    [2011/04/03 02:25:43 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI
    [2011/04/03 02:25:12 | 000,000,191 | ---- | C] () -- C:\Windows\PowerReg.dat
    [2011/03/23 23:50:21 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2011/03/17 20:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
    [2011/03/01 00:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2011/01/27 01:12:00 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
    [2010/08/15 17:20:55 | 001,055,498 | ---- | C] () -- C:\Windows\System32\libodbc++.dll
    [2009/09/18 09:27:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/09/18 09:27:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/03 18:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 18:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/03/28 16:04:34 | 000,008,212 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
    [2009/01/23 01:11:05 | 000,000,001 | ---- | C] () -- C:\Windows\System32\uuddc32.dll
    [2008/09/17 06:00:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/08/09 23:10:10 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI
    [2008/04/01 20:03:07 | 000,004,096 | -H-- | C] () -- C:\Users\Harveydf\AppData\Local\keyfile3.drm
    [2008/03/24 14:58:28 | 000,148,918 | ---- | C] () -- C:\Windows\hpoins19.dat
    [2008/03/24 14:57:59 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
    [2008/02/29 22:46:54 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2008/02/24 03:31:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2008/02/20 02:29:25 | 000,000,864 | ---- | C] () -- C:\Users\Harveydf\AppData\Roaming\wklnhst.dat
    [2008/02/19 01:02:42 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
    [2008/02/18 19:29:01 | 000,028,160 | ---- | C] () -- C:\Users\Harveydf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/12/14 15:32:52 | 000,012,632 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
    [2007/11/23 20:38:35 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
    [2007/11/23 20:04:15 | 000,547,840 | ---- | C] () -- C:\Windows\zHotkey.exe
    [2007/11/23 20:04:15 | 000,532,544 | ---- | C] () -- C:\Windows\PIC.dll
    [2007/11/23 20:04:15 | 000,036,864 | ---- | C] () -- C:\Windows\ShowWnd.exe
    [2007/11/23 20:04:15 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
    [2006/11/22 18:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
    [2006/11/21 14:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
    [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 08:47:37 | 002,383,608 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 06:33:01 | 000,708,516 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 06:33:01 | 000,144,490 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/06/11 20:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe

    ========== LOP Check ==========

    [2010/05/31 21:20:42 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Aureas85
    [2009/04/27 00:25:15 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Avery
    [2011/08/04 05:50:15 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2008/10/07 23:38:08 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\DAEMON Tools
    [2010/08/15 17:25:54 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Dev-Cpp
    [2011/05/14 15:18:52 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\DisplayTune
    [2009/08/21 00:02:36 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Elluminate
    [2008/03/06 00:42:43 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\ESRI
    [2011/05/15 22:31:27 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\GPSMaster
    [2008/08/09 22:41:59 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\HotSync
    [2011/08/01 23:53:46 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Image Zone Express
    [2011/08/04 09:55:19 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\ImgBurn
    [2011/04/10 19:51:04 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\InfraRecorder
    [2008/08/09 23:02:28 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Leadertech
    [2011/02/08 01:50:00 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Mobipocket
    [2008/03/24 15:27:11 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Printer Info Cache
    [2008/02/19 00:20:57 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\SampleView
    [2008/03/08 01:17:51 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Spare Backup
    [2008/02/20 02:29:37 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Template
    [2011/04/09 03:43:38 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\uTorrent
    [2010/11/07 20:08:07 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\XMind
    [2008/02/18 19:23:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
    [2010/05/31 21:20:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Aureas85
    [2008/02/18 19:23:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
    [2008/02/18 19:23:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
    [2011/02/05 14:28:47 | 000,000,000 | ---D | M] -- C:\ProgramData\eBcEbKd09128
    [2011/05/07 16:11:10 | 000,000,000 | ---D | M] -- C:\ProgramData\ErrorEND
    [2008/02/18 19:23:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
    [2008/08/09 22:44:13 | 000,000,000 | ---D | M] -- C:\ProgramData\HotSync
    [2011/06/13 05:20:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Maxtor
    [2008/02/28 02:13:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Napster
    [2008/02/24 02:16:59 | 000,000,000 | ---D | M] -- C:\ProgramData\NetZero
    [2008/02/18 19:23:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
    [2008/02/18 19:23:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
    [2008/02/19 01:04:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Viewpoint
    [2007/11/23 20:34:00 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
    [2011/06/30 23:27:53 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/08/14 23:37:47 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========


    < End of report >
     
  20. Broni

    Broni Malware Annihilator Posts: 47,993   +271

    I don't really see anything malicious there.

    Please describe in details current computer issues.
     
  21. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    Windows has updates, but won't configure.McAfees says its on, but when you open real time scanning its off, and won't turn on. I can't open any browser, but browser short cuts are good. Eset is scanning in normal mode, however it is at 32 percent and has been scanning for over 2 hours. It has found 2 threats, win32/hiderun.application and win32/toolbar.zugo.application.
     
  22. Broni

    Broni Malware Annihilator Posts: 47,993   +271

    Let Eset finish its scan.
     
  23. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    Eset finished, with no other threats found. I have gone over my tracks and found Gmer was not run correctly. Maybe this Helps.

    2011/08/15 14:33:17.0592 1236 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13

    2011/08/15 14:33:19.0199 1236 ================================================================================

    2011/08/15 14:33:19.0199 1236 SystemInfo:

    2011/08/15 14:33:19.0199 1236

    2011/08/15 14:33:19.0199 1236 OS Version: 6.0.6002 ServicePack: 2.0

    2011/08/15 14:33:19.0199 1236 Product type: Workstation

    2011/08/15 14:33:19.0199 1236 ComputerName: HARVEYDF-PC

    2011/08/15 14:33:19.0199 1236 UserName: Harveydf

    2011/08/15 14:33:19.0199 1236 Windows directory: C:\Windows

    2011/08/15 14:33:19.0199 1236 System windows directory: C:\Windows

    2011/08/15 14:33:19.0199 1236 Processor architecture: Intel x86

    2011/08/15 14:33:19.0199 1236 Number of processors: 4

    2011/08/15 14:33:19.0199 1236 Page size: 0x1000

    2011/08/15 14:33:19.0199 1236 Boot type: Normal boot

    2011/08/15 14:33:19.0199 1236 ================================================================================

    2011/08/15 14:33:19.0761 1236 Initialize success

    2011/08/15 14:33:23.0723 1724 ================================================================================

    2011/08/15 14:33:23.0723 1724 Scan started

    2011/08/15 14:33:23.0723 1724 Mode: Manual;

    2011/08/15 14:33:23.0723 1724 ================================================================================

    2011/08/15 14:33:24.0035 1724 6594252drv (d45d320418ad6c36cefb59c34540257a) C:\Windows\system32\DRIVERS\6594252drv.sys

    2011/08/15 14:33:24.0207 1724 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys

    2011/08/15 14:33:24.0254 1724 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

    2011/08/15 14:33:24.0300 1724 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys

    2011/08/15 14:33:24.0441 1724 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

    2011/08/15 14:33:24.0488 1724 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

    2011/08/15 14:33:24.0534 1724 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

    2011/08/15 14:33:24.0581 1724 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

    2011/08/15 14:33:24.0628 1724 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

    2011/08/15 14:33:25.0954 1724 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

    2011/08/15 14:33:25.0985 1724 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

    2011/08/15 14:33:26.0032 1724 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

    2011/08/15 14:33:26.0172 1724 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

    2011/08/15 14:33:26.0204 1724 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

    2011/08/15 14:33:26.0235 1724 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

    2011/08/15 14:33:26.0250 1724 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

    2011/08/15 14:33:26.0453 1724 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys

    2011/08/15 14:33:26.0718 1724 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys

    2011/08/15 14:33:26.0906 1724 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

    2011/08/15 14:33:26.0937 1724 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

    2011/08/15 14:33:26.0999 1724 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

    2011/08/15 14:33:27.0030 1724 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

    2011/08/15 14:33:27.0218 1724 atikmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys

    2011/08/15 14:33:27.0327 1724 ATWPKT2 (0d74d0aa2eccb5e2019b5e10c38afd19) C:\Windows\system32\drivers\ATWPKT2.SYS

    2011/08/15 14:33:27.0436 1724 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys

    2011/08/15 14:33:27.0467 1724 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

    2011/08/15 14:33:27.0545 1724 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

    2011/08/15 14:33:27.0623 1724 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

    2011/08/15 14:33:27.0639 1724 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

    2011/08/15 14:33:27.0686 1724 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

    2011/08/15 14:33:27.0717 1724 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

    2011/08/15 14:33:27.0748 1724 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

    2011/08/15 14:33:27.0764 1724 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

    2011/08/15 14:33:27.0795 1724 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

    2011/08/15 14:33:27.0857 1724 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

    2011/08/15 14:33:27.0904 1724 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

    2011/08/15 14:33:27.0951 1724 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\Windows\system32\drivers\cfwids.sys

    2011/08/15 14:33:28.0029 1724 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

    2011/08/15 14:33:28.0076 1724 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

    2011/08/15 14:33:28.0107 1724 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys

    2011/08/15 14:33:28.0138 1724 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

    2011/08/15 14:33:28.0169 1724 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

    2011/08/15 14:33:28.0200 1724 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys

    2011/08/15 14:33:28.0325 1724 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

    2011/08/15 14:33:28.0356 1724 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

    2011/08/15 14:33:28.0403 1724 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

    2011/08/15 14:33:28.0497 1724 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

    2011/08/15 14:33:28.0544 1724 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

    2011/08/15 14:33:28.0590 1724 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

    2011/08/15 14:33:28.0637 1724 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

    2011/08/15 14:33:28.0668 1724 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

    2011/08/15 14:33:28.0731 1724 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

    2011/08/15 14:33:28.0762 1724 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

    2011/08/15 14:33:28.0793 1724 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

    2011/08/15 14:33:28.0856 1724 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

    2011/08/15 14:33:28.0934 1724 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

    2011/08/15 14:33:28.0965 1724 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

    2011/08/15 14:33:28.0996 1724 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

    2011/08/15 14:33:29.0043 1724 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

    2011/08/15 14:33:29.0074 1724 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

    2011/08/15 14:33:29.0105 1724 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

    2011/08/15 14:33:29.0136 1724 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

    2011/08/15 14:33:29.0183 1724 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

    2011/08/15 14:33:29.0214 1724 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

    2011/08/15 14:33:29.0246 1724 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

    2011/08/15 14:33:29.0370 1724 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

    2011/08/15 14:33:29.0417 1724 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

    2011/08/15 14:33:29.0448 1724 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

    2011/08/15 14:33:29.0480 1724 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

    2011/08/15 14:33:29.0526 1724 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

    2011/08/15 14:33:29.0573 1724 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

    2011/08/15 14:33:29.0636 1724 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys

    2011/08/15 14:33:29.0792 1724 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys

    2011/08/15 14:33:29.0948 1724 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

    2011/08/15 14:33:29.0994 1724 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

    2011/08/15 14:33:30.0026 1724 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

    2011/08/15 14:33:30.0088 1724 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys

    2011/08/15 14:33:30.0166 1724 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

    2011/08/15 14:33:30.0213 1724 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

    2011/08/15 14:33:30.0306 1724 IntcAzAudAddService (4e38a2883df3ba382a59132b3e7d709e) C:\Windows\system32\drivers\RTKVHDA.sys

    2011/08/15 14:33:30.0416 1724 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

    2011/08/15 14:33:30.0447 1724 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

    2011/08/15 14:33:30.0494 1724 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

    2011/08/15 14:33:30.0556 1724 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

    2011/08/15 14:33:30.0618 1724 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

    2011/08/15 14:33:30.0665 1724 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

    2011/08/15 14:33:30.0712 1724 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

    2011/08/15 14:33:30.0759 1724 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

    2011/08/15 14:33:30.0790 1724 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

    2011/08/15 14:33:30.0821 1724 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

    2011/08/15 14:33:30.0852 1724 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

    2011/08/15 14:33:30.0884 1724 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

    2011/08/15 14:33:30.0930 1724 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

    2011/08/15 14:33:30.0993 1724 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

    2011/08/15 14:33:31.0040 1724 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

    2011/08/15 14:33:31.0071 1724 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

    2011/08/15 14:33:31.0102 1724 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

    2011/08/15 14:33:31.0149 1724 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

    2011/08/15 14:33:31.0211 1724 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys

    2011/08/15 14:33:31.0383 1724 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

    2011/08/15 14:33:31.0414 1724 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

    2011/08/15 14:33:31.0461 1724 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\Windows\system32\drivers\mfeapfk.sys

    2011/08/15 14:33:31.0492 1724 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\Windows\system32\drivers\mfeavfk.sys

    2011/08/15 14:33:31.0601 1724 mfebopk (a528b15e330edb83ea649be318d841d5) C:\Windows\system32\drivers\mfebopk.sys

    2011/08/15 14:33:31.0648 1724 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\Windows\system32\drivers\mfefirek.sys

    2011/08/15 14:33:31.0742 1724 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\Windows\system32\drivers\mfehidk.sys

    2011/08/15 14:33:31.0851 1724 mfenlfk (3a1aa28066785449da570462e0532d0c) C:\Windows\system32\DRIVERS\mfenlfk.sys

    2011/08/15 14:33:31.0944 1724 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\Windows\system32\drivers\mferkdet.sys

    2011/08/15 14:33:32.0054 1724 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys

    2011/08/15 14:33:32.0163 1724 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys

    2011/08/15 14:33:32.0272 1724 mfewfpk (b2baac6bbedda3e26e82db13fa0e5bee) C:\Windows\system32\drivers\mfewfpk.sys

    2011/08/15 14:33:32.0366 1724 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

    2011/08/15 14:33:32.0397 1724 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

    2011/08/15 14:33:32.0428 1724 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

    2011/08/15 14:33:32.0459 1724 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

    2011/08/15 14:33:32.0506 1724 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

    2011/08/15 14:33:32.0537 1724 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

    2011/08/15 14:33:32.0584 1724 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

    2011/08/15 14:33:32.0615 1724 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

    2011/08/15 14:33:32.0693 1724 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

    2011/08/15 14:33:32.0771 1724 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

    2011/08/15 14:33:32.0896 1724 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

    2011/08/15 14:33:32.0927 1724 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

    2011/08/15 14:33:33.0068 1724 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

    2011/08/15 14:33:33.0208 1724 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

    2011/08/15 14:33:33.0333 1724 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

    2011/08/15 14:33:33.0364 1724 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

    2011/08/15 14:33:33.0411 1724 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

    2011/08/15 14:33:33.0442 1724 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

    2011/08/15 14:33:33.0489 1724 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

    2011/08/15 14:33:33.0520 1724 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

    2011/08/15 14:33:33.0536 1724 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

    2011/08/15 14:33:33.0582 1724 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

    2011/08/15 14:33:33.0614 1724 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

    2011/08/15 14:33:33.0629 1724 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

    2011/08/15 14:33:33.0645 1724 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

    2011/08/15 14:33:33.0692 1724 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

    2011/08/15 14:33:33.0738 1724 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

    2011/08/15 14:33:33.0770 1724 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

    2011/08/15 14:33:33.0816 1724 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

    2011/08/15 14:33:33.0848 1724 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

    2011/08/15 14:33:33.0894 1724 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

    2011/08/15 14:33:33.0926 1724 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

    2011/08/15 14:33:33.0957 1724 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

    2011/08/15 14:33:34.0097 1724 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys

    2011/08/15 14:33:34.0206 1724 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

    2011/08/15 14:33:34.0253 1724 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

    2011/08/15 14:33:34.0284 1724 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

    2011/08/15 14:33:34.0362 1724 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

    2011/08/15 14:33:34.0409 1724 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

    2011/08/15 14:33:34.0440 1724 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

    2011/08/15 14:33:34.0487 1724 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys

    2011/08/15 14:33:34.0534 1724 NVNET (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys

    2011/08/15 14:33:34.0674 1724 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

    2011/08/15 14:33:34.0721 1724 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

    2011/08/15 14:33:34.0752 1724 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys

    2011/08/15 14:33:34.0784 1724 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

    2011/08/15 14:33:34.0846 1724 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys

    2011/08/15 14:33:34.0908 1724 PalmUSBD (803cf09c795290825607505d37819135) C:\Windows\system32\drivers\PalmUSBD.sys

    2011/08/15 14:33:34.0971 1724 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

    2011/08/15 14:33:35.0018 1724 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

    2011/08/15 14:33:35.0049 1724 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

    2011/08/15 14:33:35.0080 1724 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

    2011/08/15 14:33:35.0111 1724 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

    2011/08/15 14:33:35.0142 1724 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys

    2011/08/15 14:33:35.0189 1724 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

    2011/08/15 14:33:35.0298 1724 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

    2011/08/15 14:33:35.0345 1724 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys

    2011/08/15 14:33:35.0392 1724 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

    2011/08/15 14:33:35.0439 1724 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

    2011/08/15 14:33:35.0501 1724 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

    2011/08/15 14:33:35.0548 1724 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

    2011/08/15 14:33:35.0579 1724 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

    2011/08/15 14:33:35.0626 1724 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

    2011/08/15 14:33:35.0657 1724 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

    2011/08/15 14:33:35.0688 1724 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

    2011/08/15 14:33:35.0704 1724 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

    2011/08/15 14:33:35.0751 1724 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

    2011/08/15 14:33:35.0782 1724 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

    2011/08/15 14:33:35.0829 1724 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

    2011/08/15 14:33:35.0860 1724 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

    2011/08/15 14:33:35.0922 1724 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

    2011/08/15 14:33:35.0954 1724 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

    2011/08/15 14:33:36.0000 1724 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys

    2011/08/15 14:33:36.0047 1724 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

    2011/08/15 14:33:36.0078 1724 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

    2011/08/15 14:33:36.0110 1724 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

    2011/08/15 14:33:36.0156 1724 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

    2011/08/15 14:33:36.0188 1724 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

    2011/08/15 14:33:36.0219 1724 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

    2011/08/15 14:33:36.0250 1724 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

    2011/08/15 14:33:36.0266 1724 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

    2011/08/15 14:33:36.0312 1724 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

    2011/08/15 14:33:36.0344 1724 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

    2011/08/15 14:33:36.0375 1724 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

    2011/08/15 14:33:36.0406 1724 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

    2011/08/15 14:33:36.0468 1724 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\Windows\system32\DRIVERS\snapman.sys

    2011/08/15 14:33:36.0562 1724 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

    2011/08/15 14:33:36.0624 1724 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys

    2011/08/15 14:33:36.0624 1724 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b

    2011/08/15 14:33:36.0624 1724 sptd - detected LockedFile.Multi.Generic (1)

    2011/08/15 14:33:36.0671 1724 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

    2011/08/15 14:33:36.0812 1724 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

    2011/08/15 14:33:36.0968 1724 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

    2011/08/15 14:33:37.0092 1724 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

    2011/08/15 14:33:37.0124 1724 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

    2011/08/15 14:33:37.0155 1724 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

    2011/08/15 14:33:37.0170 1724 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

    2011/08/15 14:33:37.0248 1724 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys

    2011/08/15 14:33:37.0373 1724 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys

    2011/08/15 14:33:37.0404 1724 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

    2011/08/15 14:33:37.0451 1724 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

    2011/08/15 14:33:37.0498 1724 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\Windows\system32\DRIVERS\tdrpman.sys

    2011/08/15 14:33:37.0592 1724 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

    2011/08/15 14:33:37.0638 1724 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

    2011/08/15 14:33:37.0685 1724 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

    2011/08/15 14:33:37.0748 1724 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\Windows\system32\drivers\tiehdusb.sys

    2011/08/15 14:33:37.0826 1724 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys

    2011/08/15 14:33:37.0919 1724 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys

    2011/08/15 14:33:38.0028 1724 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

    2011/08/15 14:33:38.0075 1724 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

    2011/08/15 14:33:38.0122 1724 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

    2011/08/15 14:33:38.0153 1724 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

    2011/08/15 14:33:38.0200 1724 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

    2011/08/15 14:33:38.0247 1724 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

    2011/08/15 14:33:38.0278 1724 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

    2011/08/15 14:33:38.0309 1724 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

    2011/08/15 14:33:38.0356 1724 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

    2011/08/15 14:33:38.0387 1724 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

    2011/08/15 14:33:38.0450 1724 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

    2011/08/15 14:33:38.0481 1724 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

    2011/08/15 14:33:38.0528 1724 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

    2011/08/15 14:33:38.0559 1724 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

    2011/08/15 14:33:38.0590 1724 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

    2011/08/15 14:33:38.0637 1724 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

    2011/08/15 14:33:38.0668 1724 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

    2011/08/15 14:33:38.0699 1724 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

    2011/08/15 14:33:38.0730 1724 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

    2011/08/15 14:33:38.0777 1724 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

    2011/08/15 14:33:38.0808 1724 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

    2011/08/15 14:33:38.0840 1724 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

    2011/08/15 14:33:38.0871 1724 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

    2011/08/15 14:33:38.0902 1724 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

    2011/08/15 14:33:38.0933 1724 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

    2011/08/15 14:33:38.0996 1724 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

    2011/08/15 14:33:39.0042 1724 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

    2011/08/15 14:33:39.0074 1724 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

    2011/08/15 14:33:39.0120 1724 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

    2011/08/15 14:33:39.0152 1724 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

    2011/08/15 14:33:39.0183 1724 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

    2011/08/15 14:33:39.0214 1724 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys

    2011/08/15 14:33:39.0261 1724 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

    2011/08/15 14:33:39.0308 1724 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

    2011/08/15 14:33:39.0401 1724 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys

    2011/08/15 14:33:39.0464 1724 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

    2011/08/15 14:33:39.0666 1724 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

    2011/08/15 14:33:39.0744 1724 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

    2011/08/15 14:33:39.0807 1724 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

    2011/08/15 14:33:39.0854 1724 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys

    2011/08/15 14:33:39.0932 1724 MBR (0x1B8) (ff1761ef7140665743a6d636f95dfd81) \Device\Harddisk0\DR0

    2011/08/15 14:33:39.0947 1724 Boot (0x1200) (10ff9c14cd7c653f910b683224932980) \Device\Harddisk0\DR0\Partition0

    2011/08/15 14:33:39.0978 1724 Boot (0x1200) (c1dc6e02b93052c89b63df3fa485b757) \Device\Harddisk0\DR0\Partition1

    2011/08/15 14:33:39.0994 1724 Boot (0x1200) (be874b919c17bd6da2c09a168ca44d65) \Device\Harddisk0\DR0\Partition2

    2011/08/15 14:33:40.0010 1724 ================================================================================

    2011/08/15 14:33:40.0010 1724 Scan finished

    2011/08/15 14:33:40.0010 1724 ================================================================================

    2011/08/15 14:33:40.0010 2400 Detected object count: 1

    2011/08/15 14:33:40.0010 2400 Actual detected object count: 1

    2011/08/15 14:33:50.0196 2400 LockedFile.Multi.Generic(sptd) - User select action: Skip
     
  24. Broni

    Broni Malware Annihilator Posts: 47,993   +271

  25. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    I was still going over your posts, when I got your last message. I uninstalled Java runtime en6 update 1, and deleted the cache, then rebooted. The browsers works. I uninstalled mcafees, and installed a fresh mcafee antivirus plus elite edition. I had to uninstall mbam during the download. I did a quick scan, it showed nothing. I had turned windows updates off earlier, but during the scanning, real time scanning went off momentarily, I reenabled it. Windows update is on again, I turned it off again. It sad there were 13 mbs of updates to install. These are the same updates that have not configured correctly for some time now. Your move.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.